Timechart's Table Column Header - Sorted in Descen...

syslogap · ‎11-05-2012

Hi,

I'm using version 4.2.2 with the search query:

host = "JA8*" AND eventtype="firewall*" earliest=7/1/2011:0:0:0 | dedup _raw | timechart count by host span=month limit=20

This produces a timechart with the table header sorted in descending order - "time, JA827J, JA826J, JA825J, JA822J, JA812A, JA810A, ...". Is there anything I can do to get the table header sorted in ascending order - "_time, JA810A, JA812A, JA822J, JA825J, ..." besides upgrading to 5.0 where this issue doesn't occur?

It appears descending order is being caused by using "limit" in the search query. I have more than 10 hosts so not using "limit" isn't an option as far as I understand it.

Thanks in advance for any help.

JForhan

yong_ly · ‎12-18-2012

have you tried the sort command?

host = "JA8*" AND eventtype="firewall*" earliest=7/1/2011:0:0:0 | dedup _raw | timechart count by host span=month limit=20 | sort by host DESC

martin_mueller · ‎12-19-2012

sort sorts rows, not columns.

syslogap · ‎11-06-2012

Thanks. That suffices as a work-around until we upgrade.

martin_mueller · ‎11-06-2012

You can specify the field order with the fields command, it might just require listing every field name.

Timechart's Table Column Header - Sorted in Descending Order

Developer Spotlight with Brett Adams

Index This | What can you do to make 55,555 equal 500?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...