I am trying to sort the data month wise using the chart command. However the month is getting sorted alphabetically.
I tried referring the older post around the same topic, but none of solution works.
Tried all of these options
base search | eval Month =strftime(_time,"%b") | chart count over rules by Month
base search | eval Month =strftime(_time,"%b") | chart count over rules by Month | eval sort=case(Month=="Jan","1",
Month=="Feb","2", Month=="Mar","3", Month=="Apr","4", Month=="May","5", Month=="Jun","6", Month=="Jul","7",
Month=="Aug","8", Month=="Sep","9", Month=="Oct","10", Month=="Nov","11", Month=="Dec","12")|sort sort |fields -
sort
The query that works is by numeric(as shown below) , but how do I convert the numeric to represent "month Name" as "Sep 2018,oct 2018 "?
base search | eval Monthnum =strftime(_time,"%m") | chart count over rules by Monthnum
... View more