https://community.splunk.com/t5/Splunk-Search/How-to-sort-group-by-results/m-p/376740#M110584 <P>For example:</P> <P>raw data is</P> <PRE><CODE>100,x,info=1,error=1,warn=1 101,x,info=1,error=1,warn=1 101,y,info=1,error=2,warn=1 101,y,info=1,error=3,warn=1 | query | chart count by x y | addtotals col=true labelfield=x label="Totals" </CODE></PRE> <P>Sample results</P> <PRE><CODE>event, info, error, warn Total x 2 2 2 6 y 2 5 2 9 Totals 4 7 4 15 </CODE></PRE> <P>In the above query I want to sort the data based on group by query results in desc order. when i try | sort 0 -Totals, Totals column appearing first row in table. </P> <PRE><CODE>| query | chart count by x y | addtotals col=true labelfield=x label="Totals" | sort 0 -Total </CODE></PRE> <P>Result:</P> <PRE><CODE>event, info, error, warn Total Totals 4 7 4 15 y 2 5 2 9 x 2 2 2 6 </CODE></PRE> <P>But I want to display results as</P> <PRE><CODE>event, info, error, warn Total y 2 5 2 9 x 2 2 2 6 Totals 4 7 4 15 </CODE></PRE> <P>Any inputs here really helps me. Thanks</P> Thu, 07 Jun 2018 17:28:06 GMT ramki1459 2018-06-07T17:28:06Z https://community.splunk.com/t5/Splunk-Search/How-to-sort-group-by-results/m-p/376740#M110584 <P>For example:</P> <P>raw data is</P> <PRE><CODE>100,x,info=1,error=1,warn=1 101,x,info=1,error=1,warn=1 101,y,info=1,error=2,warn=1 101,y,info=1,error=3,warn=1 | query | chart count by x y | addtotals col=true labelfield=x label="Totals" </CODE></PRE> <P>Sample results</P> <PRE><CODE>event, info, error, warn Total x 2 2 2 6 y 2 5 2 9 Totals 4 7 4 15 </CODE></PRE> <P>In the above query I want to sort the data based on group by query results in desc order. when i try | sort 0 -Totals, Totals column appearing first row in table. </P> <PRE><CODE>| query | chart count by x y | addtotals col=true labelfield=x label="Totals" | sort 0 -Total </CODE></PRE> <P>Result:</P> <PRE><CODE>event, info, error, warn Total Totals 4 7 4 15 y 2 5 2 9 x 2 2 2 6 </CODE></PRE> <P>But I want to display results as</P> <PRE><CODE>event, info, error, warn Total y 2 5 2 9 x 2 2 2 6 Totals 4 7 4 15 </CODE></PRE> <P>Any inputs here really helps me. Thanks</P> Thu, 07 Jun 2018 17:28:06 GMT https://community.splunk.com/t5/Splunk-Search/How-to-sort-group-by-results/m-p/376740#M110584 ramki1459 2018-06-07T17:28:06Z https://community.splunk.com/t5/Splunk-Search/How-to-sort-group-by-results/m-p/376741#M110585 <P>i am able resolve my problem modifying query this <BR /> `| query<BR /> | chart count by x y <BR /> | sort 0 info desc<BR /> | addtotals col=true labelfield=x label="Totals"</P> Thu, 07 Jun 2018 18:19:21 GMT https://community.splunk.com/t5/Splunk-Search/How-to-sort-group-by-results/m-p/376741#M110585 ramki1459 2018-06-07T18:19:21Z https://community.splunk.com/t5/Splunk-Search/How-to-sort-group-by-results/m-p/376742#M110586 <P>@ramki1459, I have converted your comment to answer. Please accept the same to mark this question as answered!</P> Thu, 07 Jun 2018 18:41:40 GMT https://community.splunk.com/t5/Splunk-Search/How-to-sort-group-by-results/m-p/376742#M110586 niketn 2018-06-07T18:41:40Z