Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

When using "stats max ()", why is the result truncated?

yutaka1005
Builder
‎02-28-2019 08:20 PM

My environment:
Splunk 7.2.3

When I do the following search, the result is truncated.

search-1

| makeresults count=1
| eval num="123456789123456789123456789" 
| stats max(num)

result-1

max(num)
123456789123456790000000000

search-2

| makeresults count=2 
| eval num="123456789123456789123456789" 
| eval num2=num+num

result-2

num2
246913578246913580000000000

How can I avoid this?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎02-28-2019 10:28 PM

You cannot. You must ask Splunk for a new feature by filing a P0 support case which is how they handle Enhancement Requests. Do not get your hopes up. The problem is that Splunk (and, to be fair, many, many other software tools) have a smaller than expected mantissa. See here for some background:
https://en.wikipedia.org/wiki/Significant_figures

P.S. We sometimes joke mockingly about this, and other similar quirks as #SplunkMath.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎02-28-2019 10:28 PM

You cannot. You must ask Splunk for a new feature by filing a P0 support case which is how they handle Enhancement Requests. Do not get your hopes up. The problem is that Splunk (and, to be fair, many, many other software tools) have a smaller than expected mantissa. See here for some background:
https://en.wikipedia.org/wiki/Significant_figures

P.S. We sometimes joke mockingly about this, and other similar quirks as #SplunkMath.

0 Karma
Reply
Solved! Jump to solution

yutaka1005
Builder
‎03-03-2019 05:00 PM

Thank you for Answer.

I hope that this limit value will be expanded someday...
For now, I will consider another way to calculate.

0 Karma
Reply
Solved! Jump to solution

HiroshiSatoh
Champion
‎02-28-2019 09:13 PM

扱える数値に上限があるってことだよね?
eval num="123456789123456789123456789"
これは文字列として代入しているから値が入るけど
eval num=123456789123456789123456789
数値として入れたら値はおかしくなる。MAXだからというわけではない。

そういうものとして扱うしかないんじゃないかと思う。

Cのlong型(x64)のサイズもダメみたいなので制限値はよくわからないですね。
LONG_MAX 9223372036854775807 long 最大値
LONG_MIN -9223372036854775808 long 最小値

0 Karma
Reply
Solved! Jump to solution

yutaka1005
Builder
‎02-28-2019 09:23 PM

確かにダブルクオートで囲まないと、そもそも切り捨てられちゃいますね…。

数値型のデータに関して、限界桁数みたいなものがあるのか

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...