https://community.splunk.com/t5/Splunk-Search/help-for-sorting-time/m-p/527396#M148876 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/102660">@jip31</a>,</P><P>to sort time fields you have to convert them in epochtime.</P><P>In your case, _time is already in epochtime so you have only to change the order of your commands:</P><LI-CODE lang="markup">| sort -_time | eval "Event time" = strftime(_time, "%m/%d/%Y %H:%M") | table "Event time" </LI-CODE><P>&nbsp;Ciao.</P><P>Giuseppe</P> Sat, 31 Oct 2020 06:55:50 GMT gcusello 2020-10-31T06:55:50Z https://community.splunk.com/t5/Splunk-Search/help-for-sorting-time/m-p/527395#M148875 <P>hello</P><P>I use a time field like this but I am unable to sort the time with descending sort</P><P>How to do this please?</P><LI-CODE lang="markup">| eval time = strftime(_time, "%m/%d/%Y %H:%M") | rename time as "Event time" | table "Event time" | sort "Event time"</LI-CODE><P>&nbsp;</P> Sat, 31 Oct 2020 06:23:24 GMT https://community.splunk.com/t5/Splunk-Search/help-for-sorting-time/m-p/527395#M148875 jip31 2020-10-31T06:23:24Z https://community.splunk.com/t5/Splunk-Search/help-for-sorting-time/m-p/527396#M148876 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/102660">@jip31</a>,</P><P>to sort time fields you have to convert them in epochtime.</P><P>In your case, _time is already in epochtime so you have only to change the order of your commands:</P><LI-CODE lang="markup">| sort -_time | eval "Event time" = strftime(_time, "%m/%d/%Y %H:%M") | table "Event time" </LI-CODE><P>&nbsp;Ciao.</P><P>Giuseppe</P> Sat, 31 Oct 2020 06:55:50 GMT https://community.splunk.com/t5/Splunk-Search/help-for-sorting-time/m-p/527396#M148876 gcusello 2020-10-31T06:55:50Z https://community.splunk.com/t5/Splunk-Search/help-for-sorting-time/m-p/527401#M148877 <P>Thanks Giuseppe</P> Sat, 31 Oct 2020 08:07:25 GMT https://community.splunk.com/t5/Splunk-Search/help-for-sorting-time/m-p/527401#M148877 jip31 2020-10-31T08:07:25Z https://community.splunk.com/t5/Splunk-Search/help-for-sorting-time/m-p/527407#M148878 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/102660">@jip31</a>,</P><P>good for you.</P><P>ciao and happy splunking.</P><P>Giuseppe</P><P>P.S.: Karma Points are appreciated <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> Sat, 31 Oct 2020 10:38:57 GMT https://community.splunk.com/t5/Splunk-Search/help-for-sorting-time/m-p/527407#M148878 gcusello 2020-10-31T10:38:57Z