Hi! I have a summarized field (docsReturned) by customer id that I would like to make a top X pie chart of, while summarizing the fields not displayed in the list under the OTHERS tag that the timechart and top command use. Base command example:
<search here>
| stats sum(docsReturned) by customerId
I assumed it would work in the same way as the others (that I could simply set a limit on the "| stats" transform command) like I can with the timechart command, but that does not seem to be supported.
I also attempted to chain the above search with the top command, but top appears to only work when counting rows? (Can at least not figure out how to make it work based on an already summarized field)
Last but not least I have tested chaining it with the sort command. "| sort 3 -docsReturned" is the closest I have gotten to what I want, but then I am lacking "OTHERS" which is quite important in this scenario..
Sample output that I would like (in a scenario where the dynamic limit is set to 3):
| 1 | Customer 1 | 14079 |
| 2 | Customer 2 | 7015 |
| 3 | Customer 3 | 5302 |
| 4 | OTHER | 6407 |
It seems like this should be an easy thing (since it is available in the timechart and top commands) and hopefully I have simply overlooked something. Fingers crossed that someone here can point me in the right direction?
