I have a log below and I want to get the value of Description under :- Calling Checklist1003
How do I do that ??
Message type: SBAWF13Info Code: 1001 dec, 3e9 hex
11/21/2019 09:21:53.297 Fault type: Application Severity: Info
11/21/2019 09:21:53.297 Description: This is a resubmission of a case that was underwritten using the
11/21/2019 09:21:53.297 UW_10.30 KB engine
11/21/2019 09:21:53.297
11/21/2019 09:21:53.297 UWROUTER service will be used for underwriting
11/21/2019 09:21:53.297 ----------------------------------------------------------------
11/21/2019 09:21:53.297 Message type: SBAWF13Info Code: 1001 dec, 3e9 hex
11/21/2019 09:21:53.297 Fault type: Application Severity: Info
11/21/2019 09:21:53.297 Description: This case will be underwritten using UWROUTER 1.0
11/21/2019 09:21:53.297
11/21/2019 09:21:53.297 **Calling Checklist1003**
11/21/2019 09:21:53.345 ----------------------------------------------------------------
11/21/2019 09:21:53.345 Message type: Code: 118310 dec, 1ce26 hex
11/21/2019 09:21:53.345 Fault type: Undefined Severity: Undefined
11/21/2019 09:21:53.345 **Description**: Hired From Date is missing for secondary employment for
11/21/2019 09:21:53.345 applicant .
11/21/2019 09:21:53.345
11/21/2019 09:21:53.358 -----------------------------------------
index=du sourcetype="ab:xyz-log"
| rex field=_raw mode=sed "s/([\n\r\s]+)\d{2}/\d{2}/\d{4} \d{2}:\d{2}:\d{2}.\d{3}/\1/g"
| rex field=_raw max_match=0 "Calling Checklist1003[^-]+[^\n]+\n[^\n]+(?[^-]+)"
| rex field=checklist "Description: (?[^\e]+)"
| rex field=_raw "INST_INFO:\s\d+\|(?.*)\|"
| rex field=_raw "lenderCaseNo\s[(?\d+)]"
| eval BTime = strptime(Begin_time, "%H:%M:%S.%3N")
| eval CTime = strptime(Completion_time, "%H:%M:%S.%3N")
| eval ResTime=CTime-BTime
|table Description lenderInstName lenderCaseNumber Begin_time Completion_time
Related
This event is printed eveytime UserPin AreaCode AreaNum Sector Short Sem are unique for each userid and come only inside User Login successfully message with timestamp
"message":" *** User Login successfully credentials userid 2NANO-323254-7654-4 UserPin - 287654 AreaCode - 98765 AreaNum - 98765 Sector - 87612345 Short Sem - ZEB"
Below these two event are only printed when certain conditions are meet. I am very new in Splunk like a naive, how can we write a Splunk query such that take out the userid with UserPin AreaCode AreaNum Sector Short Sem which have the below printed event then only create a table with userid. If below two message are not printed with userid from above message then we should not consider the userid
"message": "User Failed to login userid - 2NANO-323254-7654-4"
"message": "User is from stackoverflow group, on XZ ABCE for userid - 2NAN0-323254-7654-4"
this is table structure where i want to fill values
UserId | UserPin | AreaCode | AreaNum | Sector | Short_Sem
I am very new in splunk can someone guide how to start to build where to look for the thing. Any hint or demo will work. Thank you
Example
"message":" *** User Login successfully credentials userid 2NANO-323254-7654-4 UserPin - 287654 AreaCode - 98765 AreaNum - 98765 Sector - 87612345 Short Sem - ZEB"
"message": "User Failed to login userid - 2NANO-323254-7654-4"
"message": "User is from stackoverflow group, on XZ ABCE for userid - 2NAN0-323254-7654-4"
"message":" *** User Login successfully credentials userid 2ABDO-54312-7654-4 UserPin - 287654 AreaCode - 98765 AreaNum - 98765 Sector - 87612345 Short Sem - ZEB"
"message":" *** User Login successfully credentials userid 2COMA-765234-8653-4 UserPin - 287654 AreaCode - 98765 AreaNum - 98765 Sector - 87612345 Short Sem - ZEB"
So we consider first only because that userid have has two more event with same userid and associated all the event have timestamp
UserId | UserPin| AreaCode | AreaNum | Sector | Short_Sem
2NANO-323254-7654-4 | 287654 | 98765 | 98765 | 87612345 | ZEB
This question is an expansion of your question at how to write splunk query to create a table view so the answer is an expansion of that answer.
