Re: How to run round on multiple values?

danielbb · ‎11-12-2019

The following works on one value - | eval devicedowntime2 = round(devicedowntime,4) but not on two or more.

Is there a way to make it work on multiple values?

HiroshiSatoh · ‎11-12-2019

Try this!

(your search)
| streamstats count as key
| mvexpand devicedowntime
| eval devicedowntime2=round(devicedowntime,4)
| stats list(devicedowntime) as devicedowntime,list(devicedowntime2) as devicedowntime2,latest(*) as * by key,_time
| fields - key

mayurr98 · ‎11-12-2019

what do you mean by multiple values?
do you mean multiple fields?

you could use foreach command.

|  foreach <fields names>
    [eval <<FIELD>>=round('<<FIELD>>',4)]

OR if you want to give different names then try this :

|  foreach <fields names>
     [eval <<FIELD>>2=round('<<FIELD>>',4)]

Splunk docs https://docs.splunk.com/Documentation/Splunk/8.0.0/SearchReference/Foreach#2._Monitor_license_usage

danielbb · ‎11-12-2019

Sorry, I mean that the field I have, has multiple values.

How to run round on multiple values?

Get Operational Insights Quickly with Natural Language on the Splunk Platform

Stay Connected: Your Guide to August Tech Talks, Office Hours, and Webinars!

Unleash the Power of Splunk MCP and AI, Meet Us at .Conf 2025, and Find Even More New ...

Are you a member of the Splunk Community?

How to run round on multiple values?

Get Operational Insights Quickly with Natural Language on the Splunk Platform

Stay Connected: Your Guide to August Tech Talks, Office Hours, and Webinars!

Unleash the Power of Splunk MCP and AI, Meet Us at .Conf 2025, and Find Even More New ...