Dashboards & Visualizations

How to dynamically split a list into equal parts?

HeinzWaescher
Motivator

Hi,

I have a list of customers (ColA) and depending on the total amount of customers I want to "split" the list into equal groups (let's say steps of 10%) and flag these groups.
So having 20 customers and using steps of 10%, the first 2 customers are grouped together and flagged in ColB as 10%. Customers 3-4 are grouped (20%), 5-6 (30%) are grouped etc.

alt text

When this list increases to 100 customers it should group the first 20 customers (10%), 21-40 (20%) and so on.

I'm expecting some form of the streamstats command here, but can't find the solution.

Thanks in advance
Heinz

Tags (1)
0 Karma
1 Solution

sundareshr
Legend

Try this runanywhere sample

| gentimes start=-200 | streamstats count | eval x="col_".count | table x | eventstats count as tot_evt | eval grp_cnt=.1 | eval grp=tot_evt*grp_cnt | streamstats count | eval grp=ceiling(count/grp)

View solution in original post

sundareshr
Legend

Try this runanywhere sample

| gentimes start=-200 | streamstats count | eval x="col_".count | table x | eventstats count as tot_evt | eval grp_cnt=.1 | eval grp=tot_evt*grp_cnt | streamstats count | eval grp=ceiling(count/grp)

HeinzWaescher
Motivator

Combining streamstats & eventstats was the right way to go, thanks!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...