Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Converting the result from my search

exchanger
Path Finder
‎03-02-2021 01:27 AM

Hello, i think its not that difficult, but i dont know how to do it.

 

The result is in milliseconds. Is there an easy way to convert these milliseconds into seconds?

 

Best regards

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

KailA
Contributor
‎03-02-2021 01:39 AM

Hello exchanger,

You can use the eval fonction.

Try this :

 

Your search
| stats avg(duration) as avg_duration, perc50(duration) as perc50_duration, perc75(duration) as perc75_duration, max(duration) as max_duration
| eval avg_duration = avg_duration / 1000

 And you can do that for each field if you want.

Let me know if it helps you 🙂

View solution in original post

Reply
Solved! Jump to solution
Solution

KailA
Contributor
‎03-02-2021 01:39 AM

Hello exchanger,

You can use the eval fonction.

Try this :

 

Your search
| stats avg(duration) as avg_duration, perc50(duration) as perc50_duration, perc75(duration) as perc75_duration, max(duration) as max_duration
| eval avg_duration = avg_duration / 1000

 And you can do that for each field if you want.

Let me know if it helps you 🙂

Reply
Solved! Jump to solution

exchanger
Path Finder
‎03-02-2021 01:47 AM

@KailA 

Yes thats works perfect. Thanks 🙂 

Another last question: 

I have more then one search

Like first query

my search 

second query

my search2  

third query...

Is there a way to combine these queries, so that i can search multiple queries with one search?

Tags (1)
0 Karma
Reply
Solved! Jump to solution

KailA
Contributor
‎03-02-2021 01:55 AM

Yes it's possible.

The worst (but working) solution is using the append function (https://docs.splunk.com/Documentation/Splunk/8.1.2/SearchReference/Append)

I said worst because it's not the most efficient way.

If you need help for that you should create another post, and if possible put all the queries you want to merge, someone will help you 🙂

For this post, you can mark my answer as the solution to close it

0 Karma
Reply
Solved! Jump to solution

exchanger
Path Finder
‎03-02-2021 02:19 AM

Thanks for this information. I used the append function and it worked 🙂 

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...