Versions Compared

Old Version 7

changes.mady.by.user XPLG Team

Saved on

compared with

New Version 8

changes.mady.by.user Omry Koschitzky

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Synopsis

Calculates the percentile of the values in a specified column of the search query results.

Syntax

percentile [percentage_value]

Required Arguments

percentage_value

Syntax: <character string>

Description: The value of a percentage

Optional Arguments

None

Description

A percentile is a measure used in statistics indicating the value below which a given percentage of observations in a group of observations fall.

The percentile remove the highest values when using order by VAL asc, and the lowest values when using order by VAL desc (it remove the values from one side of the values list only).

Examples

Example 1:  

* in log.system audit | list process time | order by process time desc asc | percentile 95

From the events in system audit log, returns the percentile 95% of the events by column process time.by remove the 5% highest values

Example 2:  

timetoprcessRequest != null  in log.access | list timetoprcessRequest  | order by timetoprcessRequest  order by timetoprcessRequest  desc | percentile 50 | count | group by URL, timetoprcessRequest | order by timetoprcessRequest desc

From the events in access log, returns the percentile 50% of the events by column timetoprcessRequest, by remove the 50% lowest values. Then groups by the URL and timetoprcessRequest and sorts by timetoprcessRequest  descending.

...