Synopsis
Calculates the percentile of the values in a specified column of the search query results.
Syntax
percentile [percentage_value]
Required Arguments
percentage_value
Syntax: <character string>
Description: The value of a percentage
Optional Arguments
None
Description
A percentile is a measure used in statistics indicating the value below which a given percentage of observations in a group of observations fall
Examples
Example 1:
* in log.system audit | list process time | order by process time (ms) desc | percentile 95
From the events in system audit log, returns the percentile 95% of the events observed by column process time (ms).
Example 2:
timetoprcessRequest != null in log.access | list timetoprcessRequest | order by timetoprcessRequest order by timetoprcessRequest | percentile 95 percentile 50 | count | group by URL, timetoprcessRequest | order by timetoprcessRequest desc
From the events in access log, returns the percentile 95% 50% of the events observed by column timetoprcessRequest. Then groups by the URL and timetoprcessRequest and sorts by timetoprcessRequest descending.
Example 3:
timetoprcessRequest != null in log.access | list timetoprcessRequest | order by timetoprcessRequest | percentile 99 | avg timetoprcessRequest as Average, min timetoprcessRequest as Minimum, max timetoprcessRequest as Maximum
From the events in access log, returns the percentile 99% of the events by column timetoprcessRequest. Then calculates average, minimum and maximum timetoprcessRequest.
Example 4:
timetoprcessRequest != null in log.access | list timetoprcessRequest | order by timetoprcessRequest | percentile 99 | avg timetoprcessRequest as Average, min timetoprcessRequest as Minimum, max timetoprcessRequest as Maximum | interva 1 hour
From the events in access log, returns the percentile 99% of the events by column timetoprcessRequest. Then calculates average, minimum and maximum timetoprcessRequest in time buckets of 1 hour.