Hi..
My search query displays the search results in the form of a table like this...
SearchParameter A B C D E
xyz 9 4 10 5 6
where xyz is the search parameter .actually i need the table to be sorted like this...
SearchParameter B D E A C
xyz 4 5 6 9 10
tried sort command but couldn't get the desired results ..
My search Query is like this...
sourcetype="X" (somelogic) | transaction keepevicted=true searchparameter | chart avg(duration) by
eventtype,searchparameter
Thanx
If you know from the start which values you will be getting in the column headers, use table
.
... | chart avg(duration) by eventtype,SearchParameter | table SearchParameter B D E A C
I don't know of any way to accomplish what you want.
if its possible ..can you pls provide me the solution for jus one row..how to reorder the row..
Yes, but I'm talking about the general functionality here. Reordering could perhaps be done in YOUR case with just one row, but to make a general solution out of it would be tricky and/or non-intuitive.
acutally my searchquery returns only one row..so is it possible to change the column order according to column values..
Ah, OK. I don't think you can change the column order according to column values (if you could, how would Splunk handle different orders in different rows?)
sourcetype="X" (somelogic) | transaction keepevicted=true searchparameter | chart avg(duration) by eventtype,searchparameter
this is my search query . in this search query if i use stats instead of chart .. i am getting the output like this..
searchparameter eventtype avg(duration)
xyz A 9
xyz B 4
xyz C 10
xyz D 5
xyz E 6
Now if i use sort command my data is sorting .but the table appears as it is.plz help
see the fields which i mentioned above are eventtypes ..so i dont know wat avg(duration) values will be coming for these eventtypes based on the searchparameter..and now i want to sort them as shown above
Then I don't understand what you want to achieve. If you want to have stuff in the order B D E A C, but you don't know what B D E A C actually is, how are you (or Splunk) supposed to define the correct order? Also, descending order according to what?
actaully we will not be knowing this information.after excuting the query we will be getting the values for the fields A,B,C,D,E and i need to arrange them in descending order..