top

top

Synopsis

Displays the most common values of a field.

Syntax

top [<top-opt>]* <field-list> [<by-clause>]

Arguments

<by-clause>

Syntax: by <field-list>

Description: The name of one or more fields to group by.

<field-list>

Syntax: <string>,...

Description: Comma-delimited list of field names.

<top-opt>

Syntax: countfield=<string> | limit=<int> | percentfield=<string> | rare=<bool> | showcount=<bool> | showperc=<bool>

Description: Options for top.

Top options

countfield

Syntax: countfield=<string>

Description: Name of a new field to write the value of count, default is "count".

limit

Syntax: limit=<bool>

Description: Specifies how many tuples to return, "0" returns all values.

percentfield

Syntax: percentfield=<string>

Description: Name of a new field to write the value of percentage, default is "percent".

rare

Syntax: rare=<bool>

Description: When true, evokes the behavior of calling the rare command; default is false.

showcount

Syntax: showcount=<bool>

Description: Specify whether to create a field called "count" (see "countfield" option) with the count of that tuple. Default is true.

showperc

Syntax: showperc=<bool>

Description: Specify whether to create a field called "percent" (see "percentfield" option) with the relative prevalence of that tuple. Default is true.

Description

Finds the most frequent tuple of values of all fields in the field list, along with a count and percentage. If a the optional by-clause is provided, we will find the most frequent values for each distinct tuple of values of the group-by fields.

Examples

Example 1: Return the 20 most common values of the "url" field.

Example 2: Return top "user" values for each "host".

Example 3: Return top URL values.

See also

rare, sitop, stats

• Was this topic useful?
• Post a comment