just using this silly/simple example for illustration
this is the search
| makeresults count=5 | streamstats count as a | eval a=a+1 | streamstats count as d | eval d=d+10 |streamstats count as b | eval b=b+10 | streamstats count as c | eval c=c+11 |
and it gives me the below:
the legend reads a->d top to bottom and in the graph left to right.
How do I reverse this? How do I get it to read d->a, top to bottom in the legend, and d->a left to right in the graph?
Try something like this
| gentimes start=-5 | streamstats count as a | eval a=a+1 | streamstats count as d | eval d=d+10 |streamstats count as b | eval b=b+10 | streamstats count as c | eval c=c+11 | rename starttime as _time | table _time d c b a
Update
There is a work around where you can sort the column dynamically but it would add a sequence number in the column name. Something like this
| gentimes start=-5 | streamstats count as a | eval a=a+1 | streamstats count as d | eval d=d+10 |streamstats count as b | eval b=b+10 | streamstats count as c | eval c=c+11 | rename starttime as _time | table _time a b c d
| untable _time metrics value | sort _time -metrics | streamstats count as rank by _time | eval metrics=rank."-".metrics | xyseries _time metrics value
first two lines are to generate data.
