rare

`rare`

Use the rare command to display n results of the least frequent values of all fields in the field list. You can optionally group by additional fields.

Syntax

rare [<rare_options>] <field_name> [, <field_name>, ...] [as <new_field_name>] [by <field_name> [, <field_name>]*]

Parameters

The following table lists the parameters used in this command, along with their descriptions.

Parameter Description

Parameter	Description
`field_name`	Specify the field whose rare values must be determined.
`rare_options`	Syntax: `[limit = <limit>] [showcount = [true\|false]] [showpercent = [true\|false]]` `limit`: Specify the number results to return. Default value is `10`, if not specified. If the value is `-1`, then all rows are returned. `showcount`: Specify if the frequency count must be returned in the results. Default value is `false`, if not specified. `showpercent`: Specify if the frequency percentage must be returned in the results. Default value is `false`, if not specified.

field_name

Specify the field whose rare values must be determined.

rare_options

Syntax:

[limit =
                                        <limit>] [showcount =
                                    [true|false]] [showpercent =
                                        [true|false]]

limit: Specify the number results to return. Default value is 10, if not specified. If the value is -1, then all rows are returned.

showcount: Specify if the frequency count must be returned in the results. Default value is false, if not specified.

showpercent: Specify if the frequency percentage must be returned in the results. Default value is false, if not specified.

The following queries return 10 entities with severity values of the lowest frequency:

With link command:

* | link Entity
    | stats latest(Severity) as Severity
    | rare Severity

Without link command:

* | stats latest(Severity) as Severity by Entity 
    | rare Severity

Oracle Cloud Infrastructure Documentation