Folks :
I have a customer using numbers in "spanish" standard (a number in the US Standard like 1,000,000.25 is represented in logs as 1.000.000,25)
How can I change that at search time ? Is it possible ?
I have tried to use "eval nn=tonumber(variable) but it can't convert a number in the format before mentioned (1.000.000,25)
Cheers Arturo
It's probably better to eliminate the separating dots before replacing commas.
... | eval nn=tonumber(replace(replace(variable,"\.",""),",",".")) | ...
No, not atm.
Is that locale-aware "string-to-number" convertion option available ?
Any pointers ?
Transforming something like this at index time is probably a bad idea. Even the field extraction happen at search time. An enhancement that might be useful is a locale-aware string-to-number conversion for eval.
Thanks guys !!!!!! ... great ideas indeed !!!!!!!!!!!
Question : are there any "permanent/faster" ways to make this "standard" for numeric quantities the "standard" for a customer installation ?
I was thinking that something Just like http://www.splunk.com/base/Documentation/latest/Admin/Configurecharactersetencoding should exist "built in" in Splunk to make him aware of other standards ... maybe at index time ?
Cheers
There is probably a more elegant way, but:
...| eval var = replace(var, ",", ".") | eval var = replace(var, "\.([^\.]+)$", ",\1")
It would probably be easiest to make this in to a macro for reuse.
