Solved: Re: How to do this subsearch?

hjwang · ‎05-31-2011

Hi~there, i have logs containing "requestURL" and its "Category" per event. it's easy to count top 10 requestURL, and it displays the table containing "requestURL","count","percent" fileds. now if i wanna append one column named Category in each top 10 row. how can i do this search? or must use lookup table? thanks for your kind help 🙂

Ayn · ‎05-31-2011

Just add "Category" as a parameter to top:

<yourbasesearch> | top 10 requestURL,Category

This gives you the top 10 pairs of requestURL and Category, so if one requestURL would have different values for Category these would be split up, but I'm guessing that is not likely to happen in your logs.

View solution in original post

Ayn · ‎05-31-2011

Just add "Category" as a parameter to top:

<yourbasesearch> | top 10 requestURL,Category

This gives you the top 10 pairs of requestURL and Category, so if one requestURL would have different values for Category these would be split up, but I'm guessing that is not likely to happen in your logs.

hjwang · ‎05-31-2011

Thanks,Ayn. i thought top command just use only one field to caculate.i didn't expect it can do such thing.

How to do this subsearch?

Modern way of developing distributed application using OTel

Enterprise Security Content Update (ESCU) | New Releases

Archived Metrics Now Available for APAC and EMEA realms