I couldn't find any documentation except that values(), when used in transforming commands, performs dedup. But there's no official documentation saying that the result is returned or sorted alphabetically.
Thanks in advance.
index=main
| stats values(sourcetype) as ST
updated well, yes, i ran this one and "yes, values() returns the result alphabetically"
when used in transforming commands "performs dedup"
do you have any confusion regarding the dedup?!?!
index=main
| stats values(sourcetype) as ST
updated well, yes, i ran this one and "yes, values() returns the result alphabetically"
when used in transforming commands "performs dedup"
do you have any confusion regarding the dedup?!?!
No confusion at all because I complete understand that values() performs a dedup unlike list() which does not. Thanks anyway.
ya, the list() will just list the values.. and for values(), the splunk creators liked alphabetical order it-seems.
maybe, you can accept this as the answer, so that this question will be moved to answered posts. thanks.
I can't accept this answer. But if you change your answer to "yes, values() returns the result alphabetically" then I will accept it as correct answer. I hope you understand my part. I don't want to accept an answer with "maybe, that is a good idea, i feel." Thank you very much.
haha, done!
when used in transforming commands performs dedup.//
Can you pls post your search query?!?!
index=ourindex sourcetype=asourcetype
| stats values(Status) as Status by Category
| eval Status = mvjoin(Status, " ")
Result:
Category Status
Cat1 Blocked Completed In Progress
Cat 2 Completed Not Started
Cat 3 Blocked In Progress Not Started