Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to sort on single value in trellis?

timmym123
Engager
‎03-26-2018 12:55 PM

I am trying to sort the trellis boxes(single values) based on the value within them, not alphabetically. I'm unable to change the order of the boxes when i sort by any field.

Current:
A B C
3 1 9

Desired:
B A C
1 3 9

The issue may be related to SPL-142769 from: https://answers.splunk.com/answers/564804/how-can-i-change-the-sort-order-of-data-in-a-trell.html

I was unable to find this issue. Anyone with a similar experience?

Reply

woodcock
Esteemed Legend
‎12-30-2019 08:19 AM

The way to do it is by prepending a series of leading white space which will pull those values to the top/left. Assuming that you have (or can create) a field named severity where the higher the number, the worse it is, you can use code like this:

... | rename COMMENT AS "Pad with spaces to ensure that the metrics with the worst value show up first on the trellis!"
| eval YourTrellisFIeldNameHere = printf("%*s", len(YourTrellisFIeldNameHere) + severity, YourTrellisFIeldNameHere)
0 Karma
Reply

jokertothequinn
Path Finder
‎08-21-2024 02:28 AM

This worked smooth:

| stats max(avg_io_wait_time) as avg_io_wait_time by host
| sort avg_io_wait_time
| streamstats c as severity
| eval host = printf("%*s", len(host) + severity, host)
| stats max(avg_io_wait_time) as avg_io_wait_time by host

 

 

0 Karma
Reply

marcos_eng1
Explorer
‎04-16-2021 07:44 AM

Can you please give a more detailed example, I am trying to use it with no sucess.

0 Karma
Reply

jokertothequinn
Path Finder
‎08-21-2024 02:29 AM

| stats max(avg_io_wait_time) as avg_io_wait_time by host
| sort avg_io_wait_time
| streamstats c as severity
| eval host = printf("%*s", len(host) + severity, host)
| stats max(avg_io_wait_time) as avg_io_wait_time by host

0 Karma
Reply

woodcock
Esteemed Legend
‎12-30-2019 08:21 AM

@timmym123, please come back and try this, it will work!

0 Karma
Reply

mhoogcarspel_sp
Splunk Employee
Splunk Employee
‎04-17-2018 05:40 AM

SPL-142769 is indeed the correct reference for this, to be able to sort the trellis layout.
This is a still outstanding request at the moment.

Reply
Get Updates on the Splunk Community!

Exciting News: The AppDynamics Community Joins Splunk!

Hello Splunkers,   I’d like to introduce myself—I’m Ryan, the former AppDynamics Community Manager, and I’m ...

The All New Performance Insights for Splunk

Splunk gives you amazing tools to analyze system data and make business-critical decisions, react to issues, ...

Good Sourcetype Naming

When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...
Top