O'Reilly logo

Splunk 7 Essentials - Third Edition by Betsy Page Sigman, Erickson Delgado, J-P Contreras

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Search command – top/rare

A quick way to get a summarized table based on the fields is by using the top and rare commands. Run this search command:

SPL> index=main | top http_uri

Notice that the result automatically grouped the URLs by count, calculated the percentage of each row against the whole data set, and sorted them by count in descending order. You can see a sample result in the following screenshot:

You may further tweak this search command by adding command options such as limit and showperc. Say, for example, you only want to see the top five URLs, but you do not want to see the percent column. This is the SPL to achieve that:

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required