topk.zeek¶

Keep the top-k (i.e., most frequently occurring) observations.

Summary¶

`SumStats::Calculation`: `enum`	`SumStats::TOPK`: Keep a top-k list of values.
`SumStats::Reducer`: `record`	New Fields `SumStats::Reducer` topk_size: `count` `&default` = `500` `&optional` Number of elements to keep in the top-k list.
`SumStats::ResultVal`: `record`	New Fields `SumStats::ResultVal` topk: `opaque` of topk `&optional` A handle which can be passed to some built-in functions to get the top-k results.