First, use rex to extract the desired fields. Then the stats command will group the results by userid. Finally, use the table command to display the fields.
| makeresults
| eval data="\"message\":\" *** User Login successfully credentials userid 2NANO-323254-7654-4 UserPin - 287654 AreaCode - 98765 AreaNum - 98765 Sector - 87612345 Short Sem - ZEB\"
\"message\": \"User Failed to login userid - 2NANO-323254-7654-4\"
\"message\": \"User is from stackoverflow group, on XZ ABCE for userid - 2NAN0-323254-7654-4\"
\"message\":\" *** User Login successfully credentials userid 2ABDO-54312-7654-4 UserPin - 287654 AreaCode - 98765 AreaNum - 98765 Sector - 87612345 Short Sem - ZEB\"
\"message\":\" *** User Login successfully credentials userid 2COMA-765234-8653-4 UserPin - 287654 AreaCode - 98765 AreaNum - 98765 Sector - 87612345 Short Sem - ZEB\""
| eval data=split(data,"
")
| mvexpand data
| eval _raw=data
```Everything above is for demo purposes only```
```Extract fields```
| rex "message\":\s*\"\s*(?:\*+\s)?(?<msg>.*?)(?:userid|,)"
| rex "userid\s(?:-\s)?(?<userid>\S+)"
| rex "UserPin - (?<UserPin>\S+) AreaCode - (?<AreaCode>\S+) AreaNum - (?<AreaNum>\S+) Sector - (?<Sector>\S+) Short Sem - (?<Short_Sem>\S+)"
```Clean up the fields```
| eval userid=trim(userid,"\""), Short_Sem=trim(Short_Sem, "\"")
```Group results```
| stats values(*) as * by userid
```Filter events```
| search (msg="*User Failed to login*") OR (msg="*User is from stackoverflow group*")
| rename userid as UserId
| table UserId UserPin AreaCode AreaNum Sector Short_Sem
I want to use NetworkManager to control wwan0. But I only see ttyUSB2 in NetworkManager device list.
I use "cat" command to make ttyUSB2 & ttyUSB3 in use, but it doesn't work.
The below is modemmanager info
root#imx6qsabresd:~# mmcli -m 0
/org/freedesktop/ModemManager1/Modem/0 (device id '74d82342f71de5945dddcc381409e231f5ed5df1')
-------------------------
Hardware | manufacturer: 'SIMCOM INCORPORATED'
| model: 'SIMCOM_SIM7600JC-H'
| revision: 'LE11B01SIM7600JC-H'
| supported: 'gsm-umts, lte'
| current: 'gsm-umts, lte'
| equipment id: '861478030131862'
-------------------------
System | device: '/sys/devices/soc0/soc/2100000.aips-bus/2184200.usb/ci_hdrc.1/usb1/1-1/1-1.1'
| drivers: 'option1, simcom_wwan'
| plugin: 'SimTech'
| primary port: 'ttyUSB2'
| ports: 'ttyUSB0 (qcdm), ttyUSB2 (at), ttyUSB3 (at), wwan0 (net)'
-------------------------
Numbers | own : 'unknown'
-------------------------
Status | lock: 'none'
| unlock retries: 'unknown'
| state: 'registered'
| power state: 'on'
| access tech: 'unknown'
| signal quality: '80' (recent)
-------------------------
Modes | supported: 'allowed: 2g; preferred: none
| allowed: 3g; preferred: none
| allowed: 2g, 3g; preferred: none
| allowed: 2g, 3g; preferred: 2g
| allowed: 2g, 3g; preferred: 3g
| allowed: 2g, 3g, 4g; preferred: none'
| current: 'allowed: any; preferred: none'
-------------------------
Bands | supported: 'unknown'
| current: 'unknown'
-------------------------
IP | supported: 'ipv4, ipv6, ipv4v6'
-------------------------
3GPP | imei: '861478030131862'
| enabled locks: 'none'
| operator id: '46692'
| operator name: 'Chunghwa Telecom'
| subscription: 'unknown'
| registration: 'home'
-------------------------
SIM | path: '/org/freedesktop/ModemManager1/SIM/0'
-------------------------
Bearers | paths: 'none'
Does anyone know how to make wwan0 appear in NetworkManager device list?
