Skip to main content
Sumo Logic

top

Use the top operator with the sort operator, to reduce the number of sorted results returned. 

Syntax:

  • ... | top # fieldname by group_by_function

Examples

List the Top 5 source categories with errors.

Use the following query to list the top 5 source categories with errors, and get their count.

error | top 5 _sourcecategory

which produces results like:

You can use the following query to get the same results, but make the count explicit:

error | top 5 _sourcecategory by count

List the Top 10 source categories by message time.

This query lists the top 10 source categories by message time, without an explicit count.

error | top 10 _sourcecategory by _messagetime

which produces results like: