Archive

sort descending avg time field in results

New Member

i have a field "avg_time" which i want to display in descending order. tried sort -avg_time but didn't worked

eval n=round(diff,2)|chart limit=200 eval(round(avg(n),2)) as avg_time count over Transaction_GroupName by v usenull=false. v is version of app

the results table has fields Transaction_GroupName, count:v, avg_time:v

Tags (1)
0 Karma

Legend

Hi @MOHITJOSHI,
I haven't your data so I cannot test your search, but you cannot put an eval in a chart command in that way and I think that you don't need, try something like this:

index=your_index
| chart limit=200 avg(diff) as avg_time over Transaction_GroupName BY v
| eval  avg_time=round(avg_time,2)

The problem is that avg_time isn't a column of the table because as column you have v so you cannot sort by avg_time and that you cannot have two fields in chart command.

To have avg_time as a column you have to use the command stats, having in two different columns Transaction_GroupName and v, something like this:

index=your_index
| stats avg(diff) as avg_time count BY Transaction_GroupName v
| eval  avg_time=round(avg_time,2)
| sort 200 -avg_time

I don't know if it could be acceptable for you.

Ciao.
Giuseppe

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!