Hi,
I have example of date/time as below
Mon 28 Dec 2015 06:26:19 PM ICT
Mon 26 May 2014 04:52:02 PM ICT
Fri 17 Feb 2017 04:01:59 PM ICT
Wed 28 Jun 2017 05:49:04 PM ICT
Wed 05 Oct 2016 06:46:30 PM ICT
I want to sort it by date, month year... in the correct order. could you please tell me how to do it.
It works well, thanks you
You would have to convert the timestamp to epoch to sort it.
Option 1 (creating a new field to sort)
your current search giving above field with name say DateTime
| eval sortfield=strptime(DateTime,"%a %d %b %Y %H:%M:%S %p %Z")
| sort sortfield| field - sortfield
Option 2 (using same field)
your current search giving above field with name say DateTime
| eval DateTime=strptime(DateTime,"%a %d %b %Y %H:%M:%S %p %Z")
| sort DateTime| | eval DateTime=strftime(DateTime,"%a %d %b %Y %H:%M:%S %p %Z")