You see ttyUSB2 in NetworkManager because that is the "primary port" reported by ModemManager in the modem details.
In this specific case, ModemManager doesn't know how to use the WWAN port of the device (exposed by the non-standard simcom_wwan kernel driver), and therefore it will fallback to use PPP over a TTY port.
If you want to use the WWAN port with NM/MM you must not install the simcom_wwan kernel driver, and instead, you should just use the standard qmi_wwan kernel driver. Once you do that, you'll get a cdc-wdm port (that speaks QMI) and an associated WWAN port (in raw-ip mode), and those are nicely used by ModemManager/NetworkManager.
If you ask me, there should be no reason to use the simcom_wwan kernel driver by normal users. If your qmi_wwan driver doesn't expose the QMI ports of the modem, you may just need a newer kernel.
Hello I'm setting up an Kafka based TLS enabled 1.2 fabric ordering service. I get the following error on startup:
orderer.test.com | 2018-07-31 07:59:40.819 UTC [orderer/consensus/kafka] newBrokerConfig -> CRIT 034 Unable to decode public/private key pair: tls: failed to find any PEM data in certificate input
orderer.test.com | panic: Unable to decode public/private key pair:tls: failed to find any PEM data in certificate input
orderer.test.com |
orderer.test.com | goroutine 1 [running]:
orderer.test.com | github.com/hyperledger/fabric/vendor/github.com/op/go-logging.(*Logger).Panic(0xc420176de0, 0xc4205e64a0, 0x2, 0x2)
orderer.test.com | /opt/gopath/src/github.com/hyperledger/fabric/vendor/github.com/op/go-logging/logger.go:188 +0xbd
orderer.test.com | github.com/hyperledger/fabric/orderer/consensus/kafka.newBrokerConfig(0x1, 0xc4200340dd, 0x8, 0xc42003407e, 0x9, 0xc4205ae7b0, 0x1, 0x1, 0x0, 0x0, ...)
orderer.test.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/consensus/kafka/config.go:40 +0x287
orderer.test.com | github.com/hyperledger/fabric/orderer/consensus/kafka.New(0x12a05f200, 0x8bb2c97000, 0x45d964b800, 0x274a48a78000, 0x2540be400, 0x2540be400, 0x2540be400, 0x3, 0xee6b280, 0x3, ...)
orderer.test.com | 2018-07-31 07:59:40.819 UTC [orderer/consensus/kafka] newBrokerConfig -> CRIT 034 Unable to decode public/private key pair: tls: failed to find any PEM data in certificate input
orderer.test.com | panic: Unable to decode public/private key pair:tls: failed to find any PEM data in certificate input
orderer.test.com |
orderer.test.com | goroutine 1 [running]:
orderer.test.com | github.com/hyperledger/fabric/vendor/github.com/op/go-logging.(*Logger).Panic(0xc420176de0, 0xc4205e64a0, 0x2, 0x2)
orderer.test.com | /opt/gopath/src/github.com/hyperledger/fabric/vendor/github.com/op/go-logging/logger.go:188 +0xbd
orderer.test.com | github.com/hyperledger/fabric/orderer/consensus/kafka.newBrokerConfig(0x1, 0xc4200340dd, 0x8, 0xc42003407e, 0x9, 0xc4205ae7b0, 0x1, 0x1, 0x0, 0x0, ...)
