Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- How to sort on single value in trellis?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to sort on single value in trellis?
I am trying to sort the trellis boxes(single values) based on the value within them, not alphabetically. I'm unable to change the order of the boxes when i sort by any field.
Current:
A B C
3 1 9
Desired:
B A C
1 3 9
The issue may be related to SPL-142769 from: https://answers.splunk.com/answers/564804/how-can-i-change-the-sort-order-of-data-in-a-trell.html
I was unable to find this issue. Anyone with a similar experience?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The way to do it is by prepending a series of leading white space which will pull those values to the top/left. Assuming that you have (or can create) a field named severity where the higher the number, the worse it is, you can use code like this:
... | rename COMMENT AS "Pad with spaces to ensure that the metrics with the worst value show up first on the trellis!"
| eval YourTrellisFIeldNameHere = printf("%*s", len(YourTrellisFIeldNameHere) + severity, YourTrellisFIeldNameHere)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This worked smooth:
| stats max(avg_io_wait_time) as avg_io_wait_time by host
| sort avg_io_wait_time
| streamstats c as severity
| eval host = printf("%*s", len(host) + severity, host)
| stats max(avg_io_wait_time) as avg_io_wait_time by host
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you please give a more detailed example, I am trying to use it with no sucess.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
| stats max(avg_io_wait_time) as avg_io_wait_time by host
| sort avg_io_wait_time
| streamstats c as severity
| eval host = printf("%*s", len(host) + severity, host)
| stats max(avg_io_wait_time) as avg_io_wait_time by host
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@timmym123, please come back and try this, it will work!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SPL-142769 is indeed the correct reference for this, to be able to sort the trellis layout.
This is a still outstanding request at the moment.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Announcing Modern Navigation: A New Era of Splunk User Experience
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...
