I am new to Splunk but own a system that uses Splunk as the backend. I want to create a query that only gives me a specific percentage of the possible results that I can then leverage for a phased deployment.
For example, I have 10,000 endpoints reporting in but I want to create a query that gives me a random 50% (5,000) of those endpoints as a result. I can then use that query to target a deployment to the company in two phases.
... View more