head


This search command provides the first N number of search results. When you run this command, the events that were indexed first (the earliest records) are displayed in ascending order. You can specify a limit in the syntax to return the maximum number (N) of search results. If you run this command without specifying a limit, by default the product returns the first 10 results.

This topic contains the following information:

For a list of all search commands, see Search-commands.

Related topics

Where to find more information

Syntax

head n 

OR

head limit=<integer>

In the preceding syntax, n or <integer> refers to an integer value that indicates the maximum number of records that you want to see.

Short examples

Example 1: Return the first 10 records.

... | head 

Example 2: Return the first 20 records.

... | head limit=20

Example 2: Return the first 2 records.

... | head 2

Long example

The following sample data and sample indexed data (displayed on the Search tab) will help you understand the examples of using the head command.

Sample data

10.1.1.140 - - [11/Jul/2013:15:01:52 -0700] "GET /themes/ComBeta/images/bullet.png
HTTP/1.1" 404 100

10.1.1.140 - - [11/Jul/2013:15:02:52 -0700] "GET /themes/ComBeta/images/bullet.png
HTTP/1.1" 201 150

10.1.1.141 - - [11/Jul/2013:15:03:52 -0700] "PUT /themes/ComBeta/images/bullet.png
HTTP/1.1" 201 200

10.1.1.141 - - [11/Jul/2013:15:04:52 -0700] "POST /themes/ComBeta/images/bullet.png
HTTP/1.1" 200 100

Back to examples ↑

Sample indexed data

10.1.1.141 - - [11/Jul/2013:15:04:52 -0700] "POST /themes/ComBeta/images/bullet.png
HTTP/1.1" 200 100

HOST=local.bmc.com |ResponseSize=100|COLLECTOR_NAME=u4 |ClientIp=10.1.1.141 |ResponseCode=200 |RequestType=POST|RequestURL=/themes/ComBeta/images/bullet.png

10.1.1.141 - - [11/Jul/2013:15:03:52 -0700] "PUT /themes/ComBeta/images/bullet.png
HTTP/1.1" 201 200

HOST=local.bmc.com |ResponseSize=200|COLLECTOR_NAME=u4 |ClientIp=10.1.1.141 |ResponseCode=201 |RequestType=PUT|RequestURL=/themes/ComBeta/images/bullet.png

10.1.1.140 - - [11/Jul/2013:15:02:52 -0700] "GET /themes/ComBeta/images/bullet.png
HTTP/1.1" 201 150

HOST=local.bmc.com |ResponseSize=150|COLLECTOR_NAME=u4 |ClientIp=10.1.1.140 |ResponseCode=201 |RequestType=GET|RequestURL=/themes/ComBeta/images/bullet.png

10.1.1.140 - - [11/Jul/2013:15:01:52 -0700] "GET /themes/ComBeta/images/bullet.png
HTTP/1.1" 404 100

HOST=local.bmc.com |ResponseSize=100|COLLECTOR_NAME=u4 |ClientIp=10.1.1.140 |ResponseCode=404 |RequestType=GET|RequestURL=/themes/ComBeta/images/bullet.png

Back to examples ↑

head with limit option

In this example, you use the command to find the first two records that occurred (as per the event time stamp).

Command

... | head 2

OR

... | head limit=2

Output

10.1.1.140 - - [11/Jul/2013:15:02:52 -0700] "GET /themes/ComBeta/
images/bullet.png HTTP/1.1" 201 15
HOST=local.bmc.com |ResponseSize=150|COLLECTOR_NAME=u4 |ClientIp=10.1.1.140
ResponseCode=201 RequestType=GETRequestURL=/themes/ComBeta/images/bullet.png ======

10.1.1.140 - - [11/Jul/2013:15:01:52 -0700] "GET /themes/ComBeta/
images/bullet.png HTTP/1.1" 404 100

HOST=local.bmc.com |ResponseSize=100|COLLECTOR_NAME=u4 |ClientIp=10.1.1.140
|ResponseCode=404 |RequestType=GET|RequestURL=/themes/ComBeta/images/bullet.png

Back to examples ↑

Note

Using very large limit sizes can negatively impact your system performance.

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC TrueSight IT Data Analytics 2.1