The above used to work for me. That is, simply use "sort" to order the stats under in the Statistics tab and then the Visualisation tab would graph them in the sort order.

This stopped working, I think, after an upgrade of Splunk (we are now running version 7.2.4). What I get now is Count Vs Time (aka similar to the first screen grab regardless of the sort order).

Has anyone else experienced this? And is there a work around (I simply want a graph similar to the second screen grab above)?

It doesn't work for me this is my query

   <query>index=aut_kpi2 $servicesToken$ $catalogToken$ $subscriptionToken$ | timechart span=$spanToken$ count by service_offering_name</query>
   <earliest>$timeToken.earliest$</earliest>
   <latest>$timeToken.latest$</latest

There can be multiple columns based on different values of service_offering_name. Which one do you want to sort upon?

i want to sort my columns basing on the value of service_offering_name

How many different values that fields can have and are they contant?? The timechart will create a field with value as the name (e.g. sourcetype=splunkd and sourcetype=scheduler , when used in timechart there will be fields named _time, splunkd and scheduler).

You used timechart, which is used to calculate values over time buckets. You cant reorder the time, it makes no sense. Take stats instead of timechart.

but i want something depends on date

Gooood (Y)
Thanks 🙂

Further reading from here. http://docs.splunk.com/Documentation/Splunk/6.3.3/SearchReference/Sort

Thank you. Exactly what I needed.
One column ranked by priority (Asc), the other by the length of the event (desc)

Actually, I want to sort the columns of column chart by value, I don't know if it's possible or not