Topics

| pdf version

Toolbox

Splunk > The IT Search Company

  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk

Localized Splunk documentation

Looking for Splunk documentation in other languages?

Documentation | Discussion | View source | History

head

This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10

head

Synopsis

Returns the first n number of specified results.

Syntax

head [<N> | <eval-expression>] [limit=<int>] [null=<bool>] [keeplast=<bool>]

Arguments

<eval-expression>
Syntax: <eval-expression>
Description: A valid eval expression that evaluates to a Boolean.
keeplast
Syntax: keeplast=<bool>
Description:
limit
Syntax: limit=<int>
Description:
<N>
Syntax: <int>
Description: The number of results to return, default is 10 if none is specified.
null
Syntax: null=<bool>
Description:

Description

Returns the first n results, or 10 if no integer is specified. New for 4.0, can provide a boolean eval expression, in which case we return events until that expression evaluates to false.

Examples

Example 1: Return the first 20 results.

... | head 20Search

Example 2: Return events until the time span of the data is >= 100 seconds

... | streamstats range(_time) as timerange | head (timerange<100)Search

See also

reverse, tail

Retrieved from "http://www.splunk.com/base/Documentation/4.0.1/SearchReference/Head"
Revision: 207 Contact Privacy Policy Terms of Use Community content licensed under Creative Commons

Copyright © 2005-2010 Splunk Inc. All rights reserved.