Solved: Is it possible to round up average, max, and min v...

bidahor13 · ‎08-17-2015

Is there a way to round up the average, max and min values to 2 decimal places - without disrupting the sparkline display format?

Here is my SPL :

....| transaction maxspan=4h counter  by host | stats  sparkline(avg(Value),30m) AS Trend_Processor_time avg(Value) AS AVG  min(Value) AS MIN  max(Value) AS MAX by host

Gilberto_Castil · ‎08-17-2015

You could use an eval statement to and the round function to accomplish this. For example, you can try this search:

index="_internal" sourcetype=splunkd  eps="*" 
| stats sparkline(avg(eps),30m) AS trend_eps avg(eps) AS AVG min(eps) AS MIN max(eps) AS MAX by group 
| eval AVG=round(AVG,2) 
| eval MIN=round(MIN,2) 
| eval MAX=round(MAX,2)

--
This will produce the following:

What you cannot do is reassign the value of the trend_eps results after the stats statement.

The eval functions are documented here.

View solution in original post

Gilberto_Castil · ‎08-17-2015

You could use an eval statement to and the round function to accomplish this. For example, you can try this search:

index="_internal" sourcetype=splunkd  eps="*" 
| stats sparkline(avg(eps),30m) AS trend_eps avg(eps) AS AVG min(eps) AS MIN max(eps) AS MAX by group 
| eval AVG=round(AVG,2) 
| eval MIN=round(MIN,2) 
| eval MAX=round(MAX,2)

--
This will produce the following:

What you cannot do is reassign the value of the trend_eps results after the stats statement.

The eval functions are documented here.

bidahor13 · ‎08-17-2015

Nice!! Thanks for the feedback.

Is it possible to round up average, max, and min values to 2 decimal places using eval, but without changing how a sparkline is displayed?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor