Percentage not showing on Timechart correctly

luckyman80 · ‎02-01-2019

Hi Splunk Experts,
I'm doing a calculation and adding to timechart like so

eval Thread4 = (avg4 * total_events * 100) / 300000000000
|timechart span=5m limit=0 max(Thread1), max(Thread2), max(Thread3), max(Thread4) by instance

When I look at what should be 38.87836045 when i look in timechart it shows as 3,887,836045. Its also set the Axis on the left side to 4.000 ... Any easy way to change this so its just * 100 ?

Thanks in advance

woodcock · ‎02-01-2019

It is very unclear what you need but are you aware that there is an avg function that you can use in timechart, instead of max?

mayurr98 · ‎02-01-2019

I did not understand what are you trying to say. can you put the entire search query in 101010 sample code. also let me know what is the o/p of eval command and what you are trying to achieve.

luckyman80 · ‎02-01-2019

Identifier sourcetype="my-logs"  source="/var/tmp/myprocess"  | rex field=source "process(?.*?)_"
| rex "(?s)Evt:1.*\n.*identifier.*Avg:\s*(?\d+)ns;\s*Median:\s*(?\d+)ns;\s*Max:\s*(?\d+)ns;\s*Total Events:\s*(?\d+);\s*Total Items:\s*(?\d+)"| rex field=source "process(?.*?)_" |  eval Thread1 = (avg1 * total_events * 100) / 300000000000
|timechart span=5m limit=0 max(Thread1) by instance

like I say it comes out by instead of between 0 - 100 pct the axis show what I mentioned above

Percentage not showing on Timechart correctly

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms