Splunk Search

How to shorten the numeric values for a field to only 2 decimals?

Here is my search fields + host,lastTime,dayDiff | eval c_time=strftime(log_time,"%m/%d/%y %H:%M:%S")
I'm trying to shorten daydiff to only 2 decimals. I've tried all the other answers and nothing seems to work.

0 Karma


Like this eval daydiff=round(daydiff, 2) before you do the strftime

My whole search is:

| `host_eventcount(30,2)` | search is_expected=true | `ctime(lastTime)`  | fields + host,lastTime,dayDiff  |rename host AS "Hostname", lastTime AS "Last Time Seen" , dayDiff AS "Days Not Seen" | eval c_time=strftime(log_time,"%m/%d/%y %H:%M:%S") 

Anyway to make this more efficient?

0 Karma