Hi Martin,

When I appended "| sort + duration" to the search, the X-axis was sorted correctly. Thanks for your help!

Yugin,

I tend to agree with you, the chart's x axis is being sorted lexicographically not numerically. One workaround might be to "zero-fill" such that 0 -> 00, 1 -> 01, etc -- then the numeric and lexicographic sorts are the same.

I would also suggest a support case to see if they have any additional ideas.

Okay, what happens if you append this to the search?

... | sort + duration

Hi Martin,
Your search still appears wrong to me. The x-axis reads
0 1 11 14 15 16 18 19 2 20 21 ......

Does my search appear sorted correctly or incorrectly for you?

Hi Martin,
I'm not doing anything special. The problem occurs when the number of x-axis values is greater than 10.

Hi Aholzer,
You are right. I've tried this:
"source=blah | transaction thread |bucket duration span=1s | stats count by duration"
which outputs to the statistics tab in the wrong sort order. From there I could click the duration header to get the sorting right (which proves that bucket is outputing 'duration' as numbers) but when I click on visualization, the x-axis of the chart is still sorted wrongly.

My guess is that you are using a "string" field rather than a "numerical" on your X axis. This would mean that it would sort the values 0-11 based on "alphabetical" order. Hence getting 0 1 10 11 2 3 4...

Convert your X axis field to a numerical value before using it in your chart command.

Hope this helps

I've modified your search to be runnable everywhere:

index=_internal component=* | transaction maxspan=60s component | chart count by duration span=1s

and charted that as a column chart without doing anything special... and sorting works as expected, 2 comes after 1.

Are you doing anything special not mentioned here?