frequent

`frequent`

Use the frequent command to display n results of the most frequent values of all fields in the field list. You can optionally group by additional fields.

Syntax

frequent [<frequent_options>] <field_name> [, <field_name>), ...] [as <new_field_name>] [by <field_name> [, <field_name>]*]

Parameters

The following table lists the parameters used in this command, along with their descriptions.

Parameter Description

Parameter	Description
`field_name`	Specify the field whose frequent values must be determined.
`frequent_options`	Syntax: `[limit = <limit>] [showcount = [true\|false]] [showpercent = [true\|false]]` `limit`: Specify the number results to return. Default value is `10`, if not specified. If the value is `-1`, then all rows are returned. `showcount`: Specify if the frequency count must be returned in the results. Default value is `false`, if not specified. `showpercent`: Specify if the frequency percentage must be returned in the results. Default value is `false`, if not specified.

field_name

Specify the field whose frequent values must be determined.

frequent_options

Syntax:

[limit =
                                        <limit>] [showcount =
                                    [true|false]] [showpercent =
                                        [true|false]]

limit: Specify the number results to return. Default value is 10, if not specified. If the value is -1, then all rows are returned.

showcount: Specify if the frequency count must be returned in the results. Default value is false, if not specified.

showpercent: Specify if the frequency percentage must be returned in the results. Default value is false, if not specified.

The following queries return 10 entities with severity values of the highest frequency:

With link command:

* | link Entity
    | stats latest(Severity) as Severity
    | frequent Severity

Without link command:

* | stats latest(Severity) as Severity by Entity
    | frequent Severity

Oracle Cloud Infrastructure Documentation