Solved: Re: How to display column results in descending or...

prannoy93singh · ‎06-27-2018

It shows the result in the below format

uri          208         400  
...            ....             ...

I want to show those uri's on top which has maximum responseCodes, I tried using the below query but it is not giving the desired output.

host="*prod*" uri="*v*" earliest = -7d@d
| WHERE responseCode != 200 
| chart count by uri, responseCode
| sort -responseCode

Sort is not giving results in descending order.

pruthvikrishnap · ‎06-27-2018

Hi Prannoy,

Try adding desc in your search, please try the one below.

host="prod" uri="v" earliest = -7d@d
| WHERE responseCode != 200
| chart count by uri, responseCode
| sort responseCode desc

Let me know if it helps.

View solution in original post

pruthvikrishnap · ‎06-27-2018

Hi Prannoy,

Try adding desc in your search, please try the one below.

host="prod" uri="v" earliest = -7d@d
| WHERE responseCode != 200
| chart count by uri, responseCode
| sort responseCode desc

Let me know if it helps.

prannoy93singh · ‎06-27-2018

I tried implementing it, but still I am not getting the desired result.
I was thinking to do the sum of columns and then sort the sum, but am not able to implement it effectively.

Sukisen1981 · ‎06-27-2018

hmm what happens if you try this <your query>| addtotals | sort - Total

arunrajamani · ‎11-24-2019

Hello,
Am facing similar kind of issue where i need to sort the time column with the latest time.
Will sorting works with column header time value using chart command?

prannoy93singh · ‎06-27-2018

yes, it is working.
Thank You 🙂

How to display column results in descending order?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!