Is there a function that randomly shuffles results?


Similar to sort, except I'm looking for a function to randomly shuffle the results. This achieves the same result as the Linux shuf command.

Tags (1)
0 Karma

Esteemed Legend

Like this:

 ... | eval _random=random()
 | sort 0 _random

Or this:

 ... | eval _random=md5(_raw)
 | sort 0 _random


Looks like the "0" argument to sort ensures all results are returned, even if the number is greater than 10,000:

Is my interpretation correct?

0 Karma

Esteemed Legend

Yes, this is very important; never run sort without a number.

0 Karma

Path Finder


how about something like this?

| eval randomValue=random()
| sort randomValue
| table _time _raw randomValue
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!