Re: How to sort search results by numbers

tobi2k · ‎07-13-2019

The rounding of search results has already been discussed numerously. But unfortunately, it doesn't work for me.
I want to sort the result by total_time in descending order:

index="main" sourcetype="web_ping" response_code="200" | stats latest(total_time) by title | sort -num(total_time)

But the result is still sorted by the title.

title   latest(total_time)
brxxx   34.03
bsxxx   86.04
efxxx   157.03
gxxx    265.71
loxxx   340.82
stexxx  179.74
thxxx   239.87
winxxxe 292.73

Do you have a hint? Thank you!

tobi2k · ‎07-21-2019

Works like a charm! Thank you!

tobi2k · ‎07-13-2019

Thanks for your answer. I don't get it.

index="main" sourcetype="web_ping" response_code="200" | stats latest(total_time) by title | sort -latest

still deliver the result in the wrong order (highest number first)

    title   latest(total_time)
    bxxx    30.01
    bxxx    84.33
    efxxx   144.48
    gxxx    251.93
    loxxx   263.72
    etc...

HiroshiSatoh · ‎07-13-2019

Please look at my answer.

HiroshiSatoh · ‎07-13-2019

total_time does not exist. It is now latest (total_time).

| stats latest(total_time) by title | sort -latest(total_time)

How to sort search results by numbers

Index This | Why did the turkey cross the road?

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers

Are you a member of the Splunk Community?

How to sort search results by numbers

Index This | Why did the turkey cross the road?

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers