The top operator in Axiom Processing Language (APL) allows you to retrieve the top N rows from a dataset based on specified criteria. It is particularly useful when you need to analyze the highest values in large datasets or want to quickly identify trends, such as the highest request durations in logs or top error occurrences in traces. You can apply it in scenarios like log analysis, security investigations, or tracing system performance.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

Usage

Syntax

| top N by Expression [asc | desc]

Parameters

  • N: The number of rows to return.
  • Expression: A scalar expression used for sorting. The type of the values must be numeric, date, time, or string.
  • [asc | desc]: Optional. Use to sort in ascending or descending order. The default is descending.

Returns

The top operator returns the top N rows from the dataset based on the specified sorting criteria.

Use case examples

The top operator helps you find the HTTP requests with the longest durations.Query
['sample-http-logs']
| top 5 by req_duration_ms
Run in PlaygroundOutput
_timereq_duration_msidstatusurimethodgeo.citygeo.country
2024-10-01 10:12:345000123200/api/get-dataGETNew YorkUS
2024-10-01 11:14:204900124200/api/post-dataPOSTChicagoUS
2024-10-01 12:15:454800125200/api/update-itemPUTLondonUK
This query returns the top 5 HTTP requests that took the longest time to process.
  • order: Use when you need full control over row ordering without limiting the number of results.
  • summarize: Useful when aggregating data over fields and obtaining summarized results.
  • take: Returns the first N rows without sorting. Use when ordering is not necessary.