Solved: How to convert String values into factor variable?

zacksoft · ‎04-18-2018

I have string fields; an example is "URL".

I want it to convert it to numeric / factor variable to perform statistical calculation.

Example:
Field URL contains values like
https://answers.Aplunk.com/
https://answers.Bplunk.com/
https://answers.Blunk.com/
https://answers.Aplunk.com/
https://answers.Bplunk.com/
https://answers.Bplunk.com/
https://answers.Cplunk.com/

It should be converted into 1, 2, 2, 1, 2, 2, 3

(All the 1's are same type of string, 2's are same type string, and same goes with 3)

I hope I explain it correctly.

damien_chillet · ‎04-18-2018

 | table <your_field>
 | sort <your_field>
 | streamstats dc(<your_field>) as num

Where is the field containing url

View solution in original post

damien_chillet · ‎04-18-2018

 | table <your_field>
 | sort <your_field>
 | streamstats dc(<your_field>) as num

Where is the field containing url

FrankVl · ‎04-18-2018

Why would you need to convert the URL to a numeric value to be able to perform statistical calculations?

zacksoft · ‎04-18-2018

I want to know how many times that specific http request is requested and what were the corresponding response times for all those requests ... and some similar other calculation.

FrankVl · ‎04-18-2018

But that can simply be done by | stats count by url right? No need to convert it to a number first.

zacksoft · ‎04-18-2018

Thanks Frank. Your suggestion serves the purpose. In @damien_chillet 's suggestion I am able to see the urls and I can add another value next to it , like response time.

Example : If xxx.yyy.zzz is called 4 times , then how much time it took to respond in all those four calls separately. I am able to see it easily.

damien_chillet · ‎04-18-2018

Not sure that will work with your use case, but could you try add the following to your search

| sort <your_field>
| streamstats dc(<your_field>) as num

zacksoft · ‎04-18-2018

@damien_chillet
As it appears, You Sir have solved my problem.

damien_chillet · ‎04-18-2018

Glad it worked!
I have converted my comment as an answer.
Could you please accept it to close the question?

damien_chillet · ‎04-18-2018

Note: you might want to look at @FrankVI comments, you may well be able to retrieve stats without converting to numeric in the first place (unless what you wanna do is very specific and original 🙂 )

zacksoft · ‎04-18-2018

I tried it. Not quite sure what it did. I am hoping to see the result in a table format. Then it would be easy for me to see and verify the result.

How to convert String values into factor variable?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Monitoring AI Agents with Splunk Observability Cloud

Join the Conversation