Usage of Splunk EVAL Function : ABS is as follows :
This Function takes the “Numeric Value” as an Input and returns its Absolute Value.
How far a number is from zero : –
“6” is 6 away from zero,
and “−6” is also 6 away from zero.
So the absolute value of 6 is 6,
and the absolute value of −6 is also 6
So in practice “absolute value” means to remove any
negative sign in front of a number, and to think of all
numbers as positive (or zero).
index="_internal" | head 5 | eval New_Field=-10 | eval Result=abs(New_Field) | table New_Field,Result