Help with eval division calculation

splunkuseradmin · ‎07-22-2019

Hey all,

I need an eval expression for the below output:

_time minutes bminutes
2019-06-01 1349511.54 105472800
2019-06-08 1498691.33 105472800
2019-06-15 1447368.29 105472800
2019-06-22 1379824.64 105472800

It is by every week so I need an eval expression from which I can divide every row of minutes by bminutes by time.

Expected results:

_time minutes bminutes result
2019-06-01 1349511.54 105472800 1.279
2019-06-08 1498691.33 105472800 1.420
2019-06-15 1447368.29 105472800 1.372
2019-06-22 1379824.64 105472800 1.308

woodcock · ‎07-27-2019

You just spelled your field wrong (using m instead of M in the bizMinutes field); see the last line in this working run-anywhere example:

| makeresults 
| eval raw="time=2019-06-01,minutes=1349511.54,bizMinutes=105472800 time=2019-06-08,minutes=1498691.33,bizMinutes=105472800 time=2019-06-15,minutes=1447368.29,bizMinutes=105472800 time=2019-06-22,minutes=1379824.64,bizMinutes=105472800" 
| makemv raw 
| mvexpand raw 
| rename raw AS _raw 
| kv 
| eval _time = strptime(time, "%Y-%m-%d") 
| fields - time 
| eval result = round(100 * minutes / bizMinutes)

ayush1906 · ‎07-23-2019

| eval result=round(100*minutes/bizMinutes,3)

this will give you 3 trailing digits after decimal

nabeel652 · ‎07-22-2019

I'm afraid I couldn't understand properly what your exact requirement is 🙂
However, this gives your desired output with a slight change

| makeresults | fields - _time | eval data="2019-06-01 1349511.54 105472800|2019-06-08 1498691.33 105472800|2019-06-15 1447368.29 105472800|2019-06-22 1379824.64 105472800" | makemv delim="|" data | mvexpand data | rex field=data "^(?<_time>[^\s]*)\s(?<minutes>[^\s]*)\s(?<bizMinutes>[^\s]*)$" | table _time, minutes, bizMinutes | eval result=round(100*minutes/bizMinutes,3)

Help with eval division calculation

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?

A Guide To Cloud Migration Success