Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to sort on single value in trellis?

timmym123
Engager
‎03-26-2018 12:55 PM

I am trying to sort the trellis boxes(single values) based on the value within them, not alphabetically. I'm unable to change the order of the boxes when i sort by any field.

Current:
A B C
3 1 9

Desired:
B A C
1 3 9

The issue may be related to SPL-142769 from: https://answers.splunk.com/answers/564804/how-can-i-change-the-sort-order-of-data-in-a-trell.html

I was unable to find this issue. Anyone with a similar experience?

Reply

woodcock
Esteemed Legend
‎12-30-2019 08:19 AM

The way to do it is by prepending a series of leading white space which will pull those values to the top/left. Assuming that you have (or can create) a field named severity where the higher the number, the worse it is, you can use code like this:

... | rename COMMENT AS "Pad with spaces to ensure that the metrics with the worst value show up first on the trellis!"
| eval YourTrellisFIeldNameHere = printf("%*s", len(YourTrellisFIeldNameHere) + severity, YourTrellisFIeldNameHere)
0 Karma
Reply

jokertothequinn
Path Finder
‎08-21-2024 02:28 AM

This worked smooth:

| stats max(avg_io_wait_time) as avg_io_wait_time by host
| sort avg_io_wait_time
| streamstats c as severity
| eval host = printf("%*s", len(host) + severity, host)
| stats max(avg_io_wait_time) as avg_io_wait_time by host

 

 

0 Karma
Reply

marcos_eng1
Explorer
‎04-16-2021 07:44 AM

Can you please give a more detailed example, I am trying to use it with no sucess.

0 Karma
Reply

jokertothequinn
Path Finder
‎08-21-2024 02:29 AM

| stats max(avg_io_wait_time) as avg_io_wait_time by host
| sort avg_io_wait_time
| streamstats c as severity
| eval host = printf("%*s", len(host) + severity, host)
| stats max(avg_io_wait_time) as avg_io_wait_time by host

0 Karma
Reply

woodcock
Esteemed Legend
‎12-30-2019 08:21 AM

@timmym123, please come back and try this, it will work!

0 Karma
Reply

mhoogcarspel_sp
Splunk Employee
Splunk Employee
‎04-17-2018 05:40 AM

SPL-142769 is indeed the correct reference for this, to be able to sort the trellis layout.
This is a still outstanding request at the moment.

Reply
Get Updates on the Splunk Community!

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...

Splunk App Dev Community Updates – What’s New and What’s Next

Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...
Top