I have a splunk search for a list of users performing a particular task. I want to exclude the top 20 noisy results and fetch the other results. How can I do it?
Please help me with this, my sample query is :
source="x" | stats count by a,b | fields + a,b,count | sort count desc.
Now this generates a big list of results out of which I want to filter out the top 20 noisy results. I tried top 20 followed by the rare command or tail with the reverse command but it doesn't fetch the right results.
... View more