Solved: Sorting Months in a Field

henryt1 · ‎10-26-2012

So I wasn't really sure how to do this after reading the documentation, but I'm running the following search:

(host="web01.x.com") AND (source="/common/site-logs/x-activity.log") AND ("create" AND "project") NOT ("brief" OR "campaign" OR "proposal" OR "talentlist" OR "teamroom" OR "view" OR "criteria" OR "problem") | stats count by date_month

I get the data back that I want, however the months are in alphabetical order instead of by date. How can I sort these to be in date order with how they would go on a calendar?

Thanks in advance.

-Tyler

gkanapathy · ‎10-26-2012

don't use the date_month field. They are unreliable. use

... | bucket _time span=1mon | stats count by _time

View solution in original post

gkanapathy · ‎10-26-2012

don't use the date_month field. They are unreliable. use

... | bucket _time span=1mon | stats count by _time

henryt1 · ‎10-26-2012

Great! Thank you!

Sorting Months in a Field

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

Sorting Months in a Field

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...