Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to calculate the factorial of a number in a Splunk search?

shrirangphadke
Path Finder
‎02-11-2016 01:18 AM

Hi,

I want to calculate factorial of a number in eval for calculating Poisson value.
Please let me know if it is possible.

Thanks,

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

javiergn
Super Champion
‎02-12-2016 05:23 AM

You could try an approximation by using the natural logarithm (see formula in picture below).
That should work fine when n is not too big, if n is big enough you might have approximation errors. Using the Stirling's approximation is more accurate in this case but it won't be easy to implement with the Splunk built-in commands.

See an example below for the natural logarithm approximation when n=5:

| stats count
| fields - count
| eval n = 5
| eval ki = mvrange(1, n+1)
| mvexpand ki
| eval ln_ki = ln(ki)
| eventstats sum(ln_ki) as sum_ln_ki by n
| eval n_factorial = round(exp(sum_ln_ki))
| stats first(n_factorial) as n_factorial by n

Alternative that performs the exponential calculations at the end and might improve performance. Give it a go too:

| stats count
| fields - count
| eval n = 5
| eval ki = mvrange(1, n+1)
| mvexpand ki
| eval ln_ki = ln(ki)
| eventstats sum(ln_ki) as sum_ln_ki by n
| stats count by n, sum_ln_ki
| eval n_factorial = round(exp(sum_ln_ki))
| fields - count, sum_ln_ki

alt text

View solution in original post

Preview file
1 KB
Reply
Solved! Jump to solution

Richfez
SplunkTrust
SplunkTrust
‎02-12-2016 05:43 AM

You could try the App for R. It doesn't seem to be on Splunkbase any more, but it's apparently available from a link the_wolverine supplies in this answer for what happened to the R project. To help prevent double-hopping, here's the link they supplied: https://github.com/rfsp/r

0 Karma
Reply
Solved! Jump to solution
Solution

javiergn
Super Champion
‎02-12-2016 05:23 AM

You could try an approximation by using the natural logarithm (see formula in picture below).
That should work fine when n is not too big, if n is big enough you might have approximation errors. Using the Stirling's approximation is more accurate in this case but it won't be easy to implement with the Splunk built-in commands.

See an example below for the natural logarithm approximation when n=5:

| stats count
| fields - count
| eval n = 5
| eval ki = mvrange(1, n+1)
| mvexpand ki
| eval ln_ki = ln(ki)
| eventstats sum(ln_ki) as sum_ln_ki by n
| eval n_factorial = round(exp(sum_ln_ki))
| stats first(n_factorial) as n_factorial by n

Alternative that performs the exponential calculations at the end and might improve performance. Give it a go too:

| stats count
| fields - count
| eval n = 5
| eval ki = mvrange(1, n+1)
| mvexpand ki
| eval ln_ki = ln(ki)
| eventstats sum(ln_ki) as sum_ln_ki by n
| stats count by n, sum_ln_ki
| eval n_factorial = round(exp(sum_ln_ki))
| fields - count, sum_ln_ki

alt text

Preview file
1 KB
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎09-13-2020 04:49 AM

Here's Stirling's Approximation in SPL: `| eval n! = sqrt(2*pi()*n)*pow(n/exp(1), n)`

Tags (1)
0 Karma
Reply
Solved! Jump to solution

javiergn
Super Champion
‎02-15-2016 01:45 AM

By the way, if you find a different answer that works for you please post it here so that others can benefit from it.

0 Karma
Reply
Solved! Jump to solution

shrirangphadke
Path Finder
‎02-15-2016 11:07 PM

Hey thanks ! and sorry for late reply. Yes it did work for me. Also custom command option seems to be good

0 Karma
Reply
Solved! Jump to solution

stanwin
Contributor
‎02-11-2016 05:14 AM

The splunk eval functions dont offer factorial computator.

You could create a custom command & offload the factorial generation logic to the python code.

http://docs.splunk.com/Documentation/Splunk/6.2.3/AdvancedDev/Searchscripts

http://blogs.splunk.com/2014/04/14/building-custom-search-commands-in-python-part-i-a-simple-generat...

Reply
Solved! Jump to solution

ichaer_splunk
Splunk Employee
Splunk Employee
‎02-11-2016 03:43 AM

You can use a lookup table. Precompute as many factorials as you think you may need (probably not many, considering how quickly they grow) and then look them up as you need.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...