Splunk Search

Top 10 per group

Explorer

Is there a way to get the top 10 count for a number of groupings eg:

Col1    Col2    Count
G1        SG1     10
G1        SG2     8
G1        SG3     6
G2        SG4     21
G2        SG5     5
G2        SG6     1

So I have the top 10 for G1 then the top 10 for G2

0 Karma
1 Solution

Esteemed Legend

Just do this:

... | sort 0 - Count
| dedup 10 Col1

View solution in original post

0 Karma

Esteemed Legend

Just do this:

... | sort 0 - Count
| dedup 10 Col1

View solution in original post

0 Karma