All Apps and Add-ons

How to round search result (Miliseconds)?

tobi2k
Explorer

Hi There,

with Google I already found numerous forum contributions to this topic - but unfortunately none worked.

I want to round a result (avg_ping in miliseconds) to whole numbers.

I tried that:

index="main" source="ping" | timechart latest(avg_ping) by dest | eval avg_ping = round(avg_ping,0)

But the result is unfortunately still not rounded: 21.535

Help is very welcome!

0 Karma

pgerke_cc
Explorer

Think that yould help you?

https://answers.splunk.com/answers/667635/how-to-round-a-millisecond-output.html

have to set "eval avg_ping=round(avg_ping,0)" to "eval avg_ping=round(avg_ping,2)"

0 Karma

vbumgarner
Contributor

Add as “as avg_ping” to your time chart command, or reference the results as 'latest(avg_ping)'

timechart latest(avg_ping) as avg_ping

or

'latest(avg_ping)' = round('latest(avg_ping)',0)
0 Karma

tobi2k
Explorer

Thank you for your answer.

The query

index="main" source="ping" | timechart latest(avg_ping) by dest 

results in:

_time   server1.net server2.net server3.net
2019-07-12 17:00:00 33.948  65.14   19.13
2019-07-12 17:30:00 22.779  51.48   21.58
2019-07-12 18:00:00 20.194  69.65   17.91

Its not clear for me how to address the field name for rounding.

0 Karma

HiroshiSatoh
Champion

Please look at my answer.

0 Karma

HiroshiSatoh
Champion

avg_ping does not exist. Please check the field name in the result of avg_ping.

 index="main" source="ping" | timechart latest(avg_ping) by dest 

It is easy if you do it first.

 index="main" source="ping" |eval avg_ping=round(avg_ping,0)
| timechart latest(avg_ping) by dest 
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...