V1 - Examples - Top N

Top N: total

function countBySource()
  search
  let source=f("@source"), timestamp=f("@timestamp")
  aggregate count=count() by source
  sort 10 count
end
stream eventCount=countBySource()

Related FPL command: search;f;aggregate;sort;stream

Top N: within an interval of time

function countBySource()
  search
  let source=f("@source"), timestamp=f("@timestamp")
  timechart {span="1h", limit=10} count=count() by source
end

function sizeBySource()
  search
  let source=f("@source"), size=f("__size__"), timestamp=f("@timestamp")
  timechart {span="1h", limit=10} size=sum(size) by source
end

env from="-48h>h", to=">h"
stream eventCount=countBySource()
stream eventSize=sizeBySource()

Related FPL command: search;f;aggregate;stream;env;timechart

V1 - Examples - Top N

Top N: total​

Top N: within an interval of time​

Top N: total

Top N: within an interval of time