Related Answers
Download topic as PDF
Statistical eval functions
The following list contains the evaluation functions that you can use to calculate statistics.
For information about using string and numeric fields in functions, and nesting functions, see Evaluation functions.
In addition to these functions, there is a comprehensive set of statistical functions that you can use with the stats, chart, and related commands.
max(X,...)
Description
This function takes an arbitrary number of numeric or string arguments, and returns the maximum. Strings are greater than numbers.
Usage
You can use this function with the eval, fieldformat, and where commands, and as part of eval expressions.
Basic example
The following example returns either "foo" or field, depending on the value of field.
... | eval n=max(1, 3, 6, 7, "foo", field)
min(X,...)
Description
This function takes an arbitrary number of numeric or string arguments, and returns the minimum. Strings are greater than numbers.
Usage
You can use this function with the eval, fieldformat, and where commands, and as part of eval expressions.
Basic example
The following example returns either 1 or field, depending on the value of field.
... | eval n=min(1, 3, 6, 7, "foo", field)
random()
Description
This function takes no arguments and returns a pseudo-random integer ranging from zero to 231-1.
Usage
You can use this function with the eval, fieldformat, and where commands, and as part of eval expressions.
Basic example
The following example returns a random integer, such as 0...2147483647.
... | eval n=random()
|
PREVIOUS Multivalue eval functions |
NEXT Text functions |
This documentation applies to the following versions of Splunk Cloud™: 6.6.3, 7.2.6, 7.0.0, 7.0.3, 7.0.5, 7.0.8, 7.1.3, 7.1.6, 7.2.3, 7.2.4, 7.0.2
Feedback submitted, thanks!