Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to tell the sort command to sort by numerical order instead of lexigraphical?

hulahoop
Splunk Employee
Splunk Employee
‎08-30-2011 03:09 PM

I want the series to sort as 1,2,3,10,11,12 not 1,10,11,12,2,3. The sort functions do not seem to have any effect when used in this context:

... | sort -num(myfield)

I don't see any examples of using the sort functions in the documentation or other questions. 😞

I have also tried:

... | sort by num(myfield)

... | sort num(myfield)

Halp!

Reply

sunilsk1
Path Finder
‎05-07-2016 10:36 PM

I was able to use the convert num(string) which converts the given value to a number and then use the sort command on this

somesearch that generates the stats name ,myEventCount |convert num(myEventCount) as nummyEventCount|sort -nummyEventCount|table name nummyEventCount

0 Karma
Reply

russel_mohammed
Engager
‎03-11-2014 09:59 PM

Hi ,

Hope you have got answer by now for this issue 🙂

I came across this same issue today and got solution for it , Hence posting so that it can help others similar issue .

This sort is not going to work if you use stats , timechart ,
use chart instead , Both fields and sort will work seamlessly.

Thanks,
Razal

Reply

brettcave
Builder
‎06-27-2012 12:23 AM

You can also use the fields command to specify the fields.

| fields "column1" col2 col3 col4

0 Karma
Reply

sophy
Splunk Employee
Splunk Employee
‎08-30-2011 04:29 PM

i'm not sure why this isn't working for you. it seems to be fine for me...

... | sort +|- num(<numeric field>)

did you have a particular search/example that wasn't working? i can help you with that and perhaps add that as an example to the topic. thanks.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...