Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Synopsis

Calculates the percentile of the values in a specified column of the search query results.

Syntax

percentile [percentage_value]

Required Arguments

percentage_value

Syntax: <character string>

Description: The value of a percentage

Optional Arguments

None

Description

A percentile is a measure used in statistics indicating the value below which a given percentage of observations in a group of observations fall.

The percentile remove the highest values when using order by VAL asc, and the lowest values when using order by VAL desc (it remove the values from one side of the values list only).

Examples

Example 1:  

* in log.system audit | list process time | order by process time asc | percentile 95

From the events in system audit log, returns the percentile 95% of the events by column process time, by remove the 5% highest values

Example 2:  

timetoprcessRequest != null  in log.access | list timetoprcessRequest  | order by timetoprcessRequest  desc | percentile 50 | count | group by URL, timetoprcessRequest | order by timetoprcessRequest desc

From the events in access log, returns the percentile 50% of the events by column timetoprcessRequest, by remove the 50% lowest values. Then groups by the URL and timetoprcessRequest and sorts by timetoprcessRequest  descending.

Example 3:  

timetoprcessRequest != null  in log.access | list timetoprcessRequest  | order by timetoprcessRequest  | percentile 99 | avg timetoprcessRequest as Average, min timetoprcessRequest as Minimum, max timetoprcessRequest as Maximum

From the events in access log, returns the percentile 99% of the events by column timetoprcessRequest. Then calculates average, minimum and maximum timetoprcessRequest.

Example 4:  

timetoprcessRequest != null  in log.access | list timetoprcessRequest  | order by timetoprcessRequest  | percentile 99 | avg timetoprcessRequest as Average, min timetoprcessRequest as Minimum, max timetoprcessRequest as Maximum | interva 1 hour

From the events in access log, returns the percentile 99% of the events by column timetoprcessRequest. Then calculates average, minimum and maximum timetoprcessRequest in time buckets of 1 hour.

  • No labels