Wildcard eval to divide multiple values with a con...

batcave · ‎01-31-2013

I have a search which gets timings across many Streets. But these times are in seconds and I want to convert to minutes. Is there a way to wildcard eval all these values?

e.g.

timechart perc95(*Street) AS *Street  -- > values are in seconds

I want something in minutes like this:

e.g.

timechart perc95(*Street)/60 AS *Street  --> Ofcourse this doesnt work but you get the idea I think.

martin_mueller · ‎02-15-2013

Give this a try: http://splunk-base.splunk.com/apps/76026/scale-command

martin_mueller · ‎02-05-2013

My boss has allowed me some time to build a wildcard-capable scaling command 🙂

batcave · ‎02-04-2013

yep true. that's why searching for a way to do it alternatively

martin_mueller · ‎02-03-2013

eval doesn't do wildcards, they get confused with the multiplication sign.

batcave · ‎02-03-2013

anyone have an answer to this? anyone from Splunk?

batcave · ‎02-01-2013

By doing *Street, I can get all timechart of all the fields ending with "Street" for e.g. BrooklynStreet,WestStreet,etc.

martin_mueller · ‎01-31-2013

Just to clarify, there are wildcards hidden in the formatting, right?

timechart perc95(*Street) AS *Street

Wildcard eval to divide multiple values with a constant number like 2

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Are you a member of the Splunk Community?

Wildcard eval to divide multiple values with a constant number like 2

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0