Use the none convert function to specify fields to ignore. Convert field values except for values in specified fieldsĬonvert every field value to a number value except for values in the field foo. Use the auto convert function to convert all field values to numeric values. Convert all field values to numeric values
The convert command is a distributable streaming command. You can use a wildcard ( * ) character in the field name. rmunit() Syntax: rmunit() Description: Looks for numbers at the beginning of the value and removes trailing text. rmcomma() Syntax: rmcomma() Description: Removes all commas from value, for example rmcomma(1,000,000.00) returns 1000000.00.
num() Syntax: num() Description: Like auto(), except non-convertible values are removed. none() Syntax: none() Description: In the presence of other wildcards, indicates that the matching fields should not be converted. mstime() Syntax: mstime() Description: Convert a SS.SSS format to seconds. Use timeformat option to specify exact format to convert from. mktime() Syntax: mktime() Description: Convert a human readable time string to an epoch time. The output field is a number expressing quantity of kilobytes. If no letter is specified, kilobytes is assumed. The letter k indicates kilobytes, m indicates megabytes, and g indicates gigabytes. memk() Syntax: memk() Description: Accepts a positive number (integer or float) followed by an optional "k", "m", or "g". dur2sec() Syntax: dur2sec() Description: Convert a duration format "HH:MM:SS" to seconds. Use the timeformat option to specify exact format to convert to. ctime() Syntax: ctime() Description: Convert an epoch time to an ascii human readable time. Note that if not all values of a particular field can be converted using a known conversion type, the field is left untouched and no conversion at all is done for that field. Convert functions auto() Syntax: auto() Description: Automatically convert the fields to a number using the best conversion. The original field and values remain intact. Syntax: Description: Creates a new field with the name you specify to place the converted values into. Note that this default does not conform to the locale settings. For a list and descriptions of format options, see Common time format variables in the Search Reference. The timeformat option is used by ctime and mktime functions. Optional arguments timeformat Syntax: timeformat= Description: Specify the output format for the converted time field. Required arguments Syntax: auto() | ctime() | dur2sec() | memk() | mktime() | mstime() | none() | num() | rmcomma() | rmunit() Description: Functions to use for the conversion. Unless you use the AS clause, the original values are replaced by the new values.Īlternatively, you can use evaluation functions such as strftime(), strptime(), or tonumber() to convert field values.
The convert command converts field values in your search results into numerical values.