Sample Event Streams - Example 1 | LogScale Query Examples

Sample Event Streams - Example 1

Sample events keeping only specified percentage of the events using the sample() function

Query

logscale

sample(percentage=2)

Introduction

Event sampling can be used to determine the characteristics of a large set of data without processing every event. In this example, the sample() function is used to keep 2% of the events. If used as part of a query, these randomly selected events are passed to the next stage of the query.

Step-by-Step

Starting with the source repository events.
flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0[(Filter Function)] result{{Result Set}} repo --> 0 0 --> result style 0 fill:#ffbf00; style 0 fill:#ff0000,stroke-width:4px,stroke:#000;
logscale
```
sample(percentage=2)
```
Samples events keeping only 2% of the events.
Event Result set.

Summary and Results

The query is used to sample events keeping only specified percentage of the events. Event sampling can be used to determine the characteristics of a large set of data without processing every event. Sampling is useful in, for example, survey analysis making it possible to draw conclusions without surveying all events. Sampling can also be used to filter on both frequently and infrequently occurring events.

Examples Library