Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk query to add commas on calculated fields by date

Mathanjey
Explorer
‎01-05-2017 01:43 PM

Can you help suggesting options to add commas to the calculated fields

Example : chart count as TotalCnt, people OVER Date BY name

I wanted to display something that will show the count of number separated by comma's (thousand)

Tags (1)
0 Karma
Reply

gokadroid
Motivator
‎01-05-2017 02:08 PM

If all you are doing is add commas to the existing field then try fieldformat rather than eval which will preserve the format in case the sorting might be needed on the field later on.
So eval command | eval TotalCnt =tostring(TotalCnt, "commas")
changes to | fieldformat TotalCnt =tostring(TotalCnt, "commas")

0 Karma
Reply

Mathanjey
Explorer
‎01-05-2017 02:04 PM

Thanks the eval TotalCnt =tostring(TotalCnt, "commas") didn't work for me, also i tried fieldformat MsgCnt=tostring(MsgCnt,"commas") which didn't work. I believe OVER Date BY may be a stopping factor.

0 Karma
Reply

MonkeyK
Builder
‎01-05-2017 02:28 PM

You are right. I'm sorry, I don't know the answer to this. I found some similar questions from years ago that never found a way to get it done.

0 Karma
Reply

MonkeyK
Builder
‎01-05-2017 01:58 PM

try

chart count as TotalCnt, people OVER Date BY name | eval TotalCnt =tostring(TotalCnt, "commas")

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...