Re: Search query to get the numbers in order for f...

pkumar9610 · ‎09-20-2022

Hello Team,

I am running below query to get the stats but I am looking to get the Store numbers in serial order, can you help me with the query ?

index=ABC env="XYZ" StoreNumber="*" | sort by StoreNumber | stats count by StoreNumber, country, Application

Store Number	country	count
1	US	22
100	US	7
100	US	9
100	US	2
1000	US	13
1000	US	10
1002	US	9
1002	US	32
1018	US	22
1018	US	1
104	US	3
104	US	6
1055	US	9
1055	US	28
1081	US	39
1081	US	38
1086	US	1
1086	US	6
1086	US	1
109	US	1
109	US	2
1094	US	3
1094	US	9
11	US	3

bowesmana · ‎09-20-2022

You can see from the display that StoreNumber is left justified, which means that Splunk thinks it's a string, so you should convert it to a number to sort it.

Note: Do NOT sort before the stats command - stats will already sort it by Store Number in its output. Sorting is very inefficient, so sort as late as possible in the pipeline.

search...
| stats...
| eval StoreNumber=tonumber(StoreNumber)
| sort StoreNumber

Do you want your store numbers to be left justified? If so you can sort and then left justify again with

search
| stats...
| eval StoreNumber=tonumber(StoreNumber)
| sort StoreNumber
| eval sn=printf("%-10d", Store_Number)

pkumar9610 · ‎09-20-2022

Also tried below ones but no luck

sort by -latest(StoreNumber)

sort by ascending(StoreNumber)

How to write search to get the numbers in order for field?

other

stats

tstats

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!