Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Certain Number of Results from a Certain Section of Results

htkhtk
Path Finder
‎12-16-2010 02:41 PM

I am working on creating queries to pull a specific number of results from a certain index in the resultset.

An example is for MySQL, you can use LIMIT

Limit is used to limit your MySQL query results to those that fall within a specified range. You can use it to show the first X number of results, or to show a range from X - Y results. It is phrased as Limit X, Y and included at the end of your query. X is the starting point (remember the first record is 0) and Y is the duration (how many records to display).

How can you do this in splunk? Thanks!

I am going to add a little bit to the question.

If I have get 50 results back from a query. How do I return only results 11-20? I want a specific record number returned like the X (starting point) in MySQL. I need to use this for a data table (pagination) plug-in I am using. Head doesn't seem to work the way I need it to.

It is also similar to this:

Now suppose you wanted to show results 11-20. With the OFFSET keyword its just as easy, the following query will do:

SELECT column FROM table LIMIT 10 OFFSET 10

Tags (2)
0 Karma
Reply

tedder
Communicator
‎12-16-2010 04:12 PM

I think what you are after is the head command. However, with Splunk you can get smarter about what you are looking for- I'd suggest using rare and top.

0 Karma
Reply

htkhtk
Path Finder
‎12-17-2010 05:01 PM

This doesn't quite do what I want. I updated the question above. Thanks.

0 Karma
Reply

tedder
Communicator
‎12-16-2010 06:52 PM

I said "first", but it's actually "head". Updating URL.

0 Karma
Reply

htkhtk
Path Finder
‎12-16-2010 05:17 PM

I can't get that page to work... Is there another URL?

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...