Certain Number of Results from a Certain Section o...

htkhtk · ‎12-16-2010

I am working on creating queries to pull a specific number of results from a certain index in the resultset.

An example is for MySQL, you can use LIMIT

Limit is used to limit your MySQL query results to those that fall within a specified range. You can use it to show the first X number of results, or to show a range from X - Y results. It is phrased as Limit X, Y and included at the end of your query. X is the starting point (remember the first record is 0) and Y is the duration (how many records to display).

How can you do this in splunk? Thanks!

I am going to add a little bit to the question.

If I have get 50 results back from a query. How do I return only results 11-20? I want a specific record number returned like the X (starting point) in MySQL. I need to use this for a data table (pagination) plug-in I am using. Head doesn't seem to work the way I need it to.

It is also similar to this:

Now suppose you wanted to show results 11-20. With the OFFSET keyword its just as easy, the following query will do:

SELECT column FROM table LIMIT 10 OFFSET 10

tedder · ‎12-16-2010

I think what you are after is the head command. However, with Splunk you can get smarter about what you are looking for- I'd suggest using rare and top.

htkhtk · ‎12-17-2010

This doesn't quite do what I want. I updated the question above. Thanks.

tedder · ‎12-16-2010

I said "first", but it's actually "head". Updating URL.

htkhtk · ‎12-16-2010

I can't get that page to work... Is there another URL?

Certain Number of Results from a Certain Section of Results

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!