Solved: Sorting top 10 values of one column base on the va...

sdhawanx · ‎01-04-2021

I have a search query that gives the supposed following results(just an example).

Name	WW	Name2	Result	Type	Value
Abc	50.5	Prod	Pass	A	1280
Xyz	47.2	Prod	Pass	Dr	Sound
Abc	51.3	Test	Fail
Def	8.2	Test	Fail	Td	Wifi
Def	44.2	Prod2	Pass	Gf	Printer
Xyz	6.2	Test1	Fail	Fr	Audio
Abc	451	Prod1	Pass	Cs	Audio

now i am required to sort out the results in such a way that the top 10 results for ABC as per WW are displayed first, then top 10 results for Def as per WW and so on. Can someone help me out to see if this is possible through queries.

ITWhisperer · ‎01-04-2021

What has this to do with regex?

Sort your table by Name (ascending) and WW (descending), then use streamstats to add a count by Name called row (for example), then a where clause where row < 11

| sort Name -WW
| streamstats count as row by Name
| where row < 11

View solution in original post

ITWhisperer · ‎01-04-2021

What has this to do with regex?

Sort your table by Name (ascending) and WW (descending), then use streamstats to add a count by Name called row (for example), then a where clause where row < 11

| sort Name -WW
| streamstats count as row by Name
| where row < 11

sdhawanx · ‎01-04-2021

I am using Regex in my queries that are effecting the results in this table. but I was advised not to put the query here as it has some proprietary data, so i edited the question but I forgot to take to the regex tag. Sorry missing that out.

sdhawanx · ‎01-04-2021

This works fine. Thanks for the help. Cheers...

Sorting top 10 values of one column base on the value of the other column.

chart

regex

table

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases