top

Version: v4.23
top
Shows the most common values. The dual to rare.
top x:field
Description
Shows the most common values for a given field. For each value, a new event containing its count will be produced. In general, top x is equivalent to:
summarize x, count=count() sort -count
Potentially High Memory Usage
Take care when using this operator with large inputs.
x: field
The field to find the most common values for.
Examples
Find the most common values
from [ {x: "B"}, {x: "A"}, {x: "A"}, {x: "B"}, {x: "A"}, {x: "D"}, {x: "C"}, {x: "C"}, ] top x
{x: "A", count: 3} {x: "B", count: 2} {x: "C", count: 2} {x: "D", count: 1}
Show the 5 top-most values
top id.orig_h head 5
Edit this page

Description​

x: field​

Examples​

Find the most common values​

Show the 5 top-most values​

Description

`x: field`

Examples

Find the most common values

Show the 5 top-most values