- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to sort on single value in trellis?
I am trying to sort the trellis boxes(single values) based on the value within them, not alphabetically. I'm unable to change the order of the boxes when i sort by any field.
Current:
A B C
3 1 9
Desired:
B A C
1 3 9
The issue may be related to SPL-142769 from: https://answers.splunk.com/answers/564804/how-can-i-change-the-sort-order-of-data-in-a-trell.html
I was unable to find this issue. Anyone with a similar experience?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The way to do it is by prepending a series of leading white space which will pull those values to the top/left. Assuming that you have (or can create) a field named severity where the higher the number, the worse it is, you can use code like this:
... | rename COMMENT AS "Pad with spaces to ensure that the metrics with the worst value show up first on the trellis!"
| eval YourTrellisFIeldNameHere = printf("%*s", len(YourTrellisFIeldNameHere) + severity, YourTrellisFIeldNameHere)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This worked smooth:
| stats max(avg_io_wait_time) as avg_io_wait_time by host
| sort avg_io_wait_time
| streamstats c as severity
| eval host = printf("%*s", len(host) + severity, host)
| stats max(avg_io_wait_time) as avg_io_wait_time by host
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you please give a more detailed example, I am trying to use it with no sucess.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
| stats max(avg_io_wait_time) as avg_io_wait_time by host
| sort avg_io_wait_time
| streamstats c as severity
| eval host = printf("%*s", len(host) + severity, host)
| stats max(avg_io_wait_time) as avg_io_wait_time by host
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@timmym123, please come back and try this, it will work!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SPL-142769 is indeed the correct reference for this, to be able to sort the trellis layout.
This is a still outstanding request at the moment.
