Can anyone please help in finding percent_rank of ...

sahil237888 · ‎12-18-2019

Can anyone please help what could be the equivalent to SQL's "percent_Rank" command in splunk

select host, count(*) "pings",
TRUNC(PERCENT_RANK(200) WITHIN GROUP (ORDER BY proc_time) * 100, 2) || '%' "PingTime (% < 50 mSec)" from servers GROUP BY host ORDER BY 2 DESC

to4kawa · ‎12-18-2019

your search
| top limit=200 proc_time by host
| eval "PingTime (% < 50 mSec)"=round(percent,2)."%"

It is like this.

woodcock · ‎12-18-2019

You should just be able to pipe your data to top and get what you need:
https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Top
Or, if you mean percentiles, then you can use stats percX(Y) function for that:
https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Aggregatefunctions#perc.26lt.3BX...

oscar84x · ‎12-18-2019

I am not familiar with that command but perhaps some of the functions in the link below could help?

https://docs.splunk.com/Documentation/Splunk/8.0.0/SearchReference/Aggregatefunctions

Can anyone please help in finding percent_rank of a field

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability