This page explains how to use the percentiles_array function in APL.
percentiles_arrayif
to calculate approximate percentile values for a numeric expression when a certain condition evaluates to true. This function is useful when you want an array of percentiles instead of a single percentile. You can use it to understand data distributions in scenarios such as request durations, event processing times, or security alert severities, while filtering on specific criteria.
Splunk SPL users
perc<percent>
or percN()
to compute percentile estimates. In APL, you use percentiles_arrayif
and provide a predicate to define which records to include in the computation.ANSI SQL users
PERCENTILE_DISC
or PERCENTILE_CONT
or write multiple CASE
expressions for conditional aggregation. In APL, you can achieve similar functionality with percentiles_arrayif
by passing the numeric field and condition to the function.Field
is the name of the field for which you want to compute percentile values.Array
is a dynamic array of one or more numeric percentile values (between 0 and 100).Condition
is a Boolean expression that indicates which records to include in the calculation.percentiles_arrayif
to analyze request durations in HTTP logs while filtering for specific criteria, such as certain HTTP statuses or geographic locations.Querypercentiles_req_duration_ms |
---|
0.7352 ms |
1.691 ms |
1.981 ms |
2.612 ms |