Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to convert String values into factor variable?

zacksoft
Contributor
‎04-18-2018 06:18 AM

I have string fields; an example is "URL".

I want it to convert it to numeric / factor variable to perform statistical calculation.

Example:
Field URL contains values like
https://answers.Aplunk.com/
https://answers.Bplunk.com/
https://answers.Blunk.com/
https://answers.Aplunk.com/
https://answers.Bplunk.com/
https://answers.Bplunk.com/
https://answers.Cplunk.com/

It should be converted into 1, 2, 2, 1, 2, 2, 3

(All the 1's are same type of string, 2's are same type string, and same goes with 3)

I hope I explain it correctly.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

damien_chillet
Builder
‎04-18-2018 06:45 AM 
 | table <your_field>
 | sort <your_field>
 | streamstats dc(<your_field>) as num

Where is the field containing url

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

damien_chillet
Builder
‎04-18-2018 06:45 AM 
 | table <your_field>
 | sort <your_field>
 | streamstats dc(<your_field>) as num

Where is the field containing url

0 Karma
Reply
Solved! Jump to solution

FrankVl
Ultra Champion
‎04-18-2018 06:40 AM

Why would you need to convert the URL to a numeric value to be able to perform statistical calculations?

0 Karma
Reply
Solved! Jump to solution

zacksoft
Contributor
‎04-18-2018 06:42 AM

I want to know how many times that specific http request is requested and what were the corresponding response times for all those requests ... and some similar other calculation.

0 Karma
Reply
Solved! Jump to solution

FrankVl
Ultra Champion
‎04-18-2018 07:08 AM

But that can simply be done by | stats count by url right? No need to convert it to a number first.

0 Karma
Reply
Solved! Jump to solution

zacksoft
Contributor
‎04-18-2018 07:38 AM

Thanks Frank. Your suggestion serves the purpose. In @damien_chillet 's suggestion I am able to see the urls and I can add another value next to it , like response time.

Example : If xxx.yyy.zzz is called 4 times , then how much time it took to respond in all those four calls separately. I am able to see it easily.

0 Karma
Reply
Solved! Jump to solution

damien_chillet
Builder
‎04-18-2018 06:30 AM

Not sure that will work with your use case, but could you try add the following to your search

| sort <your_field>
| streamstats dc(<your_field>) as num
0 Karma
Reply
Solved! Jump to solution

zacksoft
Contributor
‎04-18-2018 07:11 AM

@damien_chillet
As it appears, You Sir have solved my problem.

0 Karma
Reply
Solved! Jump to solution

damien_chillet
Builder
‎04-18-2018 07:14 AM

Glad it worked!
I have converted my comment as an answer.
Could you please accept it to close the question?

0 Karma
Reply
Solved! Jump to solution

damien_chillet
Builder
‎04-18-2018 07:17 AM

Note: you might want to look at @FrankVI comments, you may well be able to retrieve stats without converting to numeric in the first place (unless what you wanna do is very specific and original 🙂 )

0 Karma
Reply
Solved! Jump to solution

zacksoft
Contributor
‎04-18-2018 06:37 AM

I tried it. Not quite sure what it did. I am hoping to see the result in a table format. Then it would be easy for me to see and verify the result.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...