Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is it possible to round up average, max, and min values to 2 decimal places using eval, but without changing how a sparkline is displayed?

bidahor13
Path Finder
‎08-17-2015 09:16 AM

Is there a way to round up the average, max and min values to 2 decimal places - without disrupting the sparkline display format?

Here is my SPL :

....| transaction maxspan=4h counter  by host | stats  sparkline(avg(Value),30m) AS Trend_Processor_time avg(Value) AS AVG  min(Value) AS MIN  max(Value) AS MAX by host
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Gilberto_Castil
Splunk Employee
Splunk Employee
‎08-17-2015 11:14 AM

You could use an eval statement to and the round function to accomplish this. For example, you can try this search:

index="_internal" sourcetype=splunkd  eps="*" 
| stats sparkline(avg(eps),30m) AS trend_eps avg(eps) AS AVG min(eps) AS MIN max(eps) AS MAX by group 
| eval AVG=round(AVG,2) 
| eval MIN=round(MIN,2) 
| eval MAX=round(MAX,2)

--
This will produce the following:

alt text

What you cannot do is reassign the value of the trend_eps results after the stats statement.

The eval functions are documented here.

View solution in original post

Preview file
92 KB
Reply
Solved! Jump to solution
Solution

Gilberto_Castil
Splunk Employee
Splunk Employee
‎08-17-2015 11:14 AM

You could use an eval statement to and the round function to accomplish this. For example, you can try this search:

index="_internal" sourcetype=splunkd  eps="*" 
| stats sparkline(avg(eps),30m) AS trend_eps avg(eps) AS AVG min(eps) AS MIN max(eps) AS MAX by group 
| eval AVG=round(AVG,2) 
| eval MIN=round(MIN,2) 
| eval MAX=round(MAX,2)

--
This will produce the following:

alt text

What you cannot do is reassign the value of the trend_eps results after the stats statement.

The eval functions are documented here.

Preview file
92 KB
Reply
Solved! Jump to solution

bidahor13
Path Finder
‎08-17-2015 11:28 AM

Nice!! Thanks for the feedback.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...