How to sort table by total errors in descending or...

lsy9891 · ‎11-03-2019

Hi,
I have this search and basically it shows a table with the channel.
Error type, total error, and the sum total of the errors- but I append a sort function at the end to sort by total but it doesn't sort it?

index=appguids host=netweba* ApplicationID=order20 ApplicationSource=*order* errorguid Monster.PaymentProcessor.PaymentFailedException | rex field=Message "(?m)^Message:[^:]+:\s(?<type>.*)$" | stats count BY type,ChannelID | lookup local=1 MonsterChannels ChannelId AS ChannelID | eval Channel=if(isnull(Channel) OR match(Channel,"^0$"),"Unknown ChannelID", Channel) . " [ChannelID: " . ChannelID . "]" | stats values(type) AS "Error Type", list(count) AS "#Errors" BY Channel |

appendpipe [ stats sum("#Errors") AS "#Errors" BY Channel | eval "Error Type"="Total for Channel" ] | stats values(Channel) AS X, list("Error Type") AS "Error Type", list("#Errors") AS "#Errors" BY Channel | fields - X | sort - "Total for Channel"

to4kawa · ‎11-03-2019

sort - "Total for Channel"
⇨
sort - "#Errors"

Hi, How about this?

How to sort table by total errors in descending order?

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Are you a member of the Splunk Community?

How to sort table by total errors in descending order?

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25