Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Difference between two perfmon counters from the same source to identify bottleneck

rholm01
Explorer
‎02-26-2021 12:39 PM

Counter 1 - Perfmon: Inbound Data rate

Counter 2  - Perfmon:Outbound Data rate

source="Perfmon:PostilionPostbridgeInterchanges"

My values look something like this:  0.007956853689073186

I am looking for the difference between the two counters and to reduce the number to 3 places behind the decimal point, if possible.

Labels (6)
Labels
0 Karma
Reply

tscroggins
Influencer
‎02-27-2021 11:47 AM

@rholm01 

This may work:

| streamstats current=f last(Value) as previous_Value by host counter
| eval delta_Value=round(Value - previous_Value, 3)

If you want the absolute difference:

| eval delta_Value=round(abs(Value - previous_Value), 3)

If you find Splunk's rounded values disagreeing with exact calculations, you can tell Splunk to use exact math to the limits of the operating environment's floating point precision:

| eval delta_Value=exact(round(abs(Value - previous_Value), 3))

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...