Solved: Test search with stats function "|inputlookup app_...

athlonshi · ‎08-20-2021

New to Splunk and experimenting a couple of functionalities, especially data aggregation

With the experimental file app_usage.csv, I was trying to see the percentile of Webmail using

|inputlookup app_usage.csv | stats perc(Webmail, 10.0)

but it returns error

Percentile must be a floating point number that is >= 0 and < 100.

Not sure what to do, tried to cast Webmail to float also failed

|inputlookup app_usage.csv | eval Webmail=cast(Webmail, 'float')

with error

Error in 'eval' command: The 'cast' function is unsupported or undefined.

cast should be in the eval command, right? Based on the documentation.

ITWhisperer · ‎08-20-2021

I am not sure what the data that you are using is or what you are trying to get out of it but try

|inputlookup app_usage.csv | stats perc10(Webmail)

View solution in original post

ITWhisperer · ‎08-20-2021

I am not sure what the data that you are using is or what you are trying to get out of it but try

|inputlookup app_usage.csv | stats perc10(Webmail)

athlonshi · ‎08-20-2021

Just using the sample data to MLT and experimenting with it. Interesting that Splunk doc has perc as a stats function but it did not work. Yes, your way works. Thanks!

Test search with stats function "|inputlookup app_usage.csv | stats perc(Webmail, 10.0)"

using DSP

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Join the Conversation