Skip to main content

median Grouping Operator

In order to calculate the median value for a particular field, you can utilize the percentile (pct) operator with a percentile argument of 50.

Syntax

pct(<field> [, 50]) [as <field>] [by <field>]

Rules

  • Creates a field with the naming convention: _<field>_pct_50

Examples

For example:

* | parse "data=*" as data
  | pct(data, 50) as median

To calculate the median value of a field called "Len:*" as seconds, and then take the median, use the following query:

| parse "Len: *" as seconds
| pct(seconds,50) as median

Which would return results similar to:

Median.png

Sumo Logic YouTubeSumo Logic Twitter
Legal
Privacy Statement
Terms of Use

Copyright © 2022 by Sumo Logic, Inc.