Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Sort the legend's display from chart

BDAS
Explorer
‎02-14-2013 03:12 AM

Hi everyone!

I would like to display several areas (stacked) or columns in a specific order. Here is my charting command :

| chart avg(countUsers) as avgCountUsers over Time by ID

My IDs are like 1001, 1002, 1003 ... 2001, 2002 ...

For example, the average corresponding to 1001 is above 1002, which is above 1003, and I want to reverse the areas/columns so that I display 1001 first, then 1002 on top of it, etc.

I tried the sort command and the reverse one, but my chart remained the same, maybe I haven't used it correctly.

Any ideas?

Thanks in advance!

BlueLychee.

Tags (1)
Reply

uksysadmins
New Member
‎06-14-2013 05:40 AM

Looks like the chart module just creates the legend entry when it gets an entry so you just need to sort by ID prior to piping it the chart.

| sort ID | chart avg(countUsers) as avgCountUsers over Time by ID

0 Karma
Reply

nugetchar
Explorer
‎02-14-2013 04:58 AM

I don't really understand... Don't you just have to write something like that?
==> "| fields 1003, 1002, 1001"

Unless you cannot know in advance how many results you will have... For example "1001 1002 1003" and later "2001 2002 2003 2004 2005"... In this case (and know I assume that this is your situation), I don't know how to do...

nugetchar

Reply

BDAS
Explorer
‎02-14-2013 05:33 AM

Thanks for answering so fast!

Yes, it works fine with | fields 1003 1002 1001 but I want my search to be generic in case I would receive other IDs (ex: 4001, 4002 ...)

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...