Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Sort the legend's display from chart

BDAS
Explorer
‎02-14-2013 03:12 AM

Hi everyone!

I would like to display several areas (stacked) or columns in a specific order. Here is my charting command :

| chart avg(countUsers) as avgCountUsers over Time by ID

My IDs are like 1001, 1002, 1003 ... 2001, 2002 ...

For example, the average corresponding to 1001 is above 1002, which is above 1003, and I want to reverse the areas/columns so that I display 1001 first, then 1002 on top of it, etc.

I tried the sort command and the reverse one, but my chart remained the same, maybe I haven't used it correctly.

Any ideas?

Thanks in advance!

BlueLychee.

Tags (1)
Reply

uksysadmins
New Member
‎06-14-2013 05:40 AM

Looks like the chart module just creates the legend entry when it gets an entry so you just need to sort by ID prior to piping it the chart.

| sort ID | chart avg(countUsers) as avgCountUsers over Time by ID

0 Karma
Reply

nugetchar
Explorer
‎02-14-2013 04:58 AM

I don't really understand... Don't you just have to write something like that?
==> "| fields 1003, 1002, 1001"

Unless you cannot know in advance how many results you will have... For example "1001 1002 1003" and later "2001 2002 2003 2004 2005"... In this case (and know I assume that this is your situation), I don't know how to do...

nugetchar

Reply

BDAS
Explorer
‎02-14-2013 05:33 AM

Thanks for answering so fast!

Yes, it works fine with | fields 1003 1002 1001 but I want my search to be generic in case I would receive other IDs (ex: 4001, 4002 ...)

Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...