Splunk tutorial

Splunk - Top Command Many times we are interested in finding the most common values ​​available in a field. Splunk"s top command helps us achieve this. This further helps in finding the number and percentage of frequency at which values ​​occur in events. Main values ​​of a field In its simplest form, we just get the count and percentage of that number compared to the total number of events. In the example below we find the 8 main productid values. Main values ​​of one field by one field Then we can also include another field as part of the by clause of this top command to display the result of field1 for each set of field2 . In the search below, we find the top 3 products for each filename. Note how the file names are refarted 3 times with a different product id for this file. Show options We can also decide to show columns specific using additional options available in Splunk with the Top command. In the command below, we disable to show percentage option and only show top product ID by filename.