Hi everyone, Splunk noob here.. so any I help I would be grateful!. I've been trying to use the percX() function without success but I think it should be possible to use it to get this done.
Lets say I have a list of records with scores. I need to group them in buckets with the same amount of records on each.
Example:
I have 800 records with the field "score" (integer value) and I need to group them in groups of 20% (sorted by the score). The first bucket would be "the worst 20%", the second bucket the "second worst 20%" and so on.
At the end I need to get a table like this:
Bucket | Avg(some_field) | count
Bucket1 | X | 160 <--- The worst 20%
Bucket2 | X | 160
Bucket3 | X | 160
Bucket4 | X | 160
Bucket5 | X | 160 <--- The top 20%
thanks!
... View more