Solved: countfield question

palisetty · ‎12-27-2019

What is the role of countfield please? What is it doing here?
index="access_log" source="access.log" host="AccessLog" status=500
| top action countfield="HTTP_DESCRIPTION"

vnravikumar · ‎12-27-2019

Hi

For each value returned by the top command, the results also return a count of the events that have that value. This argument specifies the name of the field that contains the count. The count is returned by default. If you do not want to return the count of events, specify showcount=false.

For more info you can check splunk doc:

https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Top

View solution in original post

vnravikumar · ‎12-27-2019

Hi

For each value returned by the top command, the results also return a count of the events that have that value. This argument specifies the name of the field that contains the count. The count is returned by default. If you do not want to return the count of events, specify showcount=false.

For more info you can check splunk doc:

https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Top

countfield question

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Splunk Observability for AI

Join the Conversation

countfield question

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Splunk Observability for AI