how to sort the date in chronological order by day...

vvemula · ‎10-09-2020

Hi Guys,

I need a help in sort the date,

Month_Value
27-Aug-20
17-jul-20
4-sep-20
30-jul-20
16-jul-20

I have sort then in sorting order as mentioned in the below,

Month_Value
16-jul-20
17-jul-20
30-jul-20
27-Aug-20
4-sep-20.

Can someone please help me here. I have check some solutions and tried, but nothing seems to works. Thank you in advance

niketn · ‎10-11-2020

@vvemula Actual answer will depend on your current SPL and how you are coming to the Time field, what is its use case? Why it can't be YYYY-mm-dd format.

One of the options would be to use fieldformat to format Time instead of eval. So that original time remains epoch.

| table _time
| fieldformat _time=strftime(_time,"%d-%b-%y")
| sort _time

Following is a run anywhere example:

| makeresults
| fields - _time
| eval data="27-Aug-20,17-jul-20,4-sep-20,30-jul-20,16-jul-20"
| makemv data delim=","
| mvexpand data
| eval _time=strptime(data,"%d-%b-%y")
| table _time
| fieldformat _time=strftime(_time,"%d-%b-%y")
| sort _time

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

isoutamo · ‎10-09-2020

You could convert date to epoch in additional field, sort with it and then remove that field.
r. Ismo

how to sort the date in chronological order by day-month-year?

timechart

Fastest way to demo Observability

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

Are you a member of the Splunk Community?

how to sort the date in chronological order by day-month-year?

timechart

Fastest way to demo Observability

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps