Splunk Search
Highlighted

How to tell the sort command to sort by numerical order instead of lexigraphical?

Splunk Employee
Splunk Employee

I want the series to sort as 1,2,3,10,11,12 not 1,10,11,12,2,3. The sort functions do not seem to have any effect when used in this context:

... | sort -num(myfield)

I don't see any examples of using the sort functions in the documentation or other questions. 😞

I have also tried:

... | sort by num(myfield)

... | sort num(myfield)

Halp!

Highlighted

Re: How to tell the sort command to sort by numerical order instead of lexigraphical?

Splunk Employee
Splunk Employee

i'm not sure why this isn't working for you. it seems to be fine for me...

... | sort +|- num(<numeric field>)

did you have a particular search/example that wasn't working? i can help you with that and perhaps add that as an example to the topic. thanks.

Highlighted

Re: How to tell the sort command to sort by numerical order instead of lexigraphical?

Builder

You can also use the fields command to specify the fields.

| fields "column1" col2 col3 col4

0 Karma
Highlighted

Re: How to tell the sort command to sort by numerical order instead of lexigraphical?

Hi ,

Hope you have got answer by now for this issue 🙂

I came across this same issue today and got solution for it , Hence posting so that it can help others similar issue .

This sort is not going to work if you use stats , timechart ,
use chart instead , Both fields and sort will work seamlessly.

Thanks,
Razal

Highlighted

Re: How to tell the sort command to sort by numerical order instead of lexigraphical?

Path Finder

I was able to use the convert num(string) which converts the given value to a number and then use the sort command on this

somesearch that generates the stats name ,myEventCount |convert num(myEventCount) as nummyEventCount|sort -nummyEventCount|table name nummyEventCount

0 Karma