Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Highlighted
Solved! Jump to solution

How to sort the month when using the field in chart over command?

sangs8788
Communicator
‎09-03-2018 10:12 PM

Hi

Below is a query which returns the latency over month by cust_id. Events contain fields as month=April, month=May etc

...| chart  max(Avg) as Avg, max(Max) as Max, p95(P95) as P95 over month by cust_id  useother=f limit=40 |sort  -Max, -P95

The query shows result in sorted by month name since month is a string. How do i sort by calendar series and display as a chart ?![alt text][1]

0 Karma
Reply
1 Solution
Highlighted
Solved! Jump to solution
Solution

Re: How to sort the month when using the field in chart over command?

sangs8788
Communicator
‎09-03-2018 11:27 PM

I found the answer. This worked

| eval  sort=case(       Month=="January","1",       Month=="February","2",       Month=="March","3",       Month=="April","4",       Month=="May","5",       Month=="June","6",       Month=="July","7",       Month=="August","8",       Month=="Septempber","9",       Month=="October","10",       Month=="November","11",       Month=="December","12")|sort sort |fields - sort

View solution in original post

0 Karma
Reply