Solved: Math precision

joebensimo · ‎09-18-2013

I am seeing what appears to be inconsistencies in how Splunk does math in eval statements. Most of the time, it appears to be doing floating point math, but I've encountered a number of cases where it is doing something else.

For example:

Given fields p=8.250 and m=0.2, multiplying the values

| eval i = p*m

gives me a resulting value of 2.0 instead of the expected 1.65.

However, if I add the exact function

| eval i = exact(p*m)

Splunk gives me the expected value of 1.65.

In other cases, Splunk appears to be doing floating point multiplication and division without me explicitly using the exact() function.

While rounding up 1.65 to 2.0 isn't a big difference, this creates a huge error when integer math results of many events are summed.

The documentation says:

exact(X) This function evaluates an
expression X using double precision
floating point arithmetic.

So, my questions:

How does Splunk do math when the exact() function is not used? Why do I sometimes get integer results instead of accurate floating point results and other times get floating point result values?

Is the lack of precision documented anywhere other than the one-line description of the exact() function? If it is, I've not yet been able to find it. It seems to me that it is a huge deal to not do floating point math on real numbers without making it abundantly clear that the results are not exact.

gkanapathy · ‎09-18-2013

When you run eval, the final result is rounded to a precision appropriate to the precision of the input results. The precision of the final result can be no greater than the precision of the least-precise input. Note that you will get results expressed differently if you do 8.250 * 0.2 vs 8.250 * 0.20 vs 8.250 * 0.200. This can be problem if by 0.2, you actually mean 0.2 to an arbitrary number of digits of precision. If that is what you mean, then you can express that by using exact(0.2) instead of 0.2.

View solution in original post

gkanapathy · ‎09-18-2013

When you run eval, the final result is rounded to a precision appropriate to the precision of the input results. The precision of the final result can be no greater than the precision of the least-precise input. Note that you will get results expressed differently if you do 8.250 * 0.2 vs 8.250 * 0.20 vs 8.250 * 0.200. This can be problem if by 0.2, you actually mean 0.2 to an arbitrary number of digits of precision. If that is what you mean, then you can express that by using exact(0.2) instead of 0.2.

joebensimo · ‎09-18-2013

This seems to explain what I am seeing with multiplication. I just did some additional tests with a variety of precisions. It appears Splunk is using digits of precision and not digits after the decimal point. It doesn't matter where the decimal point is located.

However, for division, I seem to get more digits of precision than any of the input values -- which is probably what I want it to do.

Thanks!

Math precision

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Data Management Digest – May 2026

Index This | What is feather-light but cannot be held long?

.conf26 Registration is Live: Secure Your Early Bird Pass Now

Join the Conversation