Display Top 20 Results by Event Count

Hi All,

I have a dataset that returns data that includes a networks ASN. I'd like to be able to visualize a set of specific ASNs AND the top 20 of all other ASNs in my dataset based on event count. Any suggestions on the best way to approach that?

I appreciate any help in advance!

You can't really do this is one single visualization, but if you use 2 of them on a dashboard it's easily doable.
For the specific ASNs, just use a filter aggregation and specify each of them.
For the other 20, just do a top 20 terms aggregation and set a filter that filters out the ASNs from the first one. I would suggest using TSVB because it has an option called "ignore global filters" so if you add any filters on the dashboard it won't mess with the filters from the visualization.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.