Splunk Commands Tutorials & Reference:-
Commands Category: Filtering
Commands: head
Use: Returns the first N number of specified results in search order. This means the most recent N events for a historical search, or the first N captured events for a real-time search. The search results are limited to the first results in search order.
There are two types of limits that can be applied: an absolute number of results, or an expression where all results are returned until the expression becomes false.
If no options or limits are explicitly stated, the head command returns the first 10 results.
Using sample data access_30day.log
source="access_30day.log" HTTP 500
source="access_30day.log" HTTP (200 or 30*)
source="access_30day.log" status=404 | sort - uri
source="access_30day.log" | head 1000 | top 50 clientip
source="access_30day.log" | head 1000 | top 50 referer
source="access_30day.log" | head 1000 | top 50 uri
source="access_30day.log" | head 1000 | top 50 method
Return results based on a specified limit
... | streamstats range(_time) as timerange | head (timerange<100)
 |