- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If I run a search such as the following:
sourcetype=access_combined action=purchase | stats sum(price) as Price by product_name, productId | eval revenue="$"+tostring(Price) | fields - Price
the revenue field calculates correctly. If I structure a bit differently:
sourcetype=access_combined action=purchase | stats sum(price) as Price by product_name, productId | fieldformat revenue="$"+tostring(Price) | fields - Price
revenue does not calculate correctly ($Null), it appears that downstream operations do not work with fieldformat?
Let me know, thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When you eval, revenue actually gets set to $ + whatever the value of "Price" is, so its safe to remove "Price" from the list of fields.
When you fieldformat, revenue is displayed as $ + the field known as "Price"
You then remove Price, so Price is null (i.e. revenue can not reference Price any more)
You can do fieldformat Price="$".Price instead
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When you eval, revenue actually gets set to $ + whatever the value of "Price" is, so its safe to remove "Price" from the list of fields.
When you fieldformat, revenue is displayed as $ + the field known as "Price"
You then remove Price, so Price is null (i.e. revenue can not reference Price any more)
You can do fieldformat Price="$".Price instead
