The query produces multiple pages of results. How do I move the total to the top (first) row for convenience?
search query | eval dayOfWeek=strftime(_time, "%A"), date=strftime(_time, "%Y...
Hello there, I want to make a top 10 of applications based on top 10 of categories. Here is an example: Category Nb of alert / category Application Nb of alert (by app for this c...
...otalsbomb > 10) | sort -sbomb Tried top but can only get one or the other and I need to pass dest,totalsbomb and totalsbimb with the top event.
I keep finding ways to get one but not the o...
How to display top 10 and replace the rest with others? I tried using top limit 5 with userother, but the number didn't match and showed other fields like count, percent and _tc.&n...
I'm currently building a query that reports the top 10 urls of the top 10 users. Although my current query works, I would like a cleaner look. Query:
index="zscaler" s...
I'm trying to run a query to figure out the top 10 src_ip's along with their top 10 urls visited. When I try the below query it's giving me every src_ip instead of just the top 10.
Any s...
...lahblah9
And I want to get the Top 2 websites listing for only Top 2 users per website; hence the following table output is what I'm trying to get:
Website User
abc.com user1
abc.com user2
def.com u...
Hello All,
I have been able to create a table that lists the top users that have been uploading files the most to cloud storage services for a certain time range as set in shared time picker with t...
I'm using a pretty straightforward query to see how many unique HTTP status codes are thrown from an IIS server during a given time period: index=foo host=bar sourcetype=iis85
| top s...