Solved: using spl to pick random names from list

PaulaCom · ‎09-19-2024

Morning All

I am trying to work out how to use splunk spl to pick random names from a list

i have 1 field called 'displayName'. there are over 200 entries and i'd like to use Splunk to pick 5 random names

appreciate help in this

Paula

ITWhisperer · ‎09-19-2024

If your values are in a multi-value field, you can do something like this

| eval choice=mvindex(displayName, random()%200)

If the names are in separate events, you could do something like this

| eval id=random()%500
| sort 0 id
| head 5

PaulaCom · ‎09-19-2024

thank you the second option works for what i need

PaulaCom · ‎09-19-2024

i've looked at similar search online and have come up with this

| table "Display Name"
| eval "group" = (random() % 2) +1
| stats list("Display Name") as "Display Name" by "group"

this is returning random names in two groups

group

display Name

1

joe blogs 5

joe blogs 2

joe blogs 6

2

joe blogs 7

joe blogs 8

joe blogs 12

Any ideas how i can set the number returning for each group? maybe using the limit function???

ITWhisperer · ‎09-19-2024

| eval id=random()
| sort 0 id
| streamstats count as id
| eval group=((id - 1)%5) + 1
| stats list("Display Name") as "Display Name" by group

ITWhisperer · ‎09-19-2024

If your values are in a multi-value field, you can do something like this

| eval choice=mvindex(displayName, random()%200)

If the names are in separate events, you could do something like this

| eval id=random()%500
| sort 0 id
| head 5

using spl to pick random names from list