Event sampling can be used to determine the characteristics of a large set of data without processing every event. In this example, the sample() function is used to keep 2% of the events. If used as part of a query, these randomly selected events are passed to the next stage of the query.

The query is used to sample events keeping only specified percentage of the events. Event sampling can be used to determine the characteristics of a large set of data without processing every event. Sampling is useful in, for example, survey analysis making it possible to draw conclusions without surveying all events. Sampling can also be used to filter on both frequently and infrequently occurring events.

Event sampling can be used to determine the characteristics of a large set of data without processing every event. In this example, the sample() function is used to keep 0.1% of the events and find the most common hosts among the sampled events.

The query is used to sample events keeping only specified percentage of the events, and then find the most common host among the sampled events. Event sampling can be used to determine the characteristics of a large set of data without processing every event. Sampling is useful in for example survey analysis making it possible to draw conclusions without surveying all events. Sampling can also be used to filter on both frequently and infrequently occurring events.