Solved: Splunk Chart dynamic column header sorting

avadhutha · ‎01-18-2024

I have a chart formed like below and it's dynamic columns are created based on processes date. By default now the column header sort is happing from lower to higher value but I am looking in a format where headers of processDates are higher to lower.

Query:

|chart latest(Count) as Count by Name ,ProcessDate

Current Output:

Name	20240101	20240102	20240103
xyz	NA	NA	NA
123	NA	NANA	NA

Expecting output:

Name	20240103	20240102	20240101
xyz	NA	NA	NA
123	NA	NANA	NA

ITWhisperer · ‎01-18-2024

| transpose 0 column_name=Date header_field=Name
| sort 0 -Date
| transpose 0 column_name=Name header_field=Date

View solution in original post

ITWhisperer · ‎01-18-2024

| transpose 0 column_name=Date header_field=Name
| sort 0 -Date
| transpose 0 column_name=Name header_field=Date

avadhutha · ‎01-18-2024

Thank you mate for the help, Below corrected one helped with faster results.

|chart latest(Count) as Count by ProcessDate,Name
|sort 0 - ProcessDate
| transpose 0 column_name=Name header_field=ProcDate

dural_yyz · ‎01-18-2024

Try

| chart latest(Count) as Count by Name, ProcessDate
| sort ProcessDate desc

Found a very similar request under this previously answered question.

https://community.splunk.com/t5/Splunk-Search/How-to-display-column-results-in-descending-order/m-p/...

avadhutha · ‎01-18-2024

No, it is not working

Splunk Chart dynamic column header sorting

chart

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector

Adoption of Infrastructure Monitoring at Splunk