Re: Ordering an alpha numerical column and highlig...

shakSplunk · ‎08-17-2021

Hi all,

I have the following dataset:

Name	Title	DaysRemaining
Tom	West	50
Martin	error	error
Billy	Winter	5103
Will	Fable	2

I was wondering if there is a way to order the DaysRemaining field by first showing the 'error' value on the top and then ordering in ascending order - i.e. 2,50 and 5103?

In addition, is there a way to only highlight the DaysRemaining field, in which 'error' is highlighted red, values between 0-30 are also red, values between 30 - 100 are orange and values above 100 are green?

Desired outcome:

Appreciate any and all help greatly!

bowesmana · ‎08-17-2021

By default, sort will put alpha after numbers, so you will have to create a new field to sort on, which is dependent on the value of DaysRemaining. Use this code

| eval sort=if(DaysRemaining>0, DaysRemaining, -999)
| sort sort DaysRemaining
| fields - sort

the sort field will be -999 if the DaysRemaining is alpha, so the sort will then sort on that field, which you can then remove.

As for colours, you can set colours for the numeric values, but to get the text field coloured also, I suspect you'll have to use CSS

Ordering an alpha numerical column and highlighting

table

Index This | Forward, I’m heavy; backward, I’m not. What am I?

A Guide To Cloud Migration Success

Join Us for Splunk University and Get Your Bootcamp Game On!