Splunk Search

## How to calculate the factorial of a number in a Splunk search?

Path Finder

Hi,

I want to calculate factorial of a number in `eval` for calculating Poisson value.
Please let me know if it is possible.

Thanks,

Tags (2)
1 Solution
SplunkTrust

You could try an approximation by using the natural logarithm (see formula in picture below).
That should work fine when n is not too big, if n is big enough you might have approximation errors. Using the Stirling's approximation is more accurate in this case but it won't be easy to implement with the Splunk built-in commands.

See an example below for the natural logarithm approximation when n=5:

``````| stats count
| fields - count
| eval n = 5
| eval ki = mvrange(1, n+1)
| mvexpand ki
| eval ln_ki = ln(ki)
| eventstats sum(ln_ki) as sum_ln_ki by n
| eval n_factorial = round(exp(sum_ln_ki))
| stats first(n_factorial) as n_factorial by n
``````

Alternative that performs the exponential calculations at the end and might improve performance. Give it a go too:

``````| stats count
| fields - count
| eval n = 5
| eval ki = mvrange(1, n+1)
| mvexpand ki
| eval ln_ki = ln(ki)
| eventstats sum(ln_ki) as sum_ln_ki by n
| stats count by n, sum_ln_ki
| eval n_factorial = round(exp(sum_ln_ki))
| fields - count, sum_ln_ki
``````

SplunkTrust

You could try the App for R. It doesn't seem to be on Splunkbase any more, but it's apparently available from a link the_wolverine supplies in this answer for what happened to the R project. To help prevent double-hopping, here's the link they supplied: https://github.com/rfsp/r

SplunkTrust

You could try an approximation by using the natural logarithm (see formula in picture below).
That should work fine when n is not too big, if n is big enough you might have approximation errors. Using the Stirling's approximation is more accurate in this case but it won't be easy to implement with the Splunk built-in commands.

See an example below for the natural logarithm approximation when n=5:

``````| stats count
| fields - count
| eval n = 5
| eval ki = mvrange(1, n+1)
| mvexpand ki
| eval ln_ki = ln(ki)
| eventstats sum(ln_ki) as sum_ln_ki by n
| eval n_factorial = round(exp(sum_ln_ki))
| stats first(n_factorial) as n_factorial by n
``````

Alternative that performs the exponential calculations at the end and might improve performance. Give it a go too:

``````| stats count
| fields - count
| eval n = 5
| eval ki = mvrange(1, n+1)
| mvexpand ki
| eval ln_ki = ln(ki)
| eventstats sum(ln_ki) as sum_ln_ki by n
| stats count by n, sum_ln_ki
| eval n_factorial = round(exp(sum_ln_ki))
| fields - count, sum_ln_ki
``````

SplunkTrust

Here's Stirling's Approximation in SPL: `| eval n! = sqrt(2*pi()*n)*pow(n/exp(1), n)`

Tags (1)
SplunkTrust

By the way, if you find a different answer that works for you please post it here so that others can benefit from it.

Path Finder

Hey thanks ! and sorry for late reply. Yes it did work for me. Also custom command option seems to be good

Contributor

The splunk eval functions dont offer factorial computator.

You could create a custom command & offload the factorial generation logic to the python code.

http://blogs.splunk.com/2014/04/14/building-custom-search-commands-in-python-part-i-a-simple-generat...

Splunk Employee

You can use a lookup table. Precompute as many factorials as you think you may need (probably not many, considering how quickly they grow) and then look them up as you need.

Get Updates on the Splunk Community!

#### The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

#### Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

#### Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...