I want to find the highest ten results of a search and group the others up. I'm using the following search:
index=foo | stats sum(apple) as fruit by tree |sort limit =2 - fruit | append [search index=foo | stats count sum(apple) as fruit by tree | eval counter=(count-10) | sort limit =counter + fruit | stats sum(fruit) | fillnull value="other" tree]
I've also tried to use "tonumber" and "convert" function. It leads to the folowing error:
Error in 'sort' command: Invalid option value. Expecting a 'non-negative integer' for option 'limit'. Instead got 'counter'
How to get a list like this:
tree1 | 8
tree2 | 5
other | 11
I would try like this
index=foo | stats sum(apple) as fruit by tree | sort 0 -fruit | streamstats count as rank | eval tree=if(rank=1 OR rank=2 , tree,"other"
| stats sum(fruit) as fruit by tree
I would try like this
index=foo | stats sum(apple) as fruit by tree | sort 0 -fruit | streamstats count as rank | eval tree=if(rank=1 OR rank=2 , tree,"other"
| stats sum(fruit) as fruit by tree
This answer may be fitted for the question. However it does not answer the question: how to use a variable to limit a list. I want to limit the number of bars in a barchart, depending on the days of the month. I can calculate the number of days, but when i use that variable to fill in the limit parameter, i got the same error as mentioned above.
It works, thank you very much