How to arrange the by "time" column in order of la... - Splunk Community

Splunk Enterprise

index=auto_prod_rmt sourcetype=auto_prod_rmt_healthcheck earliest=-7d |rex field=_raw "Application=(?.)\sTask" |rex field=_raw "Message=(?.)" |sort Application_Name | eval time=strftime(_time, "%d/%m/%Y") |dedup Application_Name,time | eval new_time = time.":".date_wday |sort -time|chart values(Status) over Application_Name by new_time

I want "new_time" to be arranged in order of todays date first and so on.
Please help me in achieving the same.

from looking at this, I would redo the time format to be %Y/%m/%d, so that it would sort chronologically.

Tried below but does not help:

index=auto_prod_rmt sourcetype=auto_prod_rmt_healthcheck earliest=-7d |rex field=_raw "Application=(?.)\sTask" |rex field=_raw "Message=(?.)" |sort Application_Name | eval new_time=strftime(_time, "%Y/%m/%d") | dedup Application_Name, new_time | sort new_time| chart values(Status) over Application_Name by new_time

can you share an output?

Get Updates on the Splunk Community!

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...