Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to rearrange the columns of a cart command

Trishant
Explorer
‎07-06-2017 06:30 AM

I have used this query-

sourcetype="sample data_ui performance" boxtype= "cisco*" build="RC24" | sort +iteration| eval testId = testId + ": " + testcase |
rename testId as Test_CaseID, build as Build, duration as Time_Taken |
chart values(Time_Taken) over Test_CaseID by iteration limit=20 |

and as a result I got
alt text

Now I want to rearrange the columns like 1, 2, 3, 4 and so on. How to do so?? I have tried sort but it didin't work.

Tags (1)
capture.png
Preview file
18 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

niketn
Legend
‎07-06-2017 12:18 PM

@Trishant, you can pad zero to iterations to make them sort as numerical strings i.e. 01, 02, 03... 10, 11 ...

Following example uses printf() function to pad 0 if length of String number is less than 2. printf("%02d",iteration)

sourcetype="sample data_ui performance" boxtype= "cisco*" build="RC24" 
| eval iteration=printf("%02d",iteration)
| eval testId = testId + ": " + testcase 
| rename testId as Test_CaseID, build as Build, duration as Time_Taken 
| chart values(Time_Taken) over Test_CaseID by iteration limit=20

You do not need sort + iteration on second line as mentioned in your search.

While this is just an option, the solution by @DalJeanis is best approach for your scenario. It does not require additional evaluation and it applies sort after dataset is narrowed down to specific results.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

Reply
Solved! Jump to solution
Solution

niketn
Legend
‎07-06-2017 12:18 PM

@Trishant, you can pad zero to iterations to make them sort as numerical strings i.e. 01, 02, 03... 10, 11 ...

Following example uses printf() function to pad 0 if length of String number is less than 2. printf("%02d",iteration)

sourcetype="sample data_ui performance" boxtype= "cisco*" build="RC24" 
| eval iteration=printf("%02d",iteration)
| eval testId = testId + ": " + testcase 
| rename testId as Test_CaseID, build as Build, duration as Time_Taken 
| chart values(Time_Taken) over Test_CaseID by iteration limit=20

You do not need sort + iteration on second line as mentioned in your search.

While this is just an option, the solution by @DalJeanis is best approach for your scenario. It does not require additional evaluation and it applies sort after dataset is narrowed down to specific results.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Reply
Solved! Jump to solution

Trishant
Explorer
‎07-07-2017 04:58 AM

Many Thanks, this worked for me..

0 Karma
Reply
Solved! Jump to solution

niketn
Legend
‎07-07-2017 05:32 AM

@Trishant, glad it worked. Did you try @DalJeanis's answer?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Solved! Jump to solution

Trishant
Explorer
‎07-07-2017 06:31 AM

Yeah I tried that as well but,I am not sure why sort command is not working for my query..

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎07-06-2017 08:14 AM

The chart/timechart/xyseries etc command automatically sorts the column names, treating them as string. There can be a workaround but it's based on assumption that the column names are known and fixed. You can basically add a table command at the end of your search with list of columns in the proper order.

your current search with chart command
| table Test_CaseID 1 2 3 4 5 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

OR

your current search with chart command
| table Test_CaseID [| gentimes start=-1 | eval search=mvrange(1,21) | stats list(search) as search delim="," | nomv search ]
Reply
Solved! Jump to solution

DalJeanis
Legend
‎07-06-2017 06:46 AM

It is sorting the iterations as strings rather than numbers.

try this 

 | sort + num(iteration)
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...
li.common.scroll-to.top