Hello, Splunk rookie here,
I have a field in my data set that shows a date (ie. 06/26/2016) which I have used to populate a checkbox form. Here is my search string:
index="cleanout_dash2" sourcetype="csv" ACTUAL_CO_DATE=* | dedup ACTUAL_CO_DATE
I use the dedup
command to get only unique values however those values appear in a random order. I have tried adding the sort
command with no success. May I have the wrong syntax.
Thanks,
Lonnie
This should do it. Right now doing sorting in ascending order. Change | sort sortfield
with | sort -sortfield
if you want descending order.
index="cleanout_dash2" sourcetype="csv" ACTUAL_CO_DATE=* | dedup ACTUAL_CO_DATE | eval sortfield=strptime(ACTUAL_CO_DATE,"%m/%d/%Y") | sort sortfield | table ACTUAL_CO_DATE
This should do it. Right now doing sorting in ascending order. Change | sort sortfield
with | sort -sortfield
if you want descending order.
index="cleanout_dash2" sourcetype="csv" ACTUAL_CO_DATE=* | dedup ACTUAL_CO_DATE | eval sortfield=strptime(ACTUAL_CO_DATE,"%m/%d/%Y") | sort sortfield | table ACTUAL_CO_DATE
Thanks so much that worked perfectly. I was screwing up the syntax in the eval command.