Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to sort on single value in trellis?

timmym123
Engager
‎03-26-2018 12:55 PM

I am trying to sort the trellis boxes(single values) based on the value within them, not alphabetically. I'm unable to change the order of the boxes when i sort by any field.

Current:
A B C
3 1 9

Desired:
B A C
1 3 9

The issue may be related to SPL-142769 from: https://answers.splunk.com/answers/564804/how-can-i-change-the-sort-order-of-data-in-a-trell.html

I was unable to find this issue. Anyone with a similar experience?

Reply

woodcock
Esteemed Legend
‎12-30-2019 08:19 AM

The way to do it is by prepending a series of leading white space which will pull those values to the top/left. Assuming that you have (or can create) a field named severity where the higher the number, the worse it is, you can use code like this:

... | rename COMMENT AS "Pad with spaces to ensure that the metrics with the worst value show up first on the trellis!"
| eval YourTrellisFIeldNameHere = printf("%*s", len(YourTrellisFIeldNameHere) + severity, YourTrellisFIeldNameHere)
0 Karma
Reply

jokertothequinn
Path Finder
‎08-21-2024 02:28 AM

This worked smooth:

| stats max(avg_io_wait_time) as avg_io_wait_time by host
| sort avg_io_wait_time
| streamstats c as severity
| eval host = printf("%*s", len(host) + severity, host)
| stats max(avg_io_wait_time) as avg_io_wait_time by host

 

 

0 Karma
Reply

marcos_eng1
Explorer
‎04-16-2021 07:44 AM

Can you please give a more detailed example, I am trying to use it with no sucess.

0 Karma
Reply

jokertothequinn
Path Finder
‎08-21-2024 02:29 AM

| stats max(avg_io_wait_time) as avg_io_wait_time by host
| sort avg_io_wait_time
| streamstats c as severity
| eval host = printf("%*s", len(host) + severity, host)
| stats max(avg_io_wait_time) as avg_io_wait_time by host

0 Karma
Reply

woodcock
Esteemed Legend
‎12-30-2019 08:21 AM

@timmym123, please come back and try this, it will work!

0 Karma
Reply

mhoogcarspel_sp
Splunk Employee
Splunk Employee
‎04-17-2018 05:40 AM

SPL-142769 is indeed the correct reference for this, to be able to sort the trellis layout.
This is a still outstanding request at the moment.

Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...