Solved: How to convert bytes to megabytes for use in my ti...

sundaresh83 · ‎03-31-2015

Hi,

I am writing a search:

timechart span=1h sum(Bytes) AS "MBytes "

In the same search, I want it to return Mb instead of bytes ie. bytes/1000000.
So I tried:

stats sum(eval in_mB =Bytes/1000000) as "MBytes"

But just eval in_mB =Bytes/1000000 works. Can I store this as a column for future use instead of rewriting it? How do I do it?

ppablo · ‎03-31-2015

Hi sundaresh83

What if you just do the eval conversion separately before the timechart?

(your base search) | eval in_mB=Bytes/1000000 | timechart span=1h sum(in_mB) as "MBytes"

Patient · ‎03-31-2015

Hi,

Try with:

 | eval megabytes=((bytes/1024)/1024) | timechart sum(megabytes)

Patient · ‎03-31-2015

Hi!

have you tried with the above search query?

Patient · ‎03-31-2015

Thank you for your vote!

sundaresh83 · ‎03-31-2015

works... thanks...

ppablo · ‎03-31-2015

Hi sundaresh83

What if you just do the eval conversion separately before the timechart?

(your base search) | eval in_mB=Bytes/1000000 | timechart span=1h sum(in_mB) as "MBytes"

Patient · ‎03-31-2015

Hi!
Note that 1Mb=1024*1024 Bytes

ppablo · ‎03-31-2015

yup, @Patient's calculation below will be more accurate

sundaresh83 · ‎03-31-2015

@ppablo_splunk
This will work, but I do now want it to return the "in_mB value and the sum value.
I want my query to return only the sum value in MB.

sundaresh83 · ‎03-31-2015

works... thanks..

How to convert bytes to megabytes for use in my timechart search?