Solved: How to use an additional conditional with the top ...

okug · ‎03-18-2015

Hi,

I have questions about the top command.

First one is pretty simple.
How I can add sequential number column in top result table?

2nd one is.
Is there any way to use an additional conditional to top command? I want to do something like:
top limit=30 and percent > 1 ....
top limit=50 and count >= 10 ....

Thanks!

satishsdange · ‎03-18-2015

| top limit=30 xxx | where count > 10

View solution in original post

pradeepkumarg · ‎03-18-2015

Try this..

| top limit=30 | eval s_no =1 | accum s_no
| top limit=30 | where percent > 1
| top limit=30 | where count >= 10

satishsdange · ‎03-18-2015

| top limit=30 xxx | where count > 10

okug · ‎03-18-2015

Great! Thanks!!
Any idea for 1st question?

ppablo · ‎03-18-2015

Hi @okug

Try and see if the answer on this post can help answer your 1st question.
http://answers.splunk.com/answers/216542/how-to-add-a-first-column-to-number-each-row-in-a.html

okug · ‎04-10-2015

Thanks!

top limit=30 foo| where percent >= 1 | streamstats count as row | fields row,foo,count,percent

worked.

ppablo · ‎04-14-2015

Hi @okug

Great 🙂 glad it worked!

How to use an additional conditional with the top command (ex: count > 10) and add a sequential number column to the table?

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann