Solved: How to sort the month when using the field in char...

sangs8788 · ‎09-03-2018

Hi

Below is a query which returns the latency over month by cust_id. Events contain fields as month=April, month=May etc

...| chart  max(Avg) as Avg, max(Max) as Max, p95(P95) as P95 over month by cust_id  useother=f limit=40 |sort  -Max, -P95

The query shows result in sorted by month name since month is a string. How do i sort by calendar series and display as a chart ?

sangs8788 · ‎09-03-2018

I found the answer. This worked

| eval  sort=case(       Month=="January","1",       Month=="February","2",       Month=="March","3",       Month=="April","4",       Month=="May","5",       Month=="June","6",       Month=="July","7",       Month=="August","8",       Month=="Septempber","9",       Month=="October","10",       Month=="November","11",       Month=="December","12")|sort sort |fields - sort

View solution in original post

sangs8788 · ‎09-03-2018

I found the answer. This worked

| eval  sort=case(       Month=="January","1",       Month=="February","2",       Month=="March","3",       Month=="April","4",       Month=="May","5",       Month=="June","6",       Month=="July","7",       Month=="August","8",       Month=="Septempber","9",       Month=="October","10",       Month=="November","11",       Month=="December","12")|sort sort |fields - sort

How to sort the month when using the field in chart over command?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life