Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Display top 3 Employees by Class Frequency

efelder0
Communicator
‎08-07-2012 08:37 AM

I have 2 fields in CSV that I want to only display the top 3 employees by the Class frequency. I know the Top command will suffice, but not sure of the syntax.

Here is a sampling of data:
Employee_ID Class_Frequency
tsmith 2388
mjones 81
smurphy 6591
tpayne 1309
jjones 109

Tags (2)
0 Karma
Reply

jfreund
Explorer
‎12-15-2014 01:26 PM

| top limit=3 Class_Frequency by Employee_ID showcount=f showperc=f

0 Karma
Reply

dmaislin_splunk
Splunk Employee
Splunk Employee
‎08-07-2012 08:58 AM 
 * | chart count(Employee_ID) as count by Class_Frequency | sort - count | head 3

or


 * | stats count(Employee_ID) by Class_Frequency | sort - count | head 3
Reply

efelder0
Communicator
‎08-07-2012 10:44 AM

sort - Classification_Frequency | head 3 worked..

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...