Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Display top 3 Employees by Class Frequency

efelder0
Communicator
‎08-07-2012 08:37 AM

I have 2 fields in CSV that I want to only display the top 3 employees by the Class frequency. I know the Top command will suffice, but not sure of the syntax.

Here is a sampling of data:
Employee_ID Class_Frequency
tsmith 2388
mjones 81
smurphy 6591
tpayne 1309
jjones 109

Tags (2)
0 Karma
Reply

jfreund
Explorer
‎12-15-2014 01:26 PM

| top limit=3 Class_Frequency by Employee_ID showcount=f showperc=f

0 Karma
Reply

dmaislin_splunk
Splunk Employee
Splunk Employee
‎08-07-2012 08:58 AM 
 * | chart count(Employee_ID) as count by Class_Frequency | sort - count | head 3

or


 * | stats count(Employee_ID) by Class_Frequency | sort - count | head 3
Reply

efelder0
Communicator
‎08-07-2012 10:44 AM

sort - Classification_Frequency | head 3 worked..

0 Karma
Reply
Get Updates on the Splunk Community!

Modern way of developing distributed application using OTel

Recently, I had the opportunity to work on a complex microservice using Spring boot and Quarkus to develop a ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...

Archived Metrics Now Available for APAC and EMEA realms

We’re excited to announce the launch of Archived Metrics in Splunk Infrastructure Monitoring for our customers ...