Within each record in a query I have two fields, c_ip and cs_bytes which is numeric. How can I get the top 10 c_ip values for the highest sum total of the cs_bytes field? The direction I've tried is a stats sum(cs_bytes) by c_ip.
You can search:
... | stats sum(cs_bytes) as bytes by c_ip | sort - bytes | head 10
You can search:
... | stats sum(cs_bytes) as bytes by c_ip | sort - bytes | head 10