Solved: How do I list value in the table as I want order t...

karu0711 · ‎11-17-2022

I want to be the order I list below?

Very High

High

Medium

Low

Very Low

Info

richgalloway · ‎11-17-2022

Assign each value a number then sort numerically.

| eval sorter = case(level="Very High", 6, level="High", 5, 
                     level="Medium", 4, level="Low", 3, 
                     level="Very Low", 2, level="Info", 1, 
                     1==1, 0)
| sort - sorter
| fields - sorter

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎11-17-2022

Assign each value a number then sort numerically.

| eval sorter = case(level="Very High", 6, level="High", 5, 
                     level="Medium", 4, level="Low", 3, 
                     level="Very Low", 2, level="Info", 1, 
                     1==1, 0)
| sort - sorter
| fields - sorter

---
If this reply helps you, Karma would be appreciated.

PaulPanther · ‎11-17-2022

Some more information would be helpful next time but anyway if you have a field with the mentioned values. You can do it as follow:

|  eval status=case(criticality="Very High", 6,criticality=="High",5,criticality=Medium,4,criticality="Low",3,criticality="Very Low",2,criticality="Info",1)
| table data, criticality, status
| sort -status
| fields - status

How do I list value in the table as I want order to be?

chart

fields

table

Feel the Splunk Love: Real Stories from Real Customers

Data Management Digest – November 2025

Splunk Mobile: Your Brand-New Home Screen

Are you a member of the Splunk Community?