Archive

Is there a function that randomly shuffles results?

Explorer

Similar to sort, except I'm looking for a function to randomly shuffle the results. This achieves the same result as the Linux shuf command.

Tags (1)
0 Karma

Esteemed Legend

Like this:

 ... | eval _random=random()
 | sort 0 _random

Or this:

 ... | eval _random=md5(_raw)
 | sort 0 _random

Explorer

Looks like the "0" argument to sort ensures all results are returned, even if the number is greater than 10,000:
https://docs.splunk.com/Documentation/Splunk/7.2.5/SearchReference/Sort

Is my interpretation correct?

0 Karma

Esteemed Legend

Yes, this is very important; never run sort without a number.

0 Karma

Path Finder

Hi,

how about something like this?

index=yourIndex
| eval randomValue=random()
| sort randomValue
| table _time _raw randomValue
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!