|
In a view like the flashtimeline, there is a selector to choose between the results of the search and the log events from which those results are drawn. If the search includes a term like Is there a way that I can get both data views (I'm OK with cloning flashtimeline and creating my own advanced XML to do this...) sorted in the same order? |
|
Not sure whether this works for you, but if you pipe to That does make the events in the flashtimeline view appear sorted in ascending time order, and it doesnt affect the stats output When I attempt that, I get an error message in the message bar: Error in 'reverse' command: Invalid argument: 'None' Is it possible that there is something in my search results which is confusing reverse?
(23 May '10, 22:08)
smisplunk
Strange. No Im not sure what that means, and I cant reproduce that message (I tried searches with 0 events, with N<10000 events and N>10000 events). According to the docs the reverse command doesnt take any arguments at all. What version are you running? Im on a source build a bit newer than 4.1.2 but there shouldnt be any difference wrt reverse.
(24 May '10, 01:40)
nick ♦
Running 4.1.2, build 79191.
(24 May '10, 21:21)
smisplunk
I think this is an intention bug, one that has been fixed at some point since and thats why i cant reproduce it on my (unreleased) build. If this is the case, this bug will dissappear when you go to the search UI directly, and then type in the search yourself. can you try that?
(05 Jun '10, 06:16)
nick ♦
I've been able to confirm your statement that issuing the search directly does not produce an error. I'll also note that in the mean time, we've worked around this issue with a " | sort - _time" command instead.
(18 Jun '10, 21:21)
smisplunk
|