orderer.test.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/consensus/kafka/config.go:40 +0x287
orderer.test.com | github.com/hyperledger/fabric/orderer/consensus/kafka.New(0x12a05f200, 0x8bb2c97000, 0x45d964b800, 0x274a48a78000, 0x2540be400, 0x2540be400, 0x2540be400, 0x3, 0xee6b280, 0x3, ...)
orderer.test.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/consensus/kafka/consenter.go:22 +0xb3
orderer.test.com | github.com/hyperledger/fabric/orderer/common/server.initializeMultichannelRegistrar(0xc4200dc280, 0xe07660, 0x14a0c78, 0xc4201700a0, 0x1, 0x1, 0xc4204f3ed0)
orderer.test.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/main.go:258 +0x164
orderer.test.com | github.com/hyperledger/fabric/orderer/common/server.Start(0xd6a0d7, 0x5, 0xc4200dc280)
orderer.test.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/main.go:101 +0x1d3
orderer.test.com | github.com/hyperledger/fabric/orderer/common/server.Main()
orderer.test.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/main.go:80 +0x204
orderer.test.com | main.main()
orderer.test.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/main.go:15 +0x20
orderer.test.com exited with code 2orderer.test.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/consensus/kafka/consenter.go:22 +0xb3
orderer.test.com | github.com/hyperledger/fabric/orderer/common/server.initializeMultichannelRegistrar(0xc4200dc280, 0xe07660, 0x14a0c78, 0xc4201700a0, 0x1, 0x1, 0xc4204f3ed0)
orderer.test.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/main.go:258 +0x164
orderer.test.com | github.com/hyperledger/fabric/orderer/common/server.Start(0xd6a0d7, 0x5, 0xc4200dc280)
orderer.test.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/main.go:101 +0x1d3
orderer.test.com | github.com/hyperledger/fabric/orderer/common/server.Main()
orderer.test.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/main.go:80 +0x204
orderer.test.com | main.main()
orderer.test.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/main.go:15 +0x20
orderer.test.com exited with code 2
The exact same Problem was previously reported here:
https://lists.hyperledger.org/g/fabric/message/2803
Unfortunately the referenced links that might yield to a solution are no longer working. Can anyone point me into the right direction?
Cryptomaterial and confuguration listed below.
Environment variables:
ORDERER_HOST=orderer.test.com
ORDERER_GENERAL_LOGLEVEL=debug
ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
ORDERER_GENERAL_GENESISMETHOD=file
ORDERER_GENERAL_GENESISFILE=/etc/genesis.block
ORDERER_GENERAL_LOCALMSPID=testMSP
ORDERER_GENERAL_LOCALMSPDIR=/etc/MSP
ORDERER_GENERAL_TLS_ENABLED=true
ORDERER_GENERAL_TLS_PRIVATEKEY=/etc/tlsMSP/keystore/key.pem
ORDERER_GENERAL_TLS_CERTIFICATE=/etc/tlsMSP/signcerts/cert.pem
ORDERER_GENERAL_TLS_ROOTCAS=[/etc/MSP/tlscacerts/tlsca.pem]
ORDERER_GENERAL_TLS_CLIENTAUTHREQUIRED=false
CORE_LOGGING_GRPC=DEBUG
GRPC_VERBOSITY=debug
GRPC_TRACE=al
ORDERER_KAFKA_SERVER=kafka0.test.com
ORDERER_KAFKA_VERBOSE=true
ORDERER_KAFKA_TLS_ENABLED=true
ORDERER_KAFKA_TLS_PRIVATEKEY=/key.key
ORDERER_KAFKA_TLS_CERTIFICATE=/cert.crt
ORDERER_KAFKA_TLS_ROOTCAS=[/tlsca.pem]
key.key:
