How to tell the sort command to sort by numerical ...

hulahoop · ‎08-30-2011

I want the series to sort as 1,2,3,10,11,12 not 1,10,11,12,2,3. The sort functions do not seem to have any effect when used in this context:

... | sort -num(myfield)

I don't see any examples of using the sort functions in the documentation or other questions. 😞

I have also tried:

... | sort by num(myfield)

... | sort num(myfield)

Halp!

sunilsk1 · ‎05-07-2016

I was able to use the convert num(string) which converts the given value to a number and then use the sort command on this

somesearch that generates the stats name ,myEventCount |convert num(myEventCount) as nummyEventCount|sort -nummyEventCount|table name nummyEventCount

russel_mohammed · ‎03-11-2014

Hi ,

Hope you have got answer by now for this issue 🙂

I came across this same issue today and got solution for it , Hence posting so that it can help others similar issue .

This sort is not going to work if you use stats , timechart ,
use chart instead , Both fields and sort will work seamlessly.

Thanks,
Razal

brettcave · ‎06-27-2012

You can also use the fields command to specify the fields.

| fields "column1" col2 col3 col4

sophy · ‎08-30-2011

i'm not sure why this isn't working for you. it seems to be fine for me...

... | sort +|- num(<numeric field>)

did you have a particular search/example that wasn't working? i can help you with that and perhaps add that as an example to the topic. thanks.

How to tell the sort command to sort by numerical order instead of lexigraphical?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Join the Conversation