Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Using Eval where

tb5821
Communicator
‎08-09-2013 06:06 AM

I'm doing something wrong here.. . I have the following search

...| eval SuccessRatio =  (round(((succeeded_count)/(task_count)) * 100)). "%" | search SuccessRatio < 98 |  sort SuccessRatio

I'm trying to filter out anything that has a SuccessRatio of greater than 98% but its not working I'm still getting results that have 100% success.

Tags (3)
0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎08-09-2013 05:04 PM

because you appended "%" to the number before filtering, making it a string (not a number). SuccessRatio is not a number, it's a string. eval, filter, sort, and then format it:

  ... | eval SuccessRatio = round(100*succeeded_count/task_count) | where SuccessRatio < 98 | sort SuccessRatio | eval SuccessRatio = SuccessRatio . "%"
Reply

davecroto
Splunk Employee
Splunk Employee
‎08-09-2013 08:23 AM

Did you ever get this to work?

0 Karma
Reply

davecroto
Splunk Employee
Splunk Employee
‎08-09-2013 06:41 AM

Test to see if succeeded_count and task count are actually numbers. Other than that, I cannot see why this would not work

0 Karma
Reply

davecroto
Splunk Employee
Splunk Employee
‎08-09-2013 06:22 AM

*|eval succeeded_count=99 |eval task_count=1| eval SuccessRatio = (round(((succeeded_count)/(task_count)) * 100)). "%" | search SuccessRatio < 98 | sort SuccessRatio

vs

*|eval succeeded_count=20 |eval task_count=1| eval SuccessRatio = (round(((succeeded_count)/(task_count)) * 100)). "%" | search SuccessRatio < 98 | sort SuccessRatio

Seems to work for the above

0 Karma
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...