How to round search result (Miliseconds)?

tobi2k · ‎07-13-2019

Hi There,

with Google I already found numerous forum contributions to this topic - but unfortunately none worked.

I want to round a result (avg_ping in miliseconds) to whole numbers.

I tried that:

index="main" source="ping" | timechart latest(avg_ping) by dest | eval avg_ping = round(avg_ping,0)

But the result is unfortunately still not rounded: 21.535

Help is very welcome!

pgerke_cc · ‎07-14-2019

Think that yould help you?

https://answers.splunk.com/answers/667635/how-to-round-a-millisecond-output.html

have to set "eval avg_ping=round(avg_ping,0)" to "eval avg_ping=round(avg_ping,2)"

vbumgarner · ‎07-13-2019

Add as “as avg_ping” to your time chart command, or reference the results as 'latest(avg_ping)'

timechart latest(avg_ping) as avg_ping

or

'latest(avg_ping)' = round('latest(avg_ping)',0)

tobi2k · ‎07-13-2019

Thank you for your answer.

The query

index="main" source="ping" | timechart latest(avg_ping) by dest

results in:

_time   server1.net server2.net server3.net
2019-07-12 17:00:00 33.948  65.14   19.13
2019-07-12 17:30:00 22.779  51.48   21.58
2019-07-12 18:00:00 20.194  69.65   17.91

Its not clear for me how to address the field name for rounding.

HiroshiSatoh · ‎07-13-2019

Please look at my answer.

HiroshiSatoh · ‎07-13-2019

avg_ping does not exist. Please check the field name in the result of avg_ping.

 index="main" source="ping" | timechart latest(avg_ping) by dest

It is easy if you do it first.

 index="main" source="ping" |eval avg_ping=round(avg_ping,0)
| timechart latest(avg_ping) by dest

How to round search result (Miliseconds)?

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk