Is there a function that randomly shuffles results?


Similar to sort, except I'm looking for a function to randomly shuffle the results. This achieves the same result as the Linux shuf command.

Like this:

 ... | eval _random=random()
 | sort 0 _random

Or this:

 ... | eval _random=md5(_raw)
 | sort 0 _random


Looks like the "0" argument to sort ensures all results are returned, even if the number is greater than 10,000:

Is my interpretation correct?

Yes, this is very important; never run sort without a number.

how about something like this?

| eval randomValue=random()
| sort randomValue
| table _time _raw randomValue
