I don't really know how to explain this so I will do my best. I have a bunch of data that I want to analyze. Each line represents an event and it contains a timestamp. I use the following command to narrow down the results to those during times where there is a lot of data in a short period of time. sourcetype="csv-4" | timechart span="1m" count | eventstats avg(count) as threshold | where count/1.1 > threshold | eventstats median(count) as threshold | where count > threshold | timechart span="5m" count | where count > 0 In the data, there is a field called NAME. I want to find the top ten names within the filtered out results. I tried this but it did not work: sourcetype="csv-4" | timechart span="1m" count | eventstats avg(count) as threshold | where count/1.1 > threshold | eventstats median(count) as threshold | where count > threshold | timechart span="5m" count | where count > 0 | top NAME Could someone please help me? ... View more

I want to remove the top results from my final results. Essentially, removing outliers. ... View more