Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Dew Point Calculation

adrianrepublic
Explorer
‎10-01-2019 05:22 AM

I am trying to produce or calculate the Dew Point in Celsius of data in two separate indexes.

I believe the offcial Dew point formula is Td = T - ((100 - RH)/5.)

I want to basically use this formula to produce Dew point using relative humidity on one index with temperature on another index

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

to4kawa
Ultra Champion
‎10-01-2019 05:58 AM

Assuming that the measurement times at the two indexes are the same,

index=relative_humidity_index OR index=temperature_index
|stats avg(relative_humidity) as relative_humidity avg(temperature) as temperature by _time
|eval dew_point=temprature-((100-relative_humidity)/5.0)

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

to4kawa
Ultra Champion
‎10-01-2019 05:58 AM

Assuming that the measurement times at the two indexes are the same,

index=relative_humidity_index OR index=temperature_index
|stats avg(relative_humidity) as relative_humidity avg(temperature) as temperature by _time
|eval dew_point=temprature-((100-relative_humidity)/5.0)
0 Karma
Reply
Solved! Jump to solution

adrianrepublic
Explorer
‎10-01-2019 06:37 AM

That nearly worked. Thanks 🙂

(index="index1" device=* customer_id=*) OR (index="weather") | stats avg(hum) as relative_humidity avg(temp) as temperature by customer_id | eval dew_point=temperature-((100-relative_humidity)/5.0)

However something which ive noticed which could be any issue is that the both indexes have a temperature but on one index its temperature(weather index) and on the other its temp(index 1). When i change it to temperature it doesnt seem to produce/include the values from the "weather" index.

I basically want the temperature from the weather index vs humidity of the index1

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎10-01-2019 08:16 AM

Easily handled.

(index="index1" device= customer_id=) OR (index="weather") 
| eval temperature=coalesce(temperature, temp)
| stats avg(hum) as relative_humidity avg(temp) as temperature by customer_id 
| eval dew_point=temperature-((100-relative_humidity)/5.0)
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

adrianrepublic
Explorer
‎10-04-2019 02:29 AM

richgalloway that seems to have done the job 🙂 Thanks very much.

0 Karma
Reply
Get Updates on the Splunk Community!

Upcoming Webinar - Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...

New Year. New Skills. New Course Releases from Splunk Education

A new year often inspires reflection—and reinvention. Whether your goals include strengthening your security ...

Splunk and TLS: It doesn't have to be too hard

Overview Creating a TLS cert for Splunk usage is pretty much standard openssl.  To make life better, use an ...