11-01-2017 07:11 PM
I am writing to ask why is there a decimal point in the csv file when exporting a report? In my report, each entry is 10 minute apart.
Is there a way to definitely get the fixed number of hits?
11-09-2017 06:25 PM
It's just a matter of rounding the output. Here is a search that rounds up to a whole number.
index=ib_dns_summary report=si_dns_query_reply (MEMBER="*") ( TYPE="*" ) | stats sum(COUNT) as QCOUNT by _time, TYPE | eval QCOUNT= round(QCOUNT/10) | timechart bins=1000 avg(QCOUNT) by TYPE | interpolate 1200 | rename _time as Time | eval Time=strftime(Time, "%Y-%m-%d %H:%M:%S %Z")