Solved: countfield question

palisetty · ‎12-27-2019

What is the role of countfield please? What is it doing here?
index="access_log" source="access.log" host="AccessLog" status=500
| top action countfield="HTTP_DESCRIPTION"

vnravikumar · ‎12-27-2019

Hi

For each value returned by the top command, the results also return a count of the events that have that value. This argument specifies the name of the field that contains the count. The count is returned by default. If you do not want to return the count of events, specify showcount=false.

For more info you can check splunk doc:

https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Top

View solution in original post

vnravikumar · ‎12-27-2019

Hi

For each value returned by the top command, the results also return a count of the events that have that value. This argument specifies the name of the field that contains the count. The count is returned by default. If you do not want to return the count of events, specify showcount=false.

For more info you can check splunk doc:

https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Top

countfield question

Routing logs with Splunk OTel Collector for Kubernetes

New This Month - Observability Updates Give Extended Visibility and Improve User ...

Intro to Splunk Synthetic Monitoring