Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Error in 'eval' command: Typechecking failed. '-' only takes numbers

raytroy
New Member
‎04-24-2014 04:01 PM

I have tried many ways to get the difference between two numbers.

Here is what I have tried.

try 1: event=subscription data.price>0 AND data.endDate>0 | eval rr = (data.endDate - data.startDate) Results in Error in 'eval' command: Typechecking failed. '-' only takes numbers

try 2: event=subscription data.price>0 AND data.endDate>0 | convert num(data.startDate) num(data.endDate) | eval j = (data.endDate - data.startDate) Results in Error in 'eval' command: Typechecking failed. '-' only takes numbers

try 3: event=subscription data.price>0 AND data.endDate>0 | convert num(data.startDate) num(data.endDate) | table data.endDate data.startDate Has two columns of data and looks great.

data.endDate data.startDate

1397636176441 1397483257122

1397161336056 1397161260357

I would like to subtract data.endDate from data.startDate. 139763617641 - 1397483257122 =

I always get the error, Error in 'eval' command: Typechecking failed. '-' only takes numbers, for try 1 and try2. I thought it had to do with the data being a string and that is why I tried to convert (the second try). I tabled (try 3) and get output.

Thank you for your help.

Tags (3)
0 Karma
Reply

alai
Explorer
‎09-09-2020 05:57 AM

Use single quotes:

eval result = 'data.endDate' - 'data.startDate'

 

0 Karma
Reply

HiroshiSatoh
Champion
‎04-24-2014 10:23 PM

Use the period to become errors.Changed field names?

・・・・・|eval data_endDate = data.endDate|eval data_startDate = data.startDate|eval rr=data_endDate- data_startDate
0 Karma
Reply

raytroy
New Member
‎04-25-2014 10:02 AM

I think I have solved the problem. The data.endDate was one level deep in the tree and the . was the only way to access the information inside those columns. Once I moved the data to the outer most tree level it worked. Lesson learned, make all the data on one level and don't embed object or events inside another event/dataset. Thank you for your help.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...