Solved: How can I have my pivot table automatically sort b...

ringbbg · ‎01-31-2017

I'm trying to create a pivot to tabulate the list of events happening in our network. i want it to display the latest events first as default view, but every time i reload Splunk Web, it sorts the data randomly ( count of xxxx). How can i have the pivot automatically display the latest events first?

| pivot Test2 Network_mon values(source) AS "Log Directory" SPLITROW _time AS _time PERIOD second SPLITROW host AS host SPLITROW ip AS "peer IP" SPLITROW process AS process SPLITROW syslog_message AS syslog_message SORT 100 _time ROWSUMMARY 0 COLSUMMARY 0 NUMCOLS 0 SHOWOTHER 1

rjthibod · ‎01-31-2017

Try this

| pivot Test2 Network_mon values(source) AS "Log Directory" SPLITROW _time AS _time PERIOD second SPLITROW host AS host SPLITROW ip AS "peer IP" SPLITROW process AS process SPLITROW syslog_message AS syslog_message | sort 0 -_time

View solution in original post

rjthibod · ‎01-31-2017

Try this

| pivot Test2 Network_mon values(source) AS "Log Directory" SPLITROW _time AS _time PERIOD second SPLITROW host AS host SPLITROW ip AS "peer IP" SPLITROW process AS process SPLITROW syslog_message AS syslog_message | sort 0 -_time

How can I have my pivot table automatically sort by time (latest events first)?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases