Spread our blog

Usage of Splunk EVAL Function :  ABS is as follows :

This Function takes the “Numeric Value” as an Input and returns its Absolute Value.

Definition :

              How far a number is from zero : –

“6” is 6 away from zero,
and “−6” is also 6 away from zero.
So the absolute value of 6 is 6,
and the absolute value of −6 is also 6

      So in practice “absolute value” means to remove any 
      negative sign in front of a number, and to think of all
     numbers as positive (or zero).


            Find below the skeleton of the usage of the function “abs” with EVAL : 
 
                       ….. |  eval New_Field=abs(Existing_Numeric_Field)
 
 
 
 index="_internal"
| head 5 
| eval New_Field=-10
| eval Result=abs(New_Field)
| table New_Field,Result
 
Result :
 
 
New_Field Result
-10 10
-10 10
-10 10
-10 10
-10 10
 
 
Explanation :
 
            In the Query , we are only taking the first 5
            rows that’s why only 5 rows appear with the
            absolute value of a New_Field=-10 , i.e., 10
            ( Positive Number )
 
 
 
Now you can effectively utilize “abs” function with “eval” command to meet your
requirement !!
Hope you are now comfortable in : Usage of Splunk EVAL Function :  ABS
HAPPY SPLUNKING !!
 



What’s your Reaction?
+1
+1
+1
1
+1
+1
+1
+1

Spread our blog
Previous articleUsage of Splunk commands : ACCUM
Next articleUsage of Splunk EVAL Function : CASE
splunkgeek
Passionate content developer dedicated to producing result-oriented content, a specialist in technical and marketing niche writing!! Splunk Geek is a professional content writer with 6 years of experience and has been working for businesses of all types and sizes. It believes in offering insightful, educational, and valuable content and it's work reflects that.

RELATED ARTICLESMORE FROM AUTHOR

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here