Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can the precision of numerical results be changed in the search?

CarbonCriterium
Path Finder
‎10-06-2020 02:43 PM

Let's say you have the following search:

... | stats sum(eval(sc_bytes/1073741824)) AS Gigabytes BY date

 

The resulting values in the Gigabytes column may have many characters after the decimal point.  In a results table or a dashboard one may format the values with commas or define precision in order to make the information easier to read at a glance.   

Is there a way to change how these values are displayed without changing the underlying information from the search?  

I know the following may be used to convert the values to a string, but is there a way to change the way these values are displayed without changing the number - perhaps you want to store it for later formulas?

... | stats sum(eval(sc_bytes/1073741824)) AS Gigabytes BY date 
| eval Gigabytes=printf("%.4f",Gigabytes)

 

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎10-06-2020 03:04 PM 
... | stats sum(sc_bytes) AS Gigabytes BY date
| fieldformat Gigabytes=Gigabytes/1073741824
Reply

CarbonCriterium
Path Finder
‎10-07-2020 09:23 AM

Thank you for trying to respond, but this doesn't answer the question. 

The closest answer appears to be the tostring function, but it also changes the datatype.  

 

… |stats sum(eval(sc_bytes/1073741824)) AS Gigabytes BY date
| eval Gigabytes = tostring(Gigabytes, "commas")

 

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎10-07-2020 09:47 AM

fieldformat changes the way it is displayed without changing its value (which answers at least one of your questions). If you need to combine the division with a round or printf, you could do

| fieldformat Gigabytes=round(Gigabytes/1073741824,3)

or

| fieldformat Gigabytes=printf("%.4f",Gigabytes/1073741824)

 

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...