Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to find the top 10 events within 24 hours?

N0Excuse_
New Member
‎08-20-2022 06:13 PM

Hi, I am new to Splunk, I would like to create a command where it can find top 10 events happened within 24 hours. 

index="name"  events =*| top 10 User | stats count(User) as Count by User | sort - Count | head 10 

 

Labels (2)
Labels
0 Karma
Reply

jotne
Builder
‎08-21-2022 07:17 AM

Do you like top 10 events per user?

 

index="name"  events =*
| stats count by host events
| sort  host -count
| streamstats count as counter by host
| where counter<11
| fields - counter

 

0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎08-20-2022 09:15 PM

What is the question?  | top 10 User will return ten most populous users and sort in reverse numeric order.  You don't need to count the output.  Are you not getting that with just | top 10 User?

0 Karma
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...