Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to change the order of fields when chart is used

nnonm111
Path Finder
‎08-12-2021 12:29 AM

index="www1" sourcetype="access_combined_wcookie" action=* status<=400
| timechart span=1d count(action) by clientip useother=f
| addtotals
| eval type = if(Total>90 ,"UP","DOWN")
| fields _time 194.* *.*.*.* Total type
| sort - _time

 

I want to change the order of the x-axis field names when using it.
| fields _time 194.* *.*.*.* Total type   Is there any other way than this?

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

codebuilder
Influencer
‎08-12-2021 09:50 AM

If I understand your question correctly, fields are displayed in the order which you define them.
So if you use this for example:

| fields Total 194.* *.*.*.* type _time

 
Then you'll see Total displayed first and _time last.

----
An upvote would be appreciated and Accept Solution if it helps!

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

codebuilder
Influencer
‎08-12-2021 09:50 AM

If I understand your question correctly, fields are displayed in the order which you define them.
So if you use this for example:

| fields Total 194.* *.*.*.* type _time

 
Then you'll see Total displayed first and _time last.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...