How to sort on single value in trellis?

timmym123 · ‎03-26-2018

I am trying to sort the trellis boxes(single values) based on the value within them, not alphabetically. I'm unable to change the order of the boxes when i sort by any field.

Current:
A B C
3 1 9

Desired:
B A C
1 3 9

The issue may be related to SPL-142769 from: https://answers.splunk.com/answers/564804/how-can-i-change-the-sort-order-of-data-in-a-trell.html

I was unable to find this issue. Anyone with a similar experience?

woodcock · ‎12-30-2019

The way to do it is by prepending a series of leading white space which will pull those values to the top/left. Assuming that you have (or can create) a field named severity where the higher the number, the worse it is, you can use code like this:

... | rename COMMENT AS "Pad with spaces to ensure that the metrics with the worst value show up first on the trellis!"
| eval YourTrellisFIeldNameHere = printf("%*s", len(YourTrellisFIeldNameHere) + severity, YourTrellisFIeldNameHere)

marcos_eng1 · ‎04-16-2021

Can you please give a more detailed example, I am trying to use it with no sucess.

woodcock · ‎12-30-2019

@timmym123, please come back and try this, it will work!

mhoogcarspel_sp · ‎04-17-2018

SPL-142769 is indeed the correct reference for this, to be able to sort the trellis layout.
This is a still outstanding request at the moment.

How to sort on single value in trellis?

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk