I want to find the highest ten results of a search and group the others up. I'm using the following search:
index=foo | stats sum(apple) as fruit by tree |sort limit =2 - fruit | append [search index=foo | stats count sum(apple) as fruit by tree | eval counter=(count-10) | sort limit =counter + fruit | stats sum(fruit) | fillnull value="other" tree]
I've also tried to use "tonumber" and "convert" function. It leads to the folowing error:
Error in 'sort' command: Invalid option value. Expecting a 'non-negative integer' for option 'limit'. Instead got 'counter'
How to get a list like this:
tree1 | 8
tree2 | 5
other | 11
... View more