Splunk Search

How to take precision of decimal point for a particular field?

microsac
Explorer

Hello experts,

I Just want my field `snow_os_version`  to be up to 2 decimal points like the first entry should only be  `3.10`, How to achieve that.

microsac_0-1648557195397.png

 

Tags (2)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @microsac,

it depends on the valuer in SNOW, if you're sure that the format is always "nn.nn", you could use a regex like this:

| rex field=snow_os_version "^(?<snow_os_version>\d+\.(\d|(\d\d)))"

Ciao.

Giuseppe

View solution in original post

microsac
Explorer

Hi @gcusello ..

I tried something similar  rex field=snow_os_version "(?<os_version>\d+\.\d{1})"  but it only upto 1 decimal number like `3.1` i need it to take like `3.10`

0 Karma

somesoni2
Revered Legend

Try like this

Your current search
| eval snow_os_version=replace(snow_os_version,"^(\d+\.\d+).*","\1")

gcusello
SplunkTrust
SplunkTrust

Hi @microsac,

it depends on the valuer in SNOW, if you're sure that the format is always "nn.nn", you could use a regex like this:

| rex field=snow_os_version "^(?<snow_os_version>\d+\.(\d|(\d\d)))"

Ciao.

Giuseppe

Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...