Splunk Search

How to convert scientific notation to decimal?

kbecker
Communicator

We log several values in scientific notation and wanted to know if anybody has used Splunk to convert these values to decimals.

1 Solution

tchen_splunk
Splunk Employee
Splunk Employee

tonumber() call works now in 6.x

... | eval sci_no="7.6e+02" | eval result=tonumber(sci_no) 

yields result of 760

View solution in original post

tchen_splunk
Splunk Employee
Splunk Employee

tonumber() call works now in 6.x

... | eval sci_no="7.6e+02" | eval result=tonumber(sci_no) 

yields result of 760

lguinn2
Legend

It's a bit of a pain, and I haven't fully tested it, but try this

your-search-here | eval parts = split(input,"E") | eval part1 = tonumber(mvindex(parts,0)) | eval part2 = tonumber(mvindex(parts,1)) | eval dec = exact((part1) * pow(10,part2)) | fields - parts part1 part2

Substitute the name of your field for input in the search, and the resulting number number will be found in the dec field.

Now, I don't think that you want to type this in every time! So, create a macro. Here's how in the manual Create and Use Search Macros

Put the following into the macro definition:

eval parts = split($input$,"E") | eval part1 = tonumber(mvindex(parts,0)) | eval part2 = tonumber(mvindex(parts,1)) | eval $dec$ = exact((part1) * pow(10,part2)) | fields - parts part1 part2

Notice that I've modified the string slightly so that it becomes a macro with two arguments:

input - the name of the field that contains the string (the number in scientific notation

dec - the name of the field that will contain the resulting decimal number

If you name the macro convert, then you can use it like this

your-search-here | `convert(sciNum,decNum)` | table sciNum, decNum

Note the use of the back-quote, not the single quote, around the macro. In the example, sciNum must be the name of your existing field. decNum will be created if it does not already exist.

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...