Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How to round the average in stats statement?

balash1979
Path Finder
‎08-30-2019 10:30 PM

Here is what i have 

index="docker" (env = region1 OR env = region2)  "job-time" |eval time_in_mins = ('time')/(1000*60)  | stats avg(time_in_mins) as Time by env

How can I round the average to 2 decimals and then show by env ? Tried this but doesnt work
stats eval(round(avg(time_in_mins),2)) as Time by env

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

diogofgm
SplunkTrust
SplunkTrust
‎08-31-2019 04:08 PM

Add this after your stats:
|eval Time = round(Time,2)

------------
Hope I was able to help you. If so, some karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

diogofgm
SplunkTrust
SplunkTrust
‎08-31-2019 04:08 PM

Add this after your stats:
|eval Time = round(Time,2)

------------
Hope I was able to help you. If so, some karma would be appreciated.
Reply
Solved! Jump to solution

tscroggins
Champion
‎09-01-2019 08:21 AM

This. You don't want to lose precision by rounding before the aggregation. You may also want to look at sigfig, various rounding modes, and the settings and capabilities of floating point math on your architecture, all depending on your use cases.

0 Karma
Reply
Solved! Jump to solution

diogofgm
SplunkTrust
SplunkTrust
‎09-01-2019 02:18 PM

?? Who is rounding before aggregation? I wrote to use the eval after the aggregation...

------------
Hope I was able to help you. If so, some karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

tscroggins
Champion
‎09-01-2019 04:14 PM

The original poster. "This" was shorthand for agreeing with you.

Reply
Solved! Jump to solution

Sukisen1981
Champion
‎08-31-2019 12:12 AM 
|  stats  avg(eval(round(time_in_mins,2))) as Time by env
0 Karma
Reply
Solved! Jump to solution

balash1979
Path Finder
‎08-31-2019 03:54 PM

The above doesnt work. I still get the answer with lot of digits after the decimal. It is not rounding.

0 Karma
Reply
Solved! Jump to solution

Sukisen1981
Champion
‎09-01-2019 01:38 AM

hi @balash1979
You have to do what @diogofgm suggests,
This - |stats eval(round(avg(time_in_mins),2)) as Time by env will give you a splunk error, since round is not a function like max, or avg
This - | stats avg(eval(round(time_in_mins,2))) as Time by env will not remove decimals as you rightly pointed out. Even though the round works, in the last instance we again do an avg of the round, so this becomes something like say avg(10) by XXXX
And that won't be a round/whole number

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...