Splunk Data Stream Processor

Test search with stats function "|inputlookup app_usage.csv | stats perc(Webmail, 10.0)"

athlonshi
Engager

New to Splunk and experimenting a couple of functionalities, especially data aggregation

With the experimental file app_usage.csv, I was trying to see the percentile of Webmail using 

|inputlookup app_usage.csv | stats perc(Webmail, 10.0)

but it returns error 

Percentile must be a floating point number that is >= 0 and < 100.

Not sure what to do, tried to cast Webmail to float also failed

|inputlookup app_usage.csv | eval Webmail=cast(Webmail, 'float')

with error

Error in 'eval' command: The 'cast' function is unsupported or undefined.

cast should be in the eval command, right? Based on the documentation. 

 

 

 

 

Labels (1)
0 Karma
1 Solution

ITWhisperer
SplunkTrust
SplunkTrust

I am not sure what the data that you are using is or what you are trying to get out of it but try

|inputlookup app_usage.csv | stats perc10(Webmail)

View solution in original post

ITWhisperer
SplunkTrust
SplunkTrust

I am not sure what the data that you are using is or what you are trying to get out of it but try

|inputlookup app_usage.csv | stats perc10(Webmail)

athlonshi
Engager

Just using the sample data to MLT and experimenting with it. Interesting that Splunk doc has perc as a stats function but it did not work. Yes, your way works. Thanks!

0 Karma
Get Updates on the Splunk Community!

Message Parsing in SOCK

Introduction This blog post is part of an ongoing series on SOCK enablement. In this blog post, I will write ...

Exploring the OpenTelemetry Collector’s Kubernetes annotation-based discovery

We’ve already explored a few topics around observability in a Kubernetes environment -- Common Failures in a ...

Use ‘em or lose ‘em | Splunk training units do expire

Whether it’s hummus, a ham sandwich, or a human, almost everything in this world has an expiration date. And, ...