Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I round to the nearest half with the eval command?

tkwaller_2
Communicator
‎09-18-2018 09:46 AM

Hello,

I have some values that are in the format of : 0, 0.5, 1, 1.5, 2, 2.5, 3, 3.5, 4, 4.5, 5

I am trying to find that average and only want whole and half numbers so nothing like 1.7 only avg's like 1, 2.5, 4, 3.5 etc.

I thought maybe if I multiplied by 2 and then divided that by the count and then again in half that would work but its not quite right.

|eval tmpscore=(score * 2)
|eval "Maturity Level"=round(((tmpscore/count)/2),1)

"score" being the sum of all the values of a field
Any ideas how I could get this type of rounding to work?

Thanks as always

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

msivill_splunk
Splunk Employee
Splunk Employee
‎09-18-2018 10:33 AM

How about this as a starting point?

| makeresults 
| eval calculated_average_score = 1.74 
| eval tmp_score = calculated_average_score*2 
| eval round_tmp_score = round(tmp_score) 
| eval final_round_calculated_average_score = round_tmp_score / 2

View solution in original post

Reply
Solved! Jump to solution
Solution

msivill_splunk
Splunk Employee
Splunk Employee
‎09-18-2018 10:33 AM

How about this as a starting point?

| makeresults 
| eval calculated_average_score = 1.74 
| eval tmp_score = calculated_average_score*2 
| eval round_tmp_score = round(tmp_score) 
| eval final_round_calculated_average_score = round_tmp_score / 2
Reply
Solved! Jump to solution

tkwaller_2
Communicator
‎09-18-2018 11:44 AM

I tried this but I still get the same results

|eval tmpscore=(score * 2)
|eval tmpscore=round(tmpscore)
|eval "Maturity Level"=((tmpscore/count)/2)

I still get values like:

1.3333333333333333  
2   
2.1666666666666665
1.5
1.625
3
1.75
1.8
0 Karma
Reply
Solved! Jump to solution

msivill_splunk
Splunk Employee
Splunk Employee
‎09-18-2018 12:05 PM

Another fuller example this time using the same field names (without count)

| makeresults count=10 
| eval value = (random()%100)/5
| stats avg(value) as score
| eval tmpscore=(score * 2)
| eval tmpscore=round(tmpscore)
| eval "Maturity Level"= tmpscore/2
0 Karma
Reply
Solved! Jump to solution

tkwaller_2
Communicator
‎09-18-2018 12:10 PM

yep, edited again and got the results I was looking for, thanks again!

0 Karma
Reply
Solved! Jump to solution

msivill_splunk
Splunk Employee
Splunk Employee
‎09-18-2018 12:12 PM

No worries, thanks for accepting the answer

0 Karma
Reply
Solved! Jump to solution

msivill_splunk
Splunk Employee
Splunk Employee
‎09-18-2018 11:54 AM

Does the SPL this answer provide work? It looks like you've tried to combine it into a single line and not done a like for like conversion. The SPL provided in this answer assumes you are converting an already calculated average (so you don't need count).

0 Karma
Reply
Solved! Jump to solution

msivill_splunk
Splunk Employee
Splunk Employee
‎09-18-2018 12:02 PM

A fuller example with average calculation.

| makeresults count=10 
| eval value = (random()%100)/5
| stats avg(value) as calculated_average_score
| eval tmp_score = calculated_average_score*2 
| eval round_tmp_score = round(tmp_score) 
| eval final_round_calculated_average_score = round_tmp_score / 2
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...