Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Error in 'eval' command: Typechecking failed. '-' only takes numbers

raytroy
New Member
‎04-24-2014 04:01 PM

I have tried many ways to get the difference between two numbers.

Here is what I have tried.

try 1: event=subscription data.price>0 AND data.endDate>0 | eval rr = (data.endDate - data.startDate) Results in Error in 'eval' command: Typechecking failed. '-' only takes numbers

try 2: event=subscription data.price>0 AND data.endDate>0 | convert num(data.startDate) num(data.endDate) | eval j = (data.endDate - data.startDate) Results in Error in 'eval' command: Typechecking failed. '-' only takes numbers

try 3: event=subscription data.price>0 AND data.endDate>0 | convert num(data.startDate) num(data.endDate) | table data.endDate data.startDate Has two columns of data and looks great.

data.endDate data.startDate

1397636176441 1397483257122

1397161336056 1397161260357

I would like to subtract data.endDate from data.startDate. 139763617641 - 1397483257122 =

I always get the error, Error in 'eval' command: Typechecking failed. '-' only takes numbers, for try 1 and try2. I thought it had to do with the data being a string and that is why I tried to convert (the second try). I tabled (try 3) and get output.

Thank you for your help.

Tags (3)
0 Karma
Reply

alai
Explorer
‎09-09-2020 05:57 AM

Use single quotes:

eval result = 'data.endDate' - 'data.startDate'

 

0 Karma
Reply

HiroshiSatoh
Champion
‎04-24-2014 10:23 PM

Use the period to become errors.Changed field names?

・・・・・|eval data_endDate = data.endDate|eval data_startDate = data.startDate|eval rr=data_endDate- data_startDate
0 Karma
Reply

raytroy
New Member
‎04-25-2014 10:02 AM

I think I have solved the problem. The data.endDate was one level deep in the tree and the . was the only way to access the information inside those columns. Once I moved the data to the outer most tree level it worked. Lesson learned, make all the data on one level and don't embed object or events inside another event/dataset. Thank you for your help.

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...