Versions Compared

Old Version 4

changes.mady.by.user Omry Koschitzky

Saved on

compared with

New Version 5

changes.mady.by.user Omry Koschitzky

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Synopsis

Displays

Used to display the first specified number of

first search query results. This complex search query returns events, as opposed to a summary table

events resulting from a Simple Search, or the first specified number of summary table entries resulting from a Complex Search.

Syntax

first [number_of_results]

Required Arguments

number_of_results

Syntax: <numeric>

Description: The number of first search results to display

Optional Arguments

None

Description

Returns the specified

When used immediately following a Simple Search query, returns the specified number of first events resulting from the search. When used immediately following a Complex Search query, returns the specified number of first entries from the summary table resulting from the search

query results

.

Examples

Example

1:

   

* in log.access | first
11
32

Returns the first

11 events

32 events from access log.

Example 2:

http in log.iis log| max time-taken | group by c-ip | first 21

Returns the max time-taken value from events in log.iis log having http in their column values, for the first 21 c-ip values only.