Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to use an additional conditional with the top ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
okug
New Member
03-18-2015
07:13 AM
Hi,
I have questions about the top command.
First one is pretty simple.
How I can add sequential number column in top result table?
2nd one is.
Is there any way to use an additional conditional to top command? I want to do something like:
top limit=30 and percent > 1 ....
top limit=50 and count >= 10 ....
Thanks!
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
satishsdange
Builder
03-18-2015
07:15 AM
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pradeepkumarg
Influencer
03-18-2015
01:11 PM
Try this..
| top limit=30 | eval s_no =1 | accum s_no | top limit=30 | where percent > 1 | top limit=30 | where count >= 10
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
satishsdange
Builder
03-18-2015
07:15 AM
| top limit=30 xxx | where count > 10
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
okug
New Member
03-18-2015
01:04 PM
Great! Thanks!!
Any idea for 1st question?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ppablo
Retired
03-18-2015
04:27 PM
Hi @okug
Try and see if the answer on this post can help answer your 1st question.
http://answers.splunk.com/answers/216542/how-to-add-a-first-column-to-number-each-row-in-a.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
okug
New Member
04-10-2015
10:19 AM
Thanks!
top limit=30 foo| where percent >= 1 | streamstats count as row | fields row,foo,count,percent
worked.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ppablo
Retired
04-14-2015
05:43 PM
Hi @okug
Great 🙂 glad it worked!
Get Updates on the Splunk Community!
Dashboards: Hiding charts while search is being executed and other uses for tokens
There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...
Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...
This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...
Brains, Bytes, and Boston: Learn from the Best at .conf25
When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
