Splunk Search

rounding decmials

dbagdanoff
Explorer

I've tried everthing I've found but for some reason cant round the value for "%_Committed_Bytes_In_Use". different variations of things like | eval %_Committed_Bytes_In_Use=round(value,2) but no luck. someone help this newbie. thanks in advance!

index=perfmon eventtype="perfmon_windows" object="Memory" host=$host$| eval DATETIME=strftime(_time, "%D %H:%M") | sort-%_Committed_Bytes_In_Use | table host %_Committed_Bytes_In_Use DATETIME | dedup host

Tags (1)
0 Karma

arjunpkishore5
Motivator

Have you tried

| eval %_Committed_Bytes_In_Use=round(%_Committed_Bytes_In_Use,2)
0 Karma

dbagdanoff
Explorer

@arjunpkishore5 yes

Error on 'eval' command: The expression is malformed. An unexpected character is reached at '%_Committed_Bytes_In_Use,2)'

I've tried quotation marks, parenthesis in different places. seems the eval command dosent like something in that counter

0 Karma

jpolvino
Builder

Can you please rename your field to Pct_Committed_Bytes_In_Use ? Do this before any operations.

dbagdanoff
Explorer

@jpolvino Nice suggestion! worked like a charm. never even thought to rename first.

jpolvino
Builder

A team effort to solve your problem, nice!

0 Karma
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...