Splunk - Top Command

Advertisements
Previous Page
Next Page  

Many times, we are interested in finding the most common values available in a field. The top command in Splunk helps us achieve this. It further helps in finding the count and percentage of the frequency the values occur in the events.

Top Values for a Field

In its simplest form the we just get the count and the percentage of such count as compared to the total number of events. In the below example we find the 8 top most productid values.

top_1.jpg

Top Values for a Field by a Field

Next, we can aslo include another field as part of this top command’s by clause to display the result of field1 for each set of field2. In the below search, we find top 3 productids for each file name. Note how the file names are repeated 3 times showing different productid for that file.

top_2.jpg

Show Options

We can also decide to show specific columns by using additional options available in Splunk with the Top Command. In the below command we disable the showing of percentage option and display only the top product ID by File name.

top_3.jpg
Previous Page
Print
Next Page  
Advertisements
img img img img img img

© Copyright 2019. All Rights Reserved.