Re: Sort the legend's display from chart

BDAS · ‎02-14-2013

Hi everyone!

I would like to display several areas (stacked) or columns in a specific order. Here is my charting command :

| chart avg(countUsers) as avgCountUsers over Time by ID

My IDs are like 1001, 1002, 1003 ... 2001, 2002 ...

For example, the average corresponding to 1001 is above 1002, which is above 1003, and I want to reverse the areas/columns so that I display 1001 first, then 1002 on top of it, etc.

I tried the sort command and the reverse one, but my chart remained the same, maybe I haven't used it correctly.

Any ideas?

Thanks in advance!

BlueLychee.

uksysadmins · ‎06-14-2013

Looks like the chart module just creates the legend entry when it gets an entry so you just need to sort by ID prior to piping it the chart.

| sort ID | chart avg(countUsers) as avgCountUsers over Time by ID

nugetchar · ‎02-14-2013

I don't really understand... Don't you just have to write something like that?
==> "| fields 1003, 1002, 1001"

Unless you cannot know in advance how many results you will have... For example "1001 1002 1003" and later "2001 2002 2003 2004 2005"... In this case (and know I assume that this is your situation), I don't know how to do...

nugetchar

BDAS · ‎02-14-2013

Thanks for answering so fast!

Yes, it works fine with | fields 1003 1002 1001 but I want my search to be generic in case I would receive other IDs (ex: 4001, 4002 ...)

Sort the legend's display from chart

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!