Security business menu
Security business
HOME
To be elected
cause
Service
Handling Manufacturer
Examples/reports/
Blog/Glossary
Seminar/
video on demand
TOP
Products/Services
Specifications/Technical Information
solution
User stories
support
Seminar content
Evaluation machine application/FAQ
Document request
inquiry
Event/Seminar
video on demand

How to truncate/round off decimals when searching

release date
2019-08-06
last updated
2023-12-01
version
Splunk Enterprise 9.1.0
Overview
By using the eval command, it is possible to truncate/round off numbers below the decimal point. Please use this when rounding down/rounding off statistical results or numbers in logs. To truncate/round off, use the floor and round functions of the eval command.
Reference information
content

How to truncate decimal places

  • function to use
    floor()
  • How to Use
    ...| eval <field name to put result>=floor(<number or field name to truncate>)

    example:
    ...| eval n=floor(1.9)
    * "1" is returned for n.

    ...| eval XXX=floor(AAA)
    *If the value of the AAA field is "1.9", "1" will be returned to the XXX field.

How to round decimal places

  • function to use
    round()
  • How to Use
    ...| eval <field name to put result>=round(<number or field name to round off>)
    or
    ...| eval <field name to put result>=round(<number or field name to be rounded down>, rounding place)

    example:
    ...| eval n=round(3.5)
    * "4" is returned for n.

    ...| eval n=round(2.555, 2)
    * "2.56" is returned for n.

    ...| eval XXX=round(AAA, 2)
    *If the AAA field value is "2.555", "2.56" will be returned in the XXX field.

that's all

to previous page