Skip to main content

top Search Operator

Use the top operator with the sort operator, to reduce the number of sorted results returned.

tip

We recommend you instead use the topk operator so you can take advantage of its additional functionality.

Syntax

top <#> <field> [by <group_by_operator>]

Examples

List the Top 5 source categories with errors

Use the following query to list the top 5 source categories with errors, and get their count.

error | top 5 _sourcecategory

which produces results like:

example

You can use the following query to get the same results, but make the count explicit:

error | top 5 _sourcecategory by count

List the Top 10 source categories by message time

This query lists the top 10 source categories by message time, without an explicit count.

error | top 10 _sourcecategory by _messagetime

which produces results like:

example

Sumo Logic YouTubeSumo Logic Twitter
Legal
Privacy Statement
Terms of Use

Copyright © 2022 by Sumo Logic, Inc.