Splunk Search

How to tell the sort command to sort by numerical order instead of lexigraphical?

Splunk Employee
Splunk Employee

I want the series to sort as 1,2,3,10,11,12 not 1,10,11,12,2,3. The sort functions do not seem to have any effect when used in this context:

... | sort -num(myfield)

I don't see any examples of using the sort functions in the documentation or other questions. 😞

I have also tried:

... | sort by num(myfield)

... | sort num(myfield)

Halp!

Path Finder

I was able to use the convert num(string) which converts the given value to a number and then use the sort command on this

somesearch that generates the stats name ,myEventCount |convert num(myEventCount) as nummyEventCount|sort -nummyEventCount|table name nummyEventCount

0 Karma

Hi ,

Hope you have got answer by now for this issue 🙂

I came across this same issue today and got solution for it , Hence posting so that it can help others similar issue .

This sort is not going to work if you use stats , timechart ,
use chart instead , Both fields and sort will work seamlessly.

Thanks,
Razal

Builder

You can also use the fields command to specify the fields.

| fields "column1" col2 col3 col4

0 Karma

Splunk Employee
Splunk Employee

i'm not sure why this isn't working for you. it seems to be fine for me...

... | sort +|- num(<numeric field>)

did you have a particular search/example that wasn't working? i can help you with that and perhaps add that as an example to the topic. thanks.