How to Round Off Decimal Values with TIMECHART command in Splunk
Hello everyone !! We usually use the timechart command to show the data on time basis. But when we go for taking the average values of any numerical field then sometimes it comes with decimal values. Now we will show you how to round off decimal values with timechart command. Below we have given an image of sample data.
You can round off all the values in the result set very easily. Below we have given the query :
index=_internal sourcetype=splunkd_ui_access NOT method=”HEAD”
| timechart span=1d eval(round(avg(bytes),3)) by method
Result :
Explanation:
In the above query method and bytes are existing field names in _internal index and sourcetype name is splunkd_ui_access . We have taken the average value of bytes field by method field. With the timechart command we have used eval and round function together with avg function to get round off value upto 3 decimal points.
Hope this has helped you in achieving the below requirement without fail :
How to Round Off Decimal Values with TIMECHART command in Splunk
Happy Splunking !!
Hi ,
index=application_gdp_st_secure | where isnum(errorCodes) | timechart eval(round(avg(evaluationTimeMills))) as averageEvaluationTime by errorCodes
i tried to get round of average of the evaluationtime but i get the following error :
Error in ‘timechart’ command: The eval expression has no fields: ’round(avg(evaluationTimeMills))’.
Mazeen,
The offered solution definitely works.
The reason it does not work for you is because you are not specifying how many decimals you need on your round
You need to use it like this
| timechart eval(round(avg(evaluationTimeMills),2))
The above example is for 2 decimal.
If you need no decimals use a 0