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgJ1rISGBPRg61KDbF
udVvElYmc7giHLWgh5XUplifoaChRANCAATYKrLJMdrkMVNm8+CttPKvQFD4JXx3
FDfsyrDnx2Bbi1UdnKb9jFHbbTce8XTKT+X/g2Zg7d2kYH1SEMILcK2E
-----END PRIVATE KEY-----
cert.crt:
-----BEGIN CERTIFICATE-----
MIICoTCCAkigAwIBAgIUObixzriJ3uXJPxUlkAtQpgsJPmAwCgYIKoZIzj0EAwIw
GTEXMBUGA1UEAwwOdGxzY2EudGVzdC5jb20wHhcNMTgwNzMxMDgwNjAwWhcNMTgw
ODAxMDgxMDIxWjCBiTELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9s
aW5hMRQwEgYDVQQKEwtIeXBlcmxlZGdlcjEwMA0GA1UECxMGY2xpZW50MAsGA1UE
CxMEb3JnMTASBgNVBAsTC2RlcGFydG1lbnQxMRkwFwYDVQQDExBvcmRlcmVyLnRl
c3QuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2CqyyTHa5DFTZvPgrbTy
r0BQ+CV8dxQ37Mqw58dgW4tVHZym/YxR2203HvF0yk/l/4NmYO3dpGB9UhDCC3Ct
hKOB/DCB+TAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
owm7JB6KFWDrDILaXIcnEK5pNuowHwYDVR0jBBgwFoAUhkYpJ0V1VWWN6pPM6mNn
iT+3gQYwJAYDVR0RBB0wG4IQb3JkZXJlci50ZXN0LmNvbYIHaGFwcm94eTBzBggq
AwQFBgcIAQRneyJhdHRycyI6eyJoZi5BZmZpbGlhdGlvbiI6Im9yZzEuZGVwYXJ0
bWVudDEiLCJoZi5FbnJvbGxtZW50SUQiOiJvcmRlcmVyLnRlc3QuY29tIiwiaGYu
VHlwZSI6ImNsaWVudCJ9fTAKBggqhkjOPQQDAgNHADBEAiB+keAyxKPforxJNhfR
aGO9JdZhM00CurJtXR8OkkqkMgIgX2X6vXI7JoY1VOBwLdyDm77l0ANgCg/RjzU1
oc50/UU=
-----END CERTIFICATE-----
tlsca.pem:
-----BEGIN CERTIFICATE-----
MIIBhDCCASqgAwIBAgIJAOs5Ev8Tj+JmMAoGCCqGSM49BAMCMBkxFzAVBgNVBAMM
DnRsc2NhLnRlc3QuY29tMB4XDTE4MDczMTA4MTAyMVoXDTE4MDgwMTA4MTAyMVow
GTEXMBUGA1UEAwwOdGxzY2EudGVzdC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMB
BwNCAAR1Ie9D1zjU/S873/xDevseR9Nsh6nUPtvZMm4iajLRyxcWC+hfiHQHtXdP
pOea1dJqLCEeT5cjkXM3Dr+0rclIo1swWTAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
AwIBpjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFIZG
KSdFdVVljeqTzOpjZ4k/t4EGMAoGCCqGSM49BAMCA0gAMEUCIQCOY9PYchyuxUN5
LhaxQifphJyQJqIAat9ZRZCr9T5cxwIgT/B3uoBEFLgU8W6OJyLBHHFgjZls7aD+
GUzOTB/dMVI=
-----END CERTIFICATE-----
This problem occurs because you are populating the environment variables with the file path rather than the file content (i.e. PEM data). It is unfortunate that the orderer configuration is inconsistent when it expects content and when it expects a path.
As documented in the sample configuration of orderer.yaml, you can append a _FILE to the environment variables for Kafka TLS and use a file path rather than the PEM content as following:
ORDERER_KAFKA_TLS_PRIVATEKEY_FILE=/key.key
ORDERER_KAFKA_TLS_CERTIFICATE_FILE=/cert.crt
ORDERER_KAFKA_TLS_ROOTCAS_FILE=[/tlsca.pem]
This should solve your problem and allow the orderer to find the appropriate PEM data.
i'm currently working on splitting a message from our webserverlog in rows
for example:
my message (datatype string) looks like this:
at=info method=GET path="/v1/..." host=web.com request_id=a3d71fa9-9501-4bfe-8462-54301a976d74 fwd="xxx.xx" dyno=web.1 connect=1ms service=167ms status=200 bytes=1114
and i want to cut these into rows:
path | service | connect | method | status | fwd | dyno |
------ | ------- | -------- | ------ | ------ | ------- | ------ |
/v1/...| 167 | 1 | GET | 200 | xxx.xxx | web.1 |
i played around with the regexp_extract function (for the first time) on Amazon Athena in Standard SQL and already got a few row out of the string , but im struggling with a few rows.
