Splunk Search

Sorting the months by calender in splunk

ncbshiva
Communicator

Hi

how to sort the months according to the calender

This is the search query
source="D:\AVERAGE_CLOSE_TIME.csv" NOT "Month"| stats avg(Avg_Close_Time) as "Average Close Time in Days" by Month

This is the output
1 Apr-12 29.000000
2 Aug-12 18.000000
3 Dec-12 22.000000
4 Feb-12 36.000000

Tags (1)
0 Karma

jonuwz
Influencer

Convert your date fieldinto an epoch value 1st, so that it can be sorted.

Then fieldformat the results so they are displayed however you want

... | eval Month=strptime("01-".Month,"%d-%b-y")
    | fieldformat Month=strftime(Month,"%b-%y")

Should work out for you

ncbshiva
Communicator

yes i have added , but i am getting "No results found"

0 Karma

jonuwz
Influencer

just add what I posted to the end of your search ( minus the ... at the beginning )

0 Karma

ncbshiva
Communicator

Sorry i did'nt get , can u tell me in detail......?

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!