How to reordering the chart columns fields?

kkarthik2 · ‎08-06-2015

My chart columns is in time format and its showing each column represent per hours and starts from 00:00:00 to 24:00:00.
But I want to reordering the column from 9:00:00 to 8:00:00.
Example : Required the below format
column1 column2 column3 column4 column5..........................................column23 column 24
X 9:00:00 10:00:00 11:00:00 12:00:00 13:00:00..........................................07:00:00 08:00:00
foo foo1 foo1 foo1 foo1 foo1

but its showing like

              column1    column2         column3        column4    column5..........................................column23    column 24

X 00:00:00 1:00:00 2:00:00 3:00:00 4:00:00.......................................... 23:00:00 24:00:00
foo foo1 foo1 foo1 foo1 foo1

Mychart command

chart values(foo) by X column

Please provide me the solution

somesoni2 · ‎08-06-2015

If your column names are fixed, you can just issue a table command at the end of your search to change the column ordering. Something like this-

Your base search | chart values(foo) by X column | table X "9:00:00" "10:00:00" "11:00:00" "12:00:00" "13:00:00" .........................................."07:00:00" "08:00:00"

How to reordering the chart columns fields?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Are you a member of the Splunk Community?

How to reordering the chart columns fields?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability