Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to do this subsearch?

hjwang
Contributor
‎05-31-2011 01:26 AM

Hi~there, i have logs containing "requestURL" and its "Category" per event. it's easy to count top 10 requestURL, and it displays the table containing "requestURL","count","percent" fileds. now if i wanna append one column named Category in each top 10 row. how can i do this search? or must use lookup table? thanks for your kind help 🙂

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Ayn
Legend
‎05-31-2011 06:20 AM

Just add "Category" as a parameter to top:

<yourbasesearch> | top 10 requestURL,Category

This gives you the top 10 pairs of requestURL and Category, so if one requestURL would have different values for Category these would be split up, but I'm guessing that is not likely to happen in your logs.

View solution in original post

Reply
Solved! Jump to solution
Solution

Ayn
Legend
‎05-31-2011 06:20 AM

Just add "Category" as a parameter to top:

<yourbasesearch> | top 10 requestURL,Category

This gives you the top 10 pairs of requestURL and Category, so if one requestURL would have different values for Category these would be split up, but I'm guessing that is not likely to happen in your logs.

Reply
Solved! Jump to solution

hjwang
Contributor
‎05-31-2011 08:34 PM

Thanks,Ayn. i thought top command just use only one field to caculate.i didn't expect it can do such thing.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

What Is Splunk? Here’s What You Can Do with Splunk

Hey Splunk Community, we know you know Splunk. You likely leverage its unparalleled ability to ingest, index, ...

Level Up Your .conf25: Splunk Arcade Comes to Boston

With .conf25 right around the corner in Boston, there’s a lot to look forward to — inspiring keynotes, ...

Manual Instrumentation with Splunk Observability Cloud: How to Instrument Frontend ...

Although it might seem daunting, as we’ve seen in this series, manual instrumentation can be straightforward ...