Using 'by' clause overrides 'limit'?

palisetty · ‎01-06-2020

I have used the following
source="C:\Users\spali\Downloads\products\*" host="DESKTOP-K35HBNT"
| top product_name price by Code limit=5

Code product_name price count percent
A Mediocre Kingdoms 24.99 1 100.000000
B Dream Crusher 39.99 1 100.000000
C Final Sequel 24.99 1 100.000000
D World of Cheese 24.99 1 100.000000
E World of Cheese Tee 9.99 1 100.000000
F Puppies vs. Zombies 4.99 1 100.000000
G Curling 2014 19.99 1 100.000000
H Manganiello Bros. 39.99 1 100.000000
I Manganiello Bros. Tee 9.99 1 100.000000
J Orvil the Wolverine 39.99 1 100.000000
K Benign Space Debris 24.99 1 100.000000
L SIM Cubicle 19.99 1 100.000000
M Holy Blade of Gouda 5.99 1 100.000000
N Fire Resistance Suit of Provolone 3.99 1 100.000000
O Grand Theft Scooter 24.99 1 100.000000
P SIM Cubicle Tee 9.99 1 100.000000

I should have got only 5, Why is that I am getting more than that?

to4kawa · ‎01-06-2020

Because Code has 16 values.
limit is limited by each Code.

richgalloway · ‎01-06-2020

Have you tried top limit=5 product_name price by Code or top 5 product_name price by Code?

---
If this reply helps you, Karma would be appreciated.

Using 'by' clause overrides 'limit'?

Splunk App for Anomaly Detection End of Life Announcment

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Are you a member of the Splunk Community?

Using 'by' clause overrides 'limit'?

Splunk App for Anomaly Detection End of Life Announcment

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk