Splunk Search

How to sort search results by numbers

tobi2k
Explorer

The rounding of search results has already been discussed numerously. But unfortunately, it doesn't work for me.
I want to sort the result by total_time in descending order:

index="main" sourcetype="web_ping" response_code="200" | stats latest(total_time) by title | sort -num(total_time)

But the result is still sorted by the title.

title   latest(total_time)
brxxx   34.03
bsxxx   86.04
efxxx   157.03
gxxx    265.71
loxxx   340.82
stexxx  179.74
thxxx   239.87
winxxxe 292.73

Do you have a hint? Thank you!

0 Karma

tobi2k
Explorer

Works like a charm! Thank you!

0 Karma

tobi2k
Explorer

Thanks for your answer. I don't get it.

index="main" sourcetype="web_ping" response_code="200" | stats latest(total_time) by title | sort -latest

still deliver the result in the wrong order (highest number first)

    title   latest(total_time)
    bxxx    30.01
    bxxx    84.33
    efxxx   144.48
    gxxx    251.93
    loxxx   263.72
    etc...
0 Karma

HiroshiSatoh
Champion

Please look at my answer.

0 Karma

HiroshiSatoh
Champion

total_time does not exist. It is now latest (total_time).

| stats latest(total_time) by title | sort -latest(total_time)
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...