Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to arrange my bar chart to represent time in chronological order?

aartivig289
Engager
‎07-07-2017 01:16 PM

Hi,

I am reading data from a csv file using a lookup.
I need to plot monthly transaction charge volume on a bar chart as follows:

alt text

Unfortunately when I sort, Splunk uses alphabetical order to arrange the months.
Is there a way to have these months sorted in a chronological order as : Jan-17, Feb-17... and so on ?

The search I am using is : 

|inputlookup ChargeVolume.csv |stats sum(Charge Volume (USD)) as "Charge Volume" , sum(Pre Auth volume) as "Pre Auth Volume" by "Reporting Month-YEAR" | Rename "Reporting Month-YEAR" to "Month"
Tags (5)
Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

vasanthmss
Motivator
‎07-07-2017 02:25 PM

try something like this, 

|inputlookup ChargeVolume.csv |stats sum(Charge Volume (USD)) as "Charge Volume" , sum(Pre Auth volume) as "Pre Auth Volume" by "Reporting Month-YEAR" | Rename "Reporting Month-YEAR" to "Month" | eval rank=case(Month like "Jan-%",1,Month like "Feb-%",2,Month like "Mar-%",3,Month like "Apr-%",4,Month like "May-%",5,Month like "Jun-%",6,Month like "Jul-%",7,Month like "Aug-%",8,Month like "Sep-%",9,Month like "Oct-%",10,Month like "Nov-%",11,Month like "Dec-%",12,1=1,13) | sort 0 rank | fields - rank
V

View solution in original post

Reply
Solved! Jump to solution

aartivig289
Engager
‎07-07-2017 02:36 PM

Thanks again Vasanth 🙂
This one works !

0 Karma
Reply
Solved! Jump to solution
Solution

vasanthmss
Motivator
‎07-07-2017 02:25 PM

try something like this, 

|inputlookup ChargeVolume.csv |stats sum(Charge Volume (USD)) as "Charge Volume" , sum(Pre Auth volume) as "Pre Auth Volume" by "Reporting Month-YEAR" | Rename "Reporting Month-YEAR" to "Month" | eval rank=case(Month like "Jan-%",1,Month like "Feb-%",2,Month like "Mar-%",3,Month like "Apr-%",4,Month like "May-%",5,Month like "Jun-%",6,Month like "Jul-%",7,Month like "Aug-%",8,Month like "Sep-%",9,Month like "Oct-%",10,Month like "Nov-%",11,Month like "Dec-%",12,1=1,13) | sort 0 rank | fields - rank
V
Reply
Solved! Jump to solution

davesplunk01
Path Finder
‎07-07-2017 04:04 PM

Good one. for safer side use year also in the sorting , 

|inputlookup ChargeVolume.csv |stats sum(Charge Volume (USD)) as "Charge Volume" , sum(Pre Auth volume) as "Pre Auth Volume" by "Reporting Month-YEAR" | Rename "Reporting Month-YEAR" to "Month" | eval rank=case(Month like "Jan-%",1,Month like "Feb-%",2,Month like "Mar-%",3,Month like "Apr-%",4,Month like "May-%",5,Month like "Jun-%",6,Month like "Jul-%",7,Month like "Aug-%",8,Month like "Sep-%",9,Month like "Oct-%",10,Month like "Nov-%",11,Month like "Dec-%",12,1=1,13)  |rex field=Month "-(?<rank_year>\d+)" | sort 0 rank_year, rank| fields - rank rank_year
0 Karma
Reply
Solved! Jump to solution

sbbadri
Motivator
‎07-07-2017 01:51 PM

did your try your search | sort Month

0 Karma
Reply
Solved! Jump to solution

aartivig289
Engager
‎07-07-2017 02:15 PM

Hey yea I did that.
It simply sorts the months by alphabetical order and not chronologically

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...