I currently have a search that gives me the top counts by time and site. For example, I might get the following results:
Date Site Count
2013-05-01 14:25:00 den01 5729
2013-05-01 14:27:00 den01 5727
2013-05-01 14:12:00 oma01 5698
2013-05-01 14:00:00 den01 5663
2013-05-01 14:04:00 oma01 3961
2013-05-01 14:03:00 atl01 3870
2013-05-01 15:02:00 den01 3666
2013-05-01 14:05:00 oma01 3588
2013-05-01 14:04:00 atl01 2559
2013-05-01 14:03:00 oma01 2554
However, I only want the top results per site. Like this:
Date Site Count
2013-05-01 14:25:00 den01 5729
2013-05-01 14:12:00 oma01 5698
2013-05-01 14:03:00 atl01 3870
I'm not sure how to do this. Any help would be greatly appreciated. Thanks!
dedup may work but that depend on sort.
...|fields Date, Site, Count | stats max(Count) as Count by Site | table Date, Site, Count
Ah, geez. Answered it myself.
| dedup Site
I knew it was too easy.