https://community.splunk.com/t5/Splunk-Search/How-to-sort-concatenated-DATE-amp-TIME-field/m-p/522917#M147461 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/222977">@Ashwini008</a>&nbsp;.. you have to convert to epoch and sort and then convert back to your format.&nbsp; pls check the below SPL query. thanks.</P><P>&nbsp;</P><LI-CODE lang="markup">... | eval DATETIME=DATE." ".TIME | eval sortDate=strptime(DATETIME, "%m/%d/%Y %H:%S") | sort sortDate | eval DATETIME=strftime(SortDate, "%m/%d/%Y %H:%S")</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>(PS - i have given around 500+ karma points so far, received badge for that, if an answer helped you, a karma point would be nice!. we all should start "Learn, Give Back, Have Fun")</P> Mon, 05 Oct 2020 07:23:24 GMT inventsekar 2020-10-05T07:23:24Z https://community.splunk.com/t5/Splunk-Search/How-to-sort-concatenated-DATE-amp-TIME-field/m-p/522916#M147460 <P>Hi,</P><P>I have concatenated my DATE &amp; TIME Field as below</P><P><STRONG>| eval DATE&amp;TIME=DATE." ".TIME</STRONG></P><P><STRONG>EXAMPLE:(%m/%d/%Y&nbsp; %H:%S)</STRONG></P><P>12/09/2017 23:28</P><P><SPAN>01/27/2019 00:49</SPAN></P><P>04/14/2018 23:42</P><P><SPAN>How to sort my DATE&amp;TIME field now .I want to show the latest date and time field at the beginning?</SPAN></P><P><SPAN>Any suggestions?</SPAN></P><P><SPAN>Thank you</SPAN><SPAN>&nbsp;</SPAN></P><P>&nbsp;</P> Mon, 05 Oct 2020 07:09:50 GMT https://community.splunk.com/t5/Splunk-Search/How-to-sort-concatenated-DATE-amp-TIME-field/m-p/522916#M147460 Ashwini008 2020-10-05T07:09:50Z https://community.splunk.com/t5/Splunk-Search/How-to-sort-concatenated-DATE-amp-TIME-field/m-p/522917#M147461 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/222977">@Ashwini008</a>&nbsp;.. you have to convert to epoch and sort and then convert back to your format.&nbsp; pls check the below SPL query. thanks.</P><P>&nbsp;</P><LI-CODE lang="markup">... | eval DATETIME=DATE." ".TIME | eval sortDate=strptime(DATETIME, "%m/%d/%Y %H:%S") | sort sortDate | eval DATETIME=strftime(SortDate, "%m/%d/%Y %H:%S")</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>(PS - i have given around 500+ karma points so far, received badge for that, if an answer helped you, a karma point would be nice!. we all should start "Learn, Give Back, Have Fun")</P> Mon, 05 Oct 2020 07:23:24 GMT https://community.splunk.com/t5/Splunk-Search/How-to-sort-concatenated-DATE-amp-TIME-field/m-p/522917#M147461 inventsekar 2020-10-05T07:23:24Z https://community.splunk.com/t5/Splunk-Search/How-to-sort-concatenated-DATE-amp-TIME-field/m-p/522922#M147464 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/80737">@inventsekar</a>&nbsp;I tried your solution but it didn't work.The field was still in random order.</P><P>However i tried the below code and it worked for me</P><P>| eval EPOCHDATE=strptime(DATE,"%Y%m%d")<BR />| sort -EPOCHDATE<BR />| eval EPOCHTIME=strptime(TIME,"%H%M%S")<BR />| sort -EPCOHTIME<BR />| eval DATE=strftime(EPOCHDATE,"%m/%d/%Y")<BR />| eval TIME=strftime(EPOCHTIME,"%H:%M")<BR />| eval DATE&amp;TIME=DATE." ".TIME</P> Mon, 05 Oct 2020 08:00:13 GMT https://community.splunk.com/t5/Splunk-Search/How-to-sort-concatenated-DATE-amp-TIME-field/m-p/522922#M147464 Ashwini008 2020-10-05T08:00:13Z