Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I list value in the table as I want order to be?

karu0711
Communicator
‎11-17-2022 07:09 AM

I want to be the order I list below?

Very High 

High 

Medium

Low

Very Low 

Info

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎11-17-2022 07:22 AM

Assign each value a number then sort numerically.

| eval sorter = case(level="Very High", 6, level="High", 5, 
                     level="Medium", 4, level="Low", 3, 
                     level="Very Low", 2, level="Info", 1, 
                     1==1, 0)
| sort - sorter
| fields - sorter
---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎11-17-2022 07:22 AM

Assign each value a number then sort numerically.

| eval sorter = case(level="Very High", 6, level="High", 5, 
                     level="Medium", 4, level="Low", 3, 
                     level="Very Low", 2, level="Info", 1, 
                     1==1, 0)
| sort - sorter
| fields - sorter
---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

PaulPanther
Motivator
‎11-17-2022 07:21 AM

Some more information would be helpful next time but anyway if you have a field with the mentioned values. You can do it as follow:

 

|  eval status=case(criticality="Very High", 6,criticality=="High",5,criticality=Medium,4,criticality="Low",3,criticality="Very Low",2,criticality="Info",1)
| table data, criticality, status
| sort -status
| fields - status

 

 

 

 

Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...