Solved: How to implement math calculations?

asarran · ‎08-11-2016

Hey, Fellow Splunkers

I'm curious to know if it's possible to preform math calculations on a set of "refined" data; for example:

Let's say I extracted a field that presents the values of a gigabit into megabit? meaning I have 5 gig it would then be converted into 5120.
so ideally I would like to take an entire field of data and multiple it by 1024? and have that information be presented when I call the field into a table?

intial
5gb
4gb
3gb

output
5120mb
4096mb
3072mb

jkat54 · ‎08-11-2016

Eval is your friend...

  | eval output=initial*1024

Or in this case you'd have to get the number first with Rex

  | rex field=initial "(?<gb>\d+)" | eval output=gb*1024

View solution in original post

jkat54 · ‎08-11-2016

Eval is your friend...

  | eval output=initial*1024

Or in this case you'd have to get the number first with Rex

  | rex field=initial "(?<gb>\d+)" | eval output=gb*1024

asarran · ‎08-15-2016

hey, thx

the answer was correct, however it was off by a bit had to enter another \d +\d for other decimal values.

I greatly appreciate your response,

thank you, asarran

MuS · ‎08-11-2016

Hi asarran,

take a look at the docs about the convert command http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Convert and its option memk().
But to answer your question, math calculation can be made with the eval command http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Eval using the Arithmetic operators.

Hope this helps ...

cheers, MuS

How to implement math calculations?

Streamline Data Ingestion With Deployment Server Essentials

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security ...

Introduction to Splunk AI