limit - Limit number of response documents
The limit
operator limits the output of a query to a specified number of events.
Syntax
Example - Get top 100 Users by Activity
Consider the following document:
{
"path": "/home",
"user": "chris"
},
{
"path": "/home",
"user": "dave"
},
{
"path": "/home",
"user": "maya"
}
In order for us to count activity, we'll need to perform an aggregation to count the number of logs:
If we have more than 100 users, then we won't get the top 100 users here. We first need to sort by the new count field, and then limit:
This will return an aggregated view of the first (top) 100 users.
NOTE: We've used groupby
, orderby
and limit
in this example to illustrate how limit
works, but we can achieve the same outcome with the top
command.
Theme
Light