Splunk Search

Converting the result from my search

exchanger
Path Finder

Hello, i think its not that difficult, but i dont know how to do it.

 

The result is in milliseconds. Is there an easy way to convert these milliseconds into seconds?

 

Best regards

Labels (1)
0 Karma
1 Solution

KailA
Contributor

Hello exchanger,

You can use the eval fonction.

Try this :

 

Your search
| stats avg(duration) as avg_duration, perc50(duration) as perc50_duration, perc75(duration) as perc75_duration, max(duration) as max_duration
| eval avg_duration = avg_duration / 1000

 And you can do that for each field if you want.

Let me know if it helps you 🙂

View solution in original post

KailA
Contributor

Hello exchanger,

You can use the eval fonction.

Try this :

 

Your search
| stats avg(duration) as avg_duration, perc50(duration) as perc50_duration, perc75(duration) as perc75_duration, max(duration) as max_duration
| eval avg_duration = avg_duration / 1000

 And you can do that for each field if you want.

Let me know if it helps you 🙂

exchanger
Path Finder

@KailA 

Yes thats works perfect. Thanks 🙂 

Another last question: 

I have more then one search

Like first query

my search 

second query

my search2  

third query...

Is there a way to combine these queries, so that i can search multiple queries with one search?

Tags (1)
0 Karma

KailA
Contributor

Yes it's possible.

The worst (but working) solution is using the append function (https://docs.splunk.com/Documentation/Splunk/8.1.2/SearchReference/Append)

I said worst because it's not the most efficient way.

If you need help for that you should create another post, and if possible put all the queries you want to merge, someone will help you 🙂

For this post, you can mark my answer as the solution to close it

0 Karma

exchanger
Path Finder

Thanks for this information. I used the append function and it worked 🙂 

0 Karma
Get Updates on the Splunk Community!

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...