Solved: Convert a string with percentage sign to a number ...

charanramireddy · ‎10-05-2017

Hello,

I have this query to alert me when percentage_q_full reaches greater than certain number

eval alert=case((PERCENT_Q_FULL>90), "Critical", (PERCENT_Q_FULL>80), "Warning", true(), "N/A")

but all the column values of alert shows as N/A because PERCENT_Q_FULL has values in percentage. These values are being extracted using multikv.

PERCENT_Q_FULL
95.00%
3.12%
5.13%
0.00%
100.00%

How do I convert it so that alert column shows me critical vs warning ?

Thank you.

s2_splunk · ‎10-05-2017

Add | convert rmunit(PERCENT_Q_FULL) before your existing eval to remove the trailing unit character(s).

From the search reference manual:

rmunit()
Syntax: rmunit()
Description: Looks for numbers at the beginning of the value and removes trailing text. You can use wild card characters in the field name.

View solution in original post

s2_splunk · ‎10-05-2017

Add | convert rmunit(PERCENT_Q_FULL) before your existing eval to remove the trailing unit character(s).

From the search reference manual:

rmunit()
Syntax: rmunit()
Description: Looks for numbers at the beginning of the value and removes trailing text. You can use wild card characters in the field name.

charanramireddy · ‎10-05-2017

thank you. This works.

Convert a string with percentage sign to a number so it can be evaluated?

Index This | Forward, I’m heavy; backward, I’m not. What am I?

A Guide To Cloud Migration Success

Join Us for Splunk University and Get Your Bootcamp Game On!