head
Use the head command to display the first n number of results.
Syntax
head [limit=<limit>] Parameters
The following table lists the parameters used in this command, along with their descriptions.
| Parameter | Description |
|---|---|
|
|
Specify the number of entries you want to see. If no value is specified, then the default value of |
Note
- For query, the default sort order is time descending. So
headcommand returns the most recent, unless the sort order is overridden using thesortcommand. - For export, there is no default sort order by time.
headreturns most recent log data in the specified time filter but the data is not sorted by time, unless the sort order is overridden using thesortcommand. - To override the sort order, use
sortcommand before theheadcommand.
For examples of using this command in typical scenarios, see:
The following command returns the first 5 fatal logs:
severity = fatal | head limit=5 The following command returns the first 5 distinct severity results:
* | distinct severity | head limit=5The following command finds the first 20 fatal logs and calculates their average
iplen:
severity = fatal | head limit=20 | stats avg(iplen)