Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to sort on single value in trellis?

timmym123
Engager
‎03-26-2018 12:55 PM

I am trying to sort the trellis boxes(single values) based on the value within them, not alphabetically. I'm unable to change the order of the boxes when i sort by any field.

Current:
A B C
3 1 9

Desired:
B A C
1 3 9

The issue may be related to SPL-142769 from: https://answers.splunk.com/answers/564804/how-can-i-change-the-sort-order-of-data-in-a-trell.html

I was unable to find this issue. Anyone with a similar experience?

Reply

woodcock
Esteemed Legend
‎12-30-2019 08:19 AM

The way to do it is by prepending a series of leading white space which will pull those values to the top/left. Assuming that you have (or can create) a field named severity where the higher the number, the worse it is, you can use code like this:

... | rename COMMENT AS "Pad with spaces to ensure that the metrics with the worst value show up first on the trellis!"
| eval YourTrellisFIeldNameHere = printf("%*s", len(YourTrellisFIeldNameHere) + severity, YourTrellisFIeldNameHere)
0 Karma
Reply

jokertothequinn
Path Finder
‎08-21-2024 02:28 AM

This worked smooth:

| stats max(avg_io_wait_time) as avg_io_wait_time by host
| sort avg_io_wait_time
| streamstats c as severity
| eval host = printf("%*s", len(host) + severity, host)
| stats max(avg_io_wait_time) as avg_io_wait_time by host

 

 

0 Karma
Reply

marcos_eng1
Explorer
‎04-16-2021 07:44 AM

Can you please give a more detailed example, I am trying to use it with no sucess.

0 Karma
Reply

jokertothequinn
Path Finder
‎08-21-2024 02:29 AM

| stats max(avg_io_wait_time) as avg_io_wait_time by host
| sort avg_io_wait_time
| streamstats c as severity
| eval host = printf("%*s", len(host) + severity, host)
| stats max(avg_io_wait_time) as avg_io_wait_time by host

0 Karma
Reply

woodcock
Esteemed Legend
‎12-30-2019 08:21 AM

@timmym123, please come back and try this, it will work!

0 Karma
Reply

mhoogcarspel_sp
Splunk Employee
Splunk Employee
‎04-17-2018 05:40 AM

SPL-142769 is indeed the correct reference for this, to be able to sort the trellis layout.
This is a still outstanding request at the moment.

Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...