Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to round the average in stats statement?

balash1979
Path Finder
‎08-30-2019 10:30 PM

Here is what i have 

index="docker" (env = region1 OR env = region2)  "job-time" |eval time_in_mins = ('time')/(1000*60)  | stats avg(time_in_mins) as Time by env

How can I round the average to 2 decimals and then show by env ? Tried this but doesnt work
stats eval(round(avg(time_in_mins),2)) as Time by env

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

diogofgm
SplunkTrust
SplunkTrust
‎08-31-2019 04:08 PM

Add this after your stats:
|eval Time = round(Time,2)

------------
Hope I was able to help you. If so, some karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

diogofgm
SplunkTrust
SplunkTrust
‎08-31-2019 04:08 PM

Add this after your stats:
|eval Time = round(Time,2)

------------
Hope I was able to help you. If so, some karma would be appreciated.
Reply
Solved! Jump to solution

tscroggins
Influencer
‎09-01-2019 08:21 AM

This. You don't want to lose precision by rounding before the aggregation. You may also want to look at sigfig, various rounding modes, and the settings and capabilities of floating point math on your architecture, all depending on your use cases.

0 Karma
Reply
Solved! Jump to solution

diogofgm
SplunkTrust
SplunkTrust
‎09-01-2019 02:18 PM

?? Who is rounding before aggregation? I wrote to use the eval after the aggregation...

------------
Hope I was able to help you. If so, some karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

tscroggins
Influencer
‎09-01-2019 04:14 PM

The original poster. "This" was shorthand for agreeing with you.

Reply
Solved! Jump to solution

Sukisen1981
Champion
‎08-31-2019 12:12 AM 
|  stats  avg(eval(round(time_in_mins,2))) as Time by env
0 Karma
Reply
Solved! Jump to solution

balash1979
Path Finder
‎08-31-2019 03:54 PM

The above doesnt work. I still get the answer with lot of digits after the decimal. It is not rounding.

0 Karma
Reply
Solved! Jump to solution

Sukisen1981
Champion
‎09-01-2019 01:38 AM

hi @balash1979
You have to do what @diogofgm suggests,
This - |stats eval(round(avg(time_in_mins),2)) as Time by env will give you a splunk error, since round is not a function like max, or avg
This - | stats avg(eval(round(time_in_mins,2))) as Time by env will not remove decimals as you rightly pointed out. Even though the round works, in the last instance we again do an avg of the round, so this becomes something like say avg(10) by XXXX
And that won't be a round/whole number

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...