Solved: Divide a value of microseconds to seconds

dperry · ‎07-15-2014

I have an event that has a value pair called GetMyPortalTime:

698026 [15/Jul/2014:10:47:40 -0700] "GET /wps/myportal HTTP/1.1" 200 254836 TS:1 WAS:tstgpvwp02.octfcu.org:10053 TIME:1312414

The time:1312414 is microseconds. When I run the following:
index=web_logging sourcetype=web_access| timechart avg(GetMyPortalTime)

the time shows values as:
186631.534483
145745.235474
235465.586456

How do I divide these values by 1000000 to covert it to show seconds? I try the following search:
index=web_logging sourcetype=web_access| timechart avg(GetMyPortalTime/1000000)

but it doesn't like it, any suggestions?

somesoni2 · ‎07-15-2014

Try this

index=web_logging sourcetype=web_access | eval GetMyPortalTime=GetMyPortalTime/1000000| timechart avg(GetMyPortalTime)

View solution in original post

dperry · ‎07-15-2014

my apologies, it is microseconds

martin_mueller · ‎07-15-2014

Are you sure that's in milliseconds? Dividing by 1,000,000 suggests microseconds.

somesoni2 · ‎07-15-2014

Try this

index=web_logging sourcetype=web_access | eval GetMyPortalTime=GetMyPortalTime/1000000| timechart avg(GetMyPortalTime)

dperry · ‎07-15-2014

This worked! Thank you

Divide a value of microseconds to seconds

Troubleshooting the OpenTelemetry Collector

Adoption of Infrastructure Monitoring at Splunk

Modern way of developing distributed application using OTel