In those situations precision might be lost on the least significant digits. There are situations where the results of a calculation contain more digits than can be represented by a floating- point number. If you want to return an arbitrary number of digits of precision, use the exact function, as shown in the last calculation in the search. For example, the following search has different precision for 0.2 in each of the calculations based on the number of zeros following the number 2: The precision of the results can be no greater than the precision of the least-precise input. Results are rounded to a precision appropriate to the precision of the input results.
Division by zero results in a null field. The special values for positive and negative infinity are represented in your results as "inf" and "-inf" respectively. If the calculation results in the floating-point special value NaN(Not a Number), it is represented as "nan" in your results. If you are using a search as an argument to the eval command and functions, you cannot use a saved search name you must pass a literal search string or a field that contains a literal search string (like the 'search' field extracted from index=_audit events).ĭuring calculations, numbers are treated as double-precision floating-point numbers, subject to all the usual behaviors of floating point numbers. However you can convert booleans and nulls to strings using the tostring() function, which can be assigned to fields. Numbers and strings can be assigned to fields, while booleans cannot be assigned. If the field name that you specify matches an existing field name, the values in the existing field are replaced by the results of the eval expression. You can specify a name for a new field or for an existing field. You must specify a field name for the results that are returned from your eval command expression. The eval command is a distributable streaming command. For example, if the string you want to use is server- you specify the string like this new="server-".host. * If the expression references a literal string, that string needs to be surrounded by double quotation marks. For example, if the field name is server-1 you specify the field name like this new=count+'server-1'. * If the expression references a field name that contains non-alphanumeric characters, other than the underscore ( _ ) character, the field name needs to be surrounded by single quotation marks. * If, at search time, the expression cannot be evaluated successfully for a given event, the eval command erases the resulting field. * The result of an eval expression cannot be a Boolean. The syntax of the eval expression is checked before running the search, and an exception is thrown for an invalid expression. expression Syntax: Description: A combination of values, variables, operators, and functions that will be executed to determine the value to place in your destination field. If the field name already exists in your events, eval overwrites the value. Required arguments field Syntax: Description: A destination field name for the resulting calculated value.
0 kommentar(er)
