Skip to main content

V1 - Utility Functions - top

top

  • top N (term) or top N (term1) by term2

Sort by count() in descending order.

top 10 source   // top 10 sources by count
top 1 source by tag   // top 1 source for each tag

Example:

search
let {ClientIP}=f("@fields")
aggregate count=count() by ClientIP
top 10 ClientIP

This example has the same result with the one of sort. If use the top command, you don't need the aggregation sentence to count the "ClientIP". Without a by after top, the order is determined by the count by default.