Is there any sort of syntax for me to be able to manipulate or get data on data that exists in the Values() field.
So lets say that I do a
| stats values(dest_port) by src_ip
I then want to order the values in the values(dest_port), or I only want the top 10 of the list in values(), or I want to only get the top and bottom. Is there any sort of notation or syntax that I can use to do this?
↧
