Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How can I round to the nearest half with the eval command?

tkwaller_2
Communicator
‎09-18-2018 09:46 AM

Hello,

I have some values that are in the format of : 0, 0.5, 1, 1.5, 2, 2.5, 3, 3.5, 4, 4.5, 5

I am trying to find that average and only want whole and half numbers so nothing like 1.7 only avg's like 1, 2.5, 4, 3.5 etc.

I thought maybe if I multiplied by 2 and then divided that by the count and then again in half that would work but its not quite right.

|eval tmpscore=(score * 2)
|eval "Maturity Level"=round(((tmpscore/count)/2),1)

"score" being the sum of all the values of a field
Any ideas how I could get this type of rounding to work?

Thanks as always

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

msivill_splunk
Splunk Employee
Splunk Employee
‎09-18-2018 10:33 AM

How about this as a starting point?

| makeresults 
| eval calculated_average_score = 1.74 
| eval tmp_score = calculated_average_score*2 
| eval round_tmp_score = round(tmp_score) 
| eval final_round_calculated_average_score = round_tmp_score / 2

View solution in original post

Reply
Solved! Jump to solution
Solution

msivill_splunk
Splunk Employee
Splunk Employee
‎09-18-2018 10:33 AM

How about this as a starting point?

| makeresults 
| eval calculated_average_score = 1.74 
| eval tmp_score = calculated_average_score*2 
| eval round_tmp_score = round(tmp_score) 
| eval final_round_calculated_average_score = round_tmp_score / 2
Reply
Solved! Jump to solution

tkwaller_2
Communicator
‎09-18-2018 11:44 AM

I tried this but I still get the same results

|eval tmpscore=(score * 2)
|eval tmpscore=round(tmpscore)
|eval "Maturity Level"=((tmpscore/count)/2)

I still get values like:

1.3333333333333333  
2   
2.1666666666666665
1.5
1.625
3
1.75
1.8
0 Karma
Reply
Solved! Jump to solution

msivill_splunk
Splunk Employee
Splunk Employee
‎09-18-2018 12:05 PM

Another fuller example this time using the same field names (without count)

| makeresults count=10 
| eval value = (random()%100)/5
| stats avg(value) as score
| eval tmpscore=(score * 2)
| eval tmpscore=round(tmpscore)
| eval "Maturity Level"= tmpscore/2
0 Karma
Reply
Solved! Jump to solution

tkwaller_2
Communicator
‎09-18-2018 12:10 PM

yep, edited again and got the results I was looking for, thanks again!

0 Karma
Reply
Solved! Jump to solution

msivill_splunk
Splunk Employee
Splunk Employee
‎09-18-2018 12:12 PM

No worries, thanks for accepting the answer

0 Karma
Reply
Solved! Jump to solution

msivill_splunk
Splunk Employee
Splunk Employee
‎09-18-2018 11:54 AM

Does the SPL this answer provide work? It looks like you've tried to combine it into a single line and not done a like for like conversion. The SPL provided in this answer assumes you are converting an already calculated average (so you don't need count).

0 Karma
Reply
Solved! Jump to solution

msivill_splunk
Splunk Employee
Splunk Employee
‎09-18-2018 12:02 PM

A fuller example with average calculation.

| makeresults count=10 
| eval value = (random()%100)/5
| stats avg(value) as calculated_average_score
| eval tmp_score = calculated_average_score*2 
| eval round_tmp_score = round(tmp_score) 
| eval final_round_calculated_average_score = round_tmp_score / 2
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...