- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Sort data in a Bar Chart
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sort data in a Bar Chart
I have a bar chart using the query below:
index=ctap host=sc58* sourcetype=gateway screen_clicks != "CALL TRACKER INSERT" screen_clicks != "ADD MEMO*" screen_clicks != "DEAD" screen_clicks != "PAYMENT" screen_clicks != "ESTIMATED*" screen_clicks != "UPDATE*" screen_clicks != "HIT*" screen_clicks != "SEND*" screen_clicks != "WARM*" screen_clicks != "STATEMENT*" screen_clicks != "SIX*" screen_clicks != "LOAD*" screen_clicks != "ACKNOWLEDGE*" screen_clicks != "AD GROUP ASSIGNED" | chart count by screen_clicks | eval Description = case(screen_clicks = "DASHBOARD TAB CLICK"," Dashboard Tab", screen_clicks = "CTIPOP CALL RECEIVED", " Call Pop Received", screen_clicks = "DASHBOARD SEARCH LOAD"," Dashboad Search", screen_clicks = "BILLING TAB CLICK", " Billing Tab", screen_clicks = "TROUBLESHOOTING TAB CLICK", " Troubleshooting Tab", screen_clicks = "TOOLS TAB CLICK", " Tools Tab", screen_clicks = "ACCOUNT TAB CLICK", " Account Tab", screen_clicks = "DEVICE MANAGEMENT TAB", " Device Management Tab")
The bar chart always sorts alphabetically and I need to sort it in the following order:
Call Pop Recevied, Dashboard Search, Deashboard Tab, Accounts Tab, Billing Tab, Troubleshooting, Tools, Device Management.
I tried padding the descriptions with spaces to get my sort to work but it did not work.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this:
index=ctap host=sc58* sourcetype=gateway screen_clicks != "CALL TRACKER INSERT" screen_clicks != "ADD MEMO*" screen_clicks != "DEAD" screen_clicks != "PAYMENT" screen_clicks != "ESTIMATED*" screen_clicks != "UPDATE*" screen_clicks != "HIT*" screen_clicks != "SEND*" screen_clicks != "WARM*" screen_clicks != "STATEMENT*" screen_clicks != "SIX*" screen_clicks != "LOAD*" screen_clicks != "ACKNOWLEDGE*" screen_clicks != "AD GROUP ASSIGNED"
| chart count by screen_clicks
| eval Description = case(screen_clicks = "DASHBOARD TAB CLICK","02Dashboard Tab", screen_clicks = "CTIPOP CALL RECEIVED", "00Call Pop Received", screen_clicks = "DASHBOARD SEARCH LOAD","01Dashboad Search", screen_clicks = "BILLING TAB CLICK", "04Billing Tab", screen_clicks = "TROUBLESHOOTING TAB CLICK", "05Troubleshooting Tab", screen_clicks = "TOOLS TAB CLICK", " 06Tools Tab", screen_clicks = "ACCOUNT TAB CLICK", "03Account Tab", screen_clicks = "DEVICE MANAGEMENT TAB", " 07Device Management Tab")
| sort screen_clicks
| eval Description = case(screen_clicks = "02Dashboard Tab","Dashboard Tab", screen_clicks = "00Call Pop Received", "Call Pop Received", screen_clicks = "01Dashboad Search","Dashboad Search", screen_clicks = "04Billing Tab", "Billing Tab", screen_clicks = "05Troubleshooting Tab", "Troubleshooting Tab", screen_clicks = "06Tools Tab", "Tools Tab", screen_clicks = "03Account Tab", "Account Tab", screen_clicks = "07Device Management Tab", " Device Management Tab")
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried but the data is still sorting alphabetically.
screen_clicks count Description
ACCOUNT TAB CLICK 1189
BILLING TAB CLICK 22428
CTIPOP CALL RECEIVED 104351
CTIPOP DEAD AIR 25903
DASHBOARD SEARCH LOAD 25891
DASHBOARD TAB CLICK 205684
DEVICE MANAGEMENT TAB 4442
PAYMENT REQUEST FAILED 837
PAYMENT REQUEST INITIATED 5459
PAYMENT REQUEST PROCESSED
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics!
New in Observability Cloud - Explicit Bucket Histograms
