Returns a limited number of events, starting with the oldest, sorted by the the event timestamp. This function is equivalent to the command-line head tool.

Function Traits: Aggregate, EventSelectingAggregate

ParameterTypeRequiredDefaultDescription
limit[a]numberoptional[b]200 The maximum number of events to return.
  Minimum0 
  Maximum10000 

[a] The argument name limit can be omitted.

[b] Optional parameters use their default value unless explicitly set

The parameter name for limit can be omitted; the following forms are equivalent:

logscale
head("0")

and:

logscale
head(limit="0")

head() Examples

  • Select the 10 oldest with loglevel=ERROR

    logscale
    loglevel=ERROR
| head(10)

  • Select the 100 oldest events and group them by loglevel

    logscale
    head(limit=100)
| groupby(loglevel)