Solved: Test search with stats function "|inputlookup app_...

athlonshi · ‎08-20-2021

New to Splunk and experimenting a couple of functionalities, especially data aggregation

With the experimental file app_usage.csv, I was trying to see the percentile of Webmail using

|inputlookup app_usage.csv | stats perc(Webmail, 10.0)

but it returns error

Percentile must be a floating point number that is >= 0 and < 100.

Not sure what to do, tried to cast Webmail to float also failed

|inputlookup app_usage.csv | eval Webmail=cast(Webmail, 'float')

with error

Error in 'eval' command: The 'cast' function is unsupported or undefined.

cast should be in the eval command, right? Based on the documentation.

ITWhisperer · ‎08-20-2021

I am not sure what the data that you are using is or what you are trying to get out of it but try

|inputlookup app_usage.csv | stats perc10(Webmail)

View solution in original post

ITWhisperer · ‎08-20-2021

I am not sure what the data that you are using is or what you are trying to get out of it but try

|inputlookup app_usage.csv | stats perc10(Webmail)

athlonshi · ‎08-20-2021

Just using the sample data to MLT and experimenting with it. Interesting that Splunk doc has perc as a stats function but it did not work. Yes, your way works. Thanks!

Test search with stats function "|inputlookup app_usage.csv | stats perc(Webmail, 10.0)"

using DSP

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Test search with stats function "|inputlookup app_usage.csv | stats perc(Webmail, 10.0)"

using DSP

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!