• Spaces
  • Collections
  • Help
    • ×
     
     
    •  
    BMC TrueSight IT Data Analytics 2.7

    Page tree

    This search command creates a table of statistics and a corresponding chart to display the most frequent values of a field. The command also supports the optional group by parameter to display the most frequent values for each distinct tuple of values of the group by field.

    This topic contains the following information:

    For a list of all search commands, see Search commands.

    Related topics

    rare search command

    stats search command

    Getting started with search

    Syntax

    top limit=<int> <field> [by <field>]

    In the preceding syntax,the following definitions apply:

    • [expression] indicates it is optional.
    • <int> refers to an integer value that represents the maximum number of results to return.
    • by <field> refers to the group by parameter that can be optionally used to group the result set by the specified field.

    Short examples

    Example 1: Return the 10 most common values of the HOST field.

    ... | top limit=10 HOST 

    Example 2: Return the most common data-pattern values for each host.

    ... | top limit=5 DATA_PATTERN by HOST

    Example 3: Return the most common request types based on the client IP address.

    ... | top limit=5 RequestType by ClientIp

    Example 4: Return the most common request type.

    ... | top limit=1 RequestType

    Long examples

     The following sample data and sample indexed data (displayed on the Search tab) will help you understand the examples of using the top command.

    Sample data

    10.1.1.140 - - [11/Jul/2013:15:01:52 -0700] "GET /themes/ComBeta/images/bullet.png 
    HTTP/1.1" 404 100
    10.1.1.140 - - [11/Jul/2013:15:02:52 -0700] "GET /themes/ComBeta/images/bullet.png 
    HTTP/1.1" 201 150
    10.1.1.141 - - [11/Jul/2013:15:03:52 -0700] "PUT /themes/ComBeta/images/bullet.png 
    HTTP/1.1" 201 200
    10.1.1.141 - - [11/Jul/2013:15:04:52 -0700] "POST /themes/ComBeta/images/bullet.png 
    HTTP/1.1" 200 100

    Back to examples ↑

    Sample indexed data

    10.1.1.141 - - [11/Jul/2013:15:04:52 -0700] "POST /themes/ComBeta/images/bullet.png 
    HTTP/1.1" 200 100
    HOST=local.bmc.com |ResponseSize=100|COLLECTOR_NAME=u4 |ClientIp=10.1.1.141 |ResponseCode=200 |RequestType=POST|RequestURL=/themes/ComBeta/images/bullet.png
    10.1.1.141 - - [11/Jul/2013:15:03:52 -0700] "PUT /themes/ComBeta/images/bullet.png 
    HTTP/1.1" 201 200
    HOST=local.bmc.com |ResponseSize=200|COLLECTOR_NAME=u4 |ClientIp=10.1.1.141 |ResponseCode=201 |RequestType=PUT|RequestURL=/themes/ComBeta/images/bullet.png
    10.1.1.140 - - [11/Jul/2013:15:02:52 -0700] "GET /themes/ComBeta/images/bullet.png 
    HTTP/1.1" 201 150
    HOST=local.bmc.com |ResponseSize=150|COLLECTOR_NAME=u4 |ClientIp=10.1.1.140 |ResponseCode=201 |RequestType=GET|RequestURL=/themes/ComBeta/images/bullet.png
    10.1.1.140 - - [11/Jul/2013:15:01:52 -0700] "GET /themes/ComBeta/images/bullet.png 
    HTTP/1.1" 404 100
    HOST=local.bmc.com |ResponseSize=100|COLLECTOR_NAME=u4 |ClientIp=10.1.1.140 |ResponseCode=404 |RequestType=GET|RequestURL=/themes/ComBeta/images/bullet.png

    Back to examples ↑

    Find most frequent values for a field (with limit=5)

    In this example, you use the command to see a table of statistics (and a multiseries chart) displaying the most used request types.

    For each request type, a count indicating the number of times the request was made is displayed.

    Command

    ... | top limit=5 RequestType

    Output

    RequestTypeCount
    GET2
    POST1
    PUT1

    Back to examples ↑

    Find most frequent values for a field grouped by another field (with limit=5)

    In this example, you use the command to see a table of statistics (and a multiseries chart) displaying the most common request types and to understand from which client IP addresses these request types originate.

    For each request type, a count is displayed, indicating the number of times the request was made per client IP address.

    Command

    ... | top limit=5 RequestType by ClientIp

    Output

    ClientIpRequestTypeCount

    10.1.1.140

    		GET2
    10.1.1.141POST1
    10.1.1.141PUT1

    Back to examples ↑

    Find most frequent values for a field (with limit=1)

    In this example, you use the command to see a table of statistics (and a multiseries chart) displaying the most common request type.

    Command

    ... | top limit=1 RequestType

    Output

    RequestTypeCount
    GET2

    Back to examples ↑

    Find most frequent values for a field grouped by another field (with limit=1)

    In this example, you use the command to see a table of statistics (and a multiseries chart) displaying the most common request type grouped by the ClientIp field.

    Command

    ... | top limit=1 RequestType by ClientIp

    Output

    ClientIpRequestTypeCount
    10.1.1.140GET2
    10.1.1.141POST1

    Back to examples ↑

    Note

     If the number of occurrences of the field used for the by parameter is too large (for example, 500), then the count of values displayed is an approximate value.

     

    © Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.