Re: How to order the bars within each time segment...

antonyhan · ‎08-06-2015

I am trying to order the bars within each time segment from largest to smallest?
is there a way of doing it?

meenal901 · ‎08-10-2015

timechart will not be able to do this. Just plain stats would help you with ordering based on values, but will not have _time in this case:

sourcetype=test2| stats sum(Count) as Count by Name| sort - Count

Data:
Name,Count
A,100
B,1000
C,10

emiller42 · ‎08-06-2015

This may not be helpful, but I would strongly advise against doing this. Having the bars potentially change order with every time-slice would make the overall presentation confusing and difficult to parse.

antonyhan · ‎08-07-2015

you got a point! it's a customer request and I couldn't figure out a solution.
is there a way to do with just regular chart?

somesoni2 · ‎08-06-2015

Could you explain more about expected output by some sample values?

antonyhan · ‎08-07-2015

say with in 5 mins we have A100, B 1000, C 50. right now plain vanilla timechart with bar will order by legend name. Instead of the order of A B C, we would like to see an order of BAC from top to bottom as B has the largest value. Hope this explains.

How to order the bars within each time segment of a timechart (bar style) by the sum of the field from largest to smallest?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?