Synopsis

Calculates the percentile of the values in a specified column of the search query results.

Syntax

^{percentile [percentage_value]}

Required Arguments

^{percentage_value}

Syntax: <character string>

Description: The value of a percentage

Optional Arguments

None

Description

A percentile is a measure used in statistics indicating the value below which a given percentage of observations in a group of observations fall.

The percentile remove the highest values when using order by VAL asc, and the lowest values when using order by VAL desc

Note: percentile removes values from one side of the list of values only, therefore if needed, you may run list and percentile twice - once with order by asc, and then with order by desc.

Example 1:

* in log.system audit | list process time (ms) | order by process time (ms) asc | percentile 95

From the events in system audit log, returns the percentile 95% of the events by column process time, by remove the 5% highest values

Example 2:

From the events in access log, returns the percentile 50% of the events by column timetoprcessRequest, by remove the 50% lowest values. Then groups by the URL and timetoprcessRequest and sorts by timetoprcessRequest descending.

Example 3:

timetoprcessRequest != null in log.access | list timetoprcessRequest | order by timetoprcessRequest | percentile 99 | avg timetoprcessRequest as Average, min timetoprcessRequest as Minimum, max timetoprcessRequest as Maximum

From the events in access log, returns the percentile 99% of the events by column timetoprcessRequest. Then calculates average, minimum and maximum timetoprcessRequest.

Example 4:

From the events in access log, returns the percentile 99% of the events by column timetoprcessRequest. Then calculates average, minimum and maximum timetoprcessRequest in time buckets of 1 hour.

XPLG

percentile

Analytics

Synopsis

Syntax

Required Arguments

Optional Arguments

Description

Related content