FYI as of 2024:

This command would reach limit specified in limits.conf. As default, it would return 10,000 events, even if there's more than that.

Instead, use:

| sort 0 -_time

This would return the full result, although can impact performance.

Thank you for the quick reply. Below is my query for the report. I am having trouble to understand where should the argument you mentioned be placed. Also is there a way where this can be done in the pivot?

| pivot servicestrafficcaapimodel servicesapielsproductionds count(servicesapielsproductionds) AS count SPLITROW _time AS _time PERIOD day SPLITROW service AS service SPLITROW operation AS operation SPLITROW method AS method SPLITROW principal AS principal SPLITROW systemid AS systemid SORT 100 _time ROWSUMMARY 0 COLSUMMARY 0 SHOWOTHER 1

if you have a _time field in your output place it at the last..can you share a snapshot of your output?

Thank you for the quick reply. I am able to get the results required.

However, I don't have permission to change the query to extract the result. All I can do is change the configuration in the pivot. Is there a way where I can do this through Pivot. I see I can change the report to get the results in ascending order.

Thank you

Configuration options specific to split row elements regardless of field type

Label - Use this to override the field name with a different text string for reporting purposes. For example, you can use it to ensure that an field titled "product name" displays as "Product" in the pivot.
Sort - How the split rows that the element creates should be sorted. Available values are Default, Descending, and Ascending. The default is Default.
When the Sort value is Default Splunk software sorts the rows naturally by the field type of the first split. In other words, if the first split is on uri (a string field), the rows will be sorted alphabetically by the value of uri. If it is on _time (a timestamp field) the rows will be sorted in ascending chronological order.
When the Sort value is Descending or Ascending, the rows will be sorted by the value of the first Column Values element that outputs a metric value (via an aggregation operation like count, sum, average, and so on).
your first split should be on _time and sort value as descending