When i try to get the for example cut the dyno out of the string im getting more info than i needed
REGEXP_EXTRACT (message,'dyno=[^,]+[a-z]')AS dyno
-> dyno=web.2 connect=0ms service=192ms status=200 bytes
i want have dyno=web.1 as a result & then extract again
it would be nice if i cut the string from the start ("dyno=") till the blank space before "connect=" but i couldn't found the right option in the sites i read.
How do i write the options to get the right piece of the string?
Piggybagging on Sebastian's comment, I agree that \S+ should be the solution to go forward with. So the query would look like this:
select REGEXP_EXTRACT (message,'dyno=(\S+)',1) AS dyno
from (
select
'at=info method=GET path="/v1/..." host=web.com request_id=a3d71fa9-9501-4bfe-8462-54301a976d74 fwd="xxx.xx" dyno=web.1 connect=1ms service=167ms status=200 bytes=1114' message
)
If you don't have spaces within your values (as in key-values pairs), then there is an easy solution.
select msg['at'] as "at"
,msg['method'] as "method"
,msg['path'] as "path"
,msg['host'] as "host"
,msg['request_id'] as "request_id"
,msg['fwd'] as "fwd"
,msg['dyno'] as "dyno"
,msg['connect'] as "connect"
,msg['service'] as "service"
,msg['status'] as "status"
,msg['bytes'] as "bytes"
from (select split_to_map (message,' ','=') as msg
from mytable
)
;
at | method | path | host | request_id | fwd | dyno | connect | service | status | bytes
------+--------+-----------+---------+--------------------------------------+----------+-------+---------+---------+--------+-------
info | GET | "/v1/..." | web.com | a3d71fa9-9501-4bfe-8462-54301a976d74 | "xxx.xx" | web.1 | 1ms | 167ms | 200 | 1114
How to get Average fuel consumption only using MySQL or Oracle:
SELECT te.fuelName,
zkd.fuelCapacity,
zkd.odometer
FROM ZakupKartyDrogowej zkd
JOIN TypElementu te
ON te.typElementu_Id = zkd.typElementu_Id
AND te.idFirmy = zkd.idFirmy
AND te.typElementu_Id IN (3,4,5)
WHERE zkd.idFirmy = 1054
AND zkd.kartaDrogowa_Id = 42
AND zkd.data BETWEEN to_date('2015-09-01','YYYY-MM-DD')
AND to_date('2015-09-30','YYYY-MM-DD');
Result of this query is:
fuelName | fuelCapacity | odometer | tanking
-------------------------------------------------
'ON' | 534 | 1284172 | 2015-09-29
'ON' | 571 | 1276284 | 2015-09-02
'ON' | 470 | 1277715 | 2015-09-07
'ON' | 580.01 | 1279700 | 2015-09-11
'ON' | 490 | 1281103 | 2015-09-17
'ON' | 520 | 1282690 | 2015-09-23
We can do it later in java or php, but want to get result right away from query. How should we modify above query to do that?
fuelCapacity is the number of liters of fuel that has been poured into cartank at gas station.
For one total average, what you need is the sum of the refills divided by the difference between the odometer readings at the start and the end, i.e. fuel used / distance travelled.
I don't have your table structure at hand, but this alteration to the select statement should do the trick:
select cast(sum(zkd.fuelCapacity) as float) / (max(zkd.odometer) - min(zkd.odometer)) as consumption ...
The cast(field AS float) does what the name implies, and typecasts the field as float, so the result will also be a float. (I do suspect that your fuelCapacity field is a float because there is one float value in your example, but this will make sure.)