I would like count to be the first field when I use top, rather than the last (one of my fields is very long and so count scrolls off the right hand side)
I've tried
sourcetype="server" | top limit=10 count, status, message
But that reports a clash in name between input and output field
Error in 'top' command: The output count field conflicts with the input field 'count'. Use the 'countfield' option to specify a different name.
If I try
sourcetype="server" | top limit=10 countfield=countxz countxz, status, message
I get the same message.
sourcetype="server" | top limit=10 countfield=countxz count, status, message
i can't tell if the question is the result of him having a field called "count" as you think, or whether he just wants the "count" field to be the first field. "top" returns fields as "
sourcetype="server" | top 10 status message | fields count, percent, status, message