sort

Use sort to display log events in ascending (asc) or descending (desc) order by a specified field. You can use this with the limit command to create "top N" or "bottom N" queries.

For example, the following query for Amazon VPC flow logs finds the top 15 packet transfers across hosts.


stats sum(packets) as packetsTransferred by srcAddr, dstAddr
    | sort packetsTransferred  desc
    | limit 15

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

parse

stats