Splunk Search

Certain Number of Results from a Certain Section of Results

htkhtk
Path Finder

I am working on creating queries to pull a specific number of results from a certain index in the resultset.

An example is for MySQL, you can use LIMIT

Limit is used to limit your MySQL query results to those that fall within a specified range. You can use it to show the first X number of results, or to show a range from X - Y results. It is phrased as Limit X, Y and included at the end of your query. X is the starting point (remember the first record is 0) and Y is the duration (how many records to display).

How can you do this in splunk? Thanks!

I am going to add a little bit to the question.

If I have get 50 results back from a query. How do I return only results 11-20? I want a specific record number returned like the X (starting point) in MySQL. I need to use this for a data table (pagination) plug-in I am using. Head doesn't seem to work the way I need it to.

It is also similar to this:

Now suppose you wanted to show results 11-20. With the OFFSET keyword its just as easy, the following query will do:

SELECT column FROM table LIMIT 10 OFFSET 10

Tags (2)
0 Karma

tedder
Communicator

I think what you are after is the head command. However, with Splunk you can get smarter about what you are looking for- I'd suggest using rare and top.

0 Karma

htkhtk
Path Finder

This doesn't quite do what I want. I updated the question above. Thanks.

0 Karma

tedder
Communicator

I said "first", but it's actually "head". Updating URL.

0 Karma

htkhtk
Path Finder

I can't get that page to work... Is there another URL?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...