Splunk Search
Highlighted

How to convert scientific notation to decimal?

Communicator

We log several values in scientific notation and wanted to know if anybody has used Splunk to convert these values to decimals.

Highlighted

Re: How to convert scientific notation to decimal?

Legend

It's a bit of a pain, and I haven't fully tested it, but try this

your-search-here | eval parts = split(input,"E") | eval part1 = tonumber(mvindex(parts,0)) | eval part2 = tonumber(mvindex(parts,1)) | eval dec = exact((part1) * pow(10,part2)) | fields - parts part1 part2

Substitute the name of your field for input in the search, and the resulting number number will be found in the dec field.

Now, I don't think that you want to type this in every time! So, create a macro. Here's how in the manual Create and Use Search Macros

Put the following into the macro definition:

eval parts = split($input$,"E") | eval part1 = tonumber(mvindex(parts,0)) | eval part2 = tonumber(mvindex(parts,1)) | eval $dec$ = exact((part1) * pow(10,part2)) | fields - parts part1 part2

Notice that I've modified the string slightly so that it becomes a macro with two arguments:

input - the name of the field that contains the string (the number in scientific notation

dec - the name of the field that will contain the resulting decimal number

If you name the macro convert, then you can use it like this

your-search-here | `convert(sciNum,decNum)` | table sciNum, decNum

Note the use of the back-quote, not the single quote, around the macro. In the example, sciNum must be the name of your existing field. decNum will be created if it does not already exist.

Highlighted

Re: How to convert scientific notation to decimal?

Splunk Employee
Splunk Employee

tonumber() call works now in 6.x

... | eval sci_no="7.6e+02" | eval result=tonumber(sci_no) 

yields result of 760

View solution in original post