Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to sort the average time??

chitreshakumar
Communicator
‎12-21-2017 02:20 AM

I have on field named average duration which is right now sorting alphabetically.
Are there any way we can sort it by month,day ,hours and minutes then in numerical order??

0 Karma
Reply

nickhills
Ultra Champion
‎12-21-2017 03:00 AM

Try this!

<your search>|table Name "Average duration"
|rex field="Average duration" "(?<val>\d+\.?\d+)\s(?<unit>\w+)"
|evalmultiplier=case(unit=="seconds",1,unit="minutes",60,unit=="hrs",3600,unit=="days",86400,unit="months",2592000)
|eval durseconds=(val*multiplier)
|sort -durseconds|fields Name "Average duration"
If my comment helps, please give it a thumbs up!
0 Karma
Reply

mayurr98
Super Champion
‎12-21-2017 02:42 AM

Try this:

 | eval month_num=strftime(_time,"%m") | eval Month=date_mday."-".date_month."-".date_year."-".date_hour.":".date_minute | stats count by month_num,Month date_hour date_mday date_minute | sort - limit=0 month_num date_mday date_hour date_minute
0 Karma
Reply

chitreshakumar
Communicator
‎12-21-2017 02:45 AM

Thanks for your reply!!
But there is only one field that is having the average count for every person .I want a logic for that kind of sorting.

0 Karma
Reply

nickhills
Ultra Champion
‎12-21-2017 02:32 AM

Can you post some example data?
What format are the values in?

If my comment helps, please give it a thumbs up!
0 Karma
Reply

chitreshakumar
Communicator
‎12-21-2017 02:35 AM

Name Average duration
X 1.4 hrs
Y 6.2 minutes
Z 2.9 days
XY 20 days
YZ 22minutes
A 1.2 months

Something like this.Since its confidential so can't post the original .SO sample one I am posting

0 Karma
Reply

mayurr98
Super Champion
‎12-21-2017 02:49 AM

this is your input data right?
and what output you want?

0 Karma
Reply

chitreshakumar
Communicator
‎12-21-2017 03:16 AM

This is the input .I want output like .
While ascending
Y 6.2 minutes
YZ 22minutes
X 1.4 hrs
Z 2.9 days
XY 20 days
A 1.2 months

Descending
A 1.2 months
XY 20 days
Z 2.9 days
X 1.4 hrs
YZ 22minutes
Y 6.2 minutes

0 Karma
Reply

nickhills
Ultra Champion
‎12-21-2017 02:48 AM

hmm... yuk!

probably just a formatting error - but can you confirm there is always a space between the number and the unit.
Also, is it hrs, or hours?

If my comment helps, please give it a thumbs up!
0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...