Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Creating a punch card panel on dashboard and sorting order?

AndreasLasses
Explorer
‎04-05-2023 07:12 AM

Hello!

I am trying to create a punch card panel in a dashboard. I want to sort the X field on week number in ascending order and the Y on weekday in ascending order. My issue is that however I formulate the query, one of the axises will be in descending and the other in ascending. Here is my query:

 

 

 

index="*******" sourcetype=_json
| stats latest(Number_of_Commits) as Commits by week Day
| eval week_sort = case(
  Day=="Monday", 1, 
  Day=="Tuesday", 2, 
  Day=="Wednesday", 3, 
  Day=="Thursday", 4, 
  Day=="Friday", 5,
  Day=="Saturday", 6,
  Day=="Sunday", 7
)
| eval sort_field = week_sort*10 + case(
  Day=="Monday", 1, 
  Day=="Tuesday", 2, 
  Day=="Wednesday", 3, 
  Day=="Thursday", 4, 
  Day=="Friday", 5,
  Day=="Saturday", 6,
  Day=="Sunday", 7
)
| sort sort_field week_sort

 

 

 

The result of this query is as follows:

AndreasLasses_0-1680703803837.png

What am I missing to make both X & Y axises sort in ascending order?

Thanks in advance

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎04-05-2023 05:41 PM

Like this:

index="_*"
| eval Day=strftime(_time, "%A")
| eval week=strftime(_time, "%V")
| stats count AS Commits BY week Day 
| eval _week_sort = case( Day=="Monday", 1, Day=="Tuesday", 2, Day=="Wednesday", 3, Day=="Thursday", 4, Day=="Friday", 5, Day=="Saturday", 6, Day=="Sunday", 7 ) 
| sort 0 - _week_sort

View solution in original post

Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎04-05-2023 05:41 PM

Like this:

index="_*"
| eval Day=strftime(_time, "%A")
| eval week=strftime(_time, "%V")
| stats count AS Commits BY week Day 
| eval _week_sort = case( Day=="Monday", 1, Day=="Tuesday", 2, Day=="Wednesday", 3, Day=="Thursday", 4, Day=="Friday", 5, Day=="Saturday", 6, Day=="Sunday", 7 ) 
| sort 0 - _week_sort
Reply
Solved! Jump to solution

AndreasLasses
Explorer
‎04-05-2023 11:08 PM

Thank you so much for this @woodcock  !
And let's say I want the days in descending order and the week still in ascending?

0 Karma
Reply
Solved! Jump to solution

VatsalJagani
SplunkTrust
SplunkTrust
‎04-06-2023 10:51 PM

I'm not 100% sure but give this a try for the last line of @woodcock 's answer:

| sort 0 -_week_sort, +week

 

I hope this helps!!!

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎04-06-2023 05:32 PM

Not possible.  You get one or the other.  Don't forget to accept for karma.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...