Splunk Search

How can I control the order of results on a chart or timechart?


I have a timechart that is based on count by score, where score is a whole number between 0 and 10. Every time I make a chart, the order shows up as:


I've tried sorting the results by score, but 10 never appears at the end of the results. I tried to use covert num(score) and sort the results but 10 is still showing up between 1 and 2 instead of at the end of the results.

What am I doing wrong?


Tags (1)

Splunk Employee
Splunk Employee

It appears that even if you force score to a numeric value, the sort is always calculated as if the values are strings. This causes the 10 to order between 1 and 2, rather than after 9. Even when using | sort - num(score). I've filed a support ticket.

Get Updates on the Splunk Community!

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...

DevSecOps: Why You Should Care and How To Get Started

 WATCH NOW In this Tech Talk we will talk about what people mean by DevSecOps and deep dive into the different ...

Introducing Ingest Actions: Filter, Mask, Route, Repeat

WATCH NOW Ingest Actions (IA) is the best new way to easily filter, mask and route your data in Splunk® ...