Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Converting the result from my search

exchanger
Path Finder
‎03-02-2021 01:27 AM

Hello, i think its not that difficult, but i dont know how to do it.

 

The result is in milliseconds. Is there an easy way to convert these milliseconds into seconds?

 

Best regards

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

KailA
Contributor
‎03-02-2021 01:39 AM

Hello exchanger,

You can use the eval fonction.

Try this :

 

Your search
| stats avg(duration) as avg_duration, perc50(duration) as perc50_duration, perc75(duration) as perc75_duration, max(duration) as max_duration
| eval avg_duration = avg_duration / 1000

 And you can do that for each field if you want.

Let me know if it helps you 🙂

View solution in original post

Reply
Solved! Jump to solution
Solution

KailA
Contributor
‎03-02-2021 01:39 AM

Hello exchanger,

You can use the eval fonction.

Try this :

 

Your search
| stats avg(duration) as avg_duration, perc50(duration) as perc50_duration, perc75(duration) as perc75_duration, max(duration) as max_duration
| eval avg_duration = avg_duration / 1000

 And you can do that for each field if you want.

Let me know if it helps you 🙂

Reply
Solved! Jump to solution

exchanger
Path Finder
‎03-02-2021 01:47 AM

@KailA 

Yes thats works perfect. Thanks 🙂 

Another last question: 

I have more then one search

Like first query

my search 

second query

my search2  

third query...

Is there a way to combine these queries, so that i can search multiple queries with one search?

Tags (1)
0 Karma
Reply
Solved! Jump to solution

KailA
Contributor
‎03-02-2021 01:55 AM

Yes it's possible.

The worst (but working) solution is using the append function (https://docs.splunk.com/Documentation/Splunk/8.1.2/SearchReference/Append)

I said worst because it's not the most efficient way.

If you need help for that you should create another post, and if possible put all the queries you want to merge, someone will help you 🙂

For this post, you can mark my answer as the solution to close it

0 Karma
Reply
Solved! Jump to solution

exchanger
Path Finder
‎03-02-2021 02:19 AM

Thanks for this information. I used the append function and it worked 🙂 

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...