I have written a command to get the timings of particular log from different servers. I want to sort it based on host and source. I have used multisearch, stats values(xx) by date,time,host,source command.
Example:
Date Time host source
2/20 2:13 110 /opt/source.log
2/20 2:15 117 /opt/dest.log
2/20 2:20 116 /opt/so.log
Expected result:
Sort the statistics with column host and source..
I tried to use case command but not working
<form>
<label>select sort</label>
<fieldset submitButton="false" autoRun="true">
<input type="dropdown" token="sort1" searchWhenChanged="true">
<label>first sort</label>
<choice value="host">host</choice>
<choice value="source">source</choice>
<choice value="Time">Time</choice>
<choice value="Date">Date</choice>
<default>host</default>
<initialValue>host</initialValue>
</input>
<input type="dropdown" token="sort2" searchWhenChanged="true">
<label>second sort</label>
<choice value="host">host</choice>
<choice value="source">source</choice>
<choice value="Time">Time</choice>
<choice value="Date">Date</choice>
<default>source</default>
<initialValue>source</initialValue>
</input>
</fieldset>
<row>
<panel>
<table>
<search>
<query>|makeresults
|eval _raw="Date Time host source
2/20 2:13 110 /opt/source.log
2/20 2:15 117 /opt/dest.log
2/20 2:20 116 /opt/so.log
2/20 2:13 110 /opt/dest.log
2/20 2:15 117 /opt/source.log"
|multikv forceheader=1
|table Date Time host source
| sort $sort1$ $sort2$</query>
<earliest>0</earliest>
<latest></latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">20</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">none</option>
<option name="percentagesRow">false</option>
<option name="refresh.display">progressbar</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
</table>
</panel>
</row>
</form>
I'm not sure I want to write case telling which host, source has to be first . Which needs to be second
your_search
| sort 0 host source
sort
is wrong?
The above command is sorting in the ascending order. But I want sort with my requirements.
Ex:
Date Time host source
2/20 2:13 110 /opt/source.log
2/20 2:15 117 /opt/dest.log
2/20 2:20 116 /opt/so.log
2/20 2:13 110 /opt/dest.log
2/20 2:15 117 /opt/source.log
Expected:
Date Time host source
2/20 2:13 110 /opt/dest.log
2/20 2:15 117 /opt/source.log
2/20 2:13 110 /opt/source.log
2/20 2:15 117 /opt/dest.log
2/20 2:20 116 /opt/so.log
I want to write case telling which host, source has to be first . Which needs to be second