The num operator converts a field to a floating point number. Using num in a query is useful for sorting results by number instead of alphabetically, which is the default.
You can also use toDouble as the operator, as an alias equivalent, if you are more used to working with that format.
- The value of the field must be a negative/positive integer or a real number. For example, 500, 123234820932, or 352.748.
Use this query to use num to search for Scheduled Searches, and sort them by the time it took each search to execute in seconds. Without the conversion, the results would be sorted in alphabetical order.
_sourceCategory=concierge completed execution
| parse "Execution duration: * s" as duration
| num(duration) | sort by duration
This query produces results like this: