Skip to main content Link Search Menu Expand Document (external link)

Utility Functions - top

Table of contents
  1. top

top

  • top N or top N by term2

Sort by count() in descending order.

top 10 source   // top 10 sources by count
top 1 source by tag   // top 1 source for each tag

Example:

search
let {ClientIP}=f("@fields")
aggregate count=count() by ClientIP
top 10 ClientIP

This example has the same result with the one of sort. If use the top command, you don’t need the aggregation sentence to count the “ClientIP”. Without a by after top, the order is determined by the count by default.