Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Sort data in a Bar Chart

kmccowen
Path Finder
‎07-02-2015 12:23 PM

I have a bar chart using the query below:
index=ctap host=sc58* sourcetype=gateway screen_clicks != "CALL TRACKER INSERT" screen_clicks != "ADD MEMO*" screen_clicks != "DEAD" screen_clicks != "PAYMENT" screen_clicks != "ESTIMATED*" screen_clicks != "UPDATE*" screen_clicks != "HIT*" screen_clicks != "SEND*" screen_clicks != "WARM*" screen_clicks != "STATEMENT*" screen_clicks != "SIX*" screen_clicks != "LOAD*" screen_clicks != "ACKNOWLEDGE*" screen_clicks != "AD GROUP ASSIGNED" | chart count by screen_clicks | eval Description = case(screen_clicks = "DASHBOARD TAB CLICK"," Dashboard Tab", screen_clicks = "CTIPOP CALL RECEIVED", " Call Pop Received", screen_clicks = "DASHBOARD SEARCH LOAD"," Dashboad Search", screen_clicks = "BILLING TAB CLICK", " Billing Tab", screen_clicks = "TROUBLESHOOTING TAB CLICK", " Troubleshooting Tab", screen_clicks = "TOOLS TAB CLICK", " Tools Tab", screen_clicks = "ACCOUNT TAB CLICK", " Account Tab", screen_clicks = "DEVICE MANAGEMENT TAB", " Device Management Tab")

The bar chart always sorts alphabetically and I need to sort it in the following order:

Call Pop Recevied, Dashboard Search, Deashboard Tab, Accounts Tab, Billing Tab, Troubleshooting, Tools, Device Management.

I tried padding the descriptions with spaces to get my sort to work but it did not work.

Tags (2)
Reply

masonmorales
Influencer
‎07-02-2015 03:09 PM

Try this:

index=ctap host=sc58* sourcetype=gateway screen_clicks != "CALL TRACKER INSERT" screen_clicks != "ADD MEMO*" screen_clicks != "DEAD" screen_clicks != "PAYMENT" screen_clicks != "ESTIMATED*" screen_clicks != "UPDATE*" screen_clicks != "HIT*" screen_clicks != "SEND*" screen_clicks != "WARM*" screen_clicks != "STATEMENT*" screen_clicks != "SIX*" screen_clicks != "LOAD*" screen_clicks != "ACKNOWLEDGE*" screen_clicks != "AD GROUP ASSIGNED" 
| chart count by screen_clicks 
| eval Description = case(screen_clicks = "DASHBOARD TAB CLICK","02Dashboard Tab", screen_clicks = "CTIPOP CALL RECEIVED", "00Call Pop Received", screen_clicks = "DASHBOARD SEARCH LOAD","01Dashboad Search", screen_clicks = "BILLING TAB CLICK", "04Billing Tab", screen_clicks = "TROUBLESHOOTING TAB CLICK", "05Troubleshooting Tab", screen_clicks = "TOOLS TAB CLICK", " 06Tools Tab", screen_clicks = "ACCOUNT TAB CLICK", "03Account Tab", screen_clicks = "DEVICE MANAGEMENT TAB", " 07Device Management Tab")
| sort screen_clicks
| eval Description = case(screen_clicks = "02Dashboard Tab","Dashboard Tab", screen_clicks = "00Call Pop Received", "Call Pop Received", screen_clicks = "01Dashboad Search","Dashboad Search", screen_clicks = "04Billing Tab", "Billing Tab", screen_clicks = "05Troubleshooting Tab", "Troubleshooting Tab", screen_clicks = "06Tools Tab", "Tools Tab", screen_clicks = "03Account Tab", "Account Tab", screen_clicks = "07Device Management Tab", " Device Management Tab")
0 Karma
Reply

kmccowen
Path Finder
‎07-07-2015 06:24 AM

I tried but the data is still sorting alphabetically.

screen_clicks count Description
ACCOUNT TAB CLICK 1189

BILLING TAB CLICK 22428

CTIPOP CALL RECEIVED 104351

CTIPOP DEAD AIR 25903

DASHBOARD SEARCH LOAD 25891

DASHBOARD TAB CLICK 205684

DEVICE MANAGEMENT TAB 4442

PAYMENT REQUEST FAILED 837

PAYMENT REQUEST INITIATED 5459

PAYMENT REQUEST PROCESSED

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...