In the splunk UI on the left hand side after the query search you can find the fields and the top 10 values, (their percentage and count) for all the fields.
I would like to use this programatically, Is there any way I can get it using splunk sdk. Or any query that would give the same result.
Thanks in advance.
It leverages the top
(and rare
) command.
It does? 😮
It does when you open in search:
https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Top
The field sidebar in the UI doesn't run infinitely many top
commands.
True enough.
This API endpoint has the data you're looking for: https://docs.splunk.com/Documentation/Splunk/8.0.2/RESTREF/RESTsearch#search.2Fjobs.2F.7Bsearch_id.7...