Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Round problem

lukasz92
Communicator
‎11-28-2014 04:26 AM

When I enter this query:

index=_internal | head 100 | eval time1=round(_time,0) | eval time2=round(_time,-3) | eval time3=round(_time,-2) | eval time4=round(_time,-1) | eval time5=round(987987778768,-4) | table time1,time2,time3,time4,time5

I get -nan in columns when second parameter of round function is less than -2.
When -2 , everything is rounded to the -2 place after the dot (it equals second place beforce the dot)

Could you explain why?
Is this bug or a feature? 🙂

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎11-28-2014 03:19 PM

To get around the syntax ugliness you can define a macro round(2) with arguments $x$,$y$ as (round($x$*pow(10,$y$))/pow(10,$y$)) and call that like this:

... | eval time2 = `round(_time, -3)` | ...

View solution in original post

0 Karma
Reply
Solved! Jump to solution

lukasz92
Communicator
‎12-01-2014 03:23 AM

Solution works, but I think this is a faulty function.
Could I trust "pow", or there are another crazy limitations I don't know? 😕

It is not documented what the second parameter should look like,
@richgalloway comment should definetly appear in the official documentation.

0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎12-01-2014 04:05 AM

I disagree with that interpretation. The documentation states:

This function takes one or two numeric arguments X and Y, returning X rounded to the amount of decimal places specified by Y.

It makes no sense in this context to mention negative integers at all.

0 Karma
Reply
Solved! Jump to solution

lukasz92
Communicator
‎12-01-2014 04:23 AM

Shouldn't args be tested for invalid values?

0 Karma
Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎11-28-2014 03:19 PM

To get around the syntax ugliness you can define a macro round(2) with arguments $x$,$y$ as (round($x$*pow(10,$y$))/pow(10,$y$)) and call that like this:

... | eval time2 = `round(_time, -3)` | ...
0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎11-28-2014 06:06 AM

The documentation for the round() function does not mention use of negative values for the second argument. Based on that and your experience, I conclude they are not supported.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎11-28-2014 05:03 AM

What's the idea with supplying a negative integer there at all?

0 Karma
Reply
Solved! Jump to solution

lukasz92
Communicator
‎11-28-2014 05:42 AM

negative integer after a dot = positive integer before a dot - isn't it logic?
I want to round a number to thousands (1345 -> 1000 ; 1501 -> 2000).
Syntax round(1345/1000,0)*1000 is uglier

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...