reverse command overview

The SPL2 reverse command reverses the order of the search results.

Syntax

The required syntax is in bold.

reverse

How the SPL2 reverse command works

The SPL2 reverse command reverses the rows in the search results.

For example, suppose you have a search that calculate aggregate statistics for the magnitudes of earthquakes in and around California. You use statistical functions to calculate the count, minimum, maximum, range (the difference between the min and max), and average magnitudes of the recent earthquakes. You list the values by magnitude type magType.

source=all_month.csv place=*California* | stats count, max(mag), min(mag), range(mag), avg(mag) BY magType

The results look something like this:

magType	count	max(mag)	min(mag)	range(mag)	avg(mag)
H	123	2.8	0.0	2.8	0.549593
MbLg	1	0	0	0	0.0000000
Md	1565	3.2	0.1	3.1	1.056486
Me	2	2.0	1.6	.04	1.800000
Ml	1202	4.3	-0.4	4.7	1.226622
Mw	6	4.9	3.0	1.9	3.650000
ml	10	1.56	0.19	1.37	0.934000

Because the search uses a BY clause, the results are sorted by magnitude type magType.

Notice the last magType value. The default sort order used is Lexicographical sort order, where uppercase letters come before lowercase letters.

If you add the reverse command to the end of the search the rows of the results are reversed.

source=all_month.csv place=*California* | stats count, max(mag), min(mag), range(mag), avg(mag) BY magType | reverse

magType	count	max(mag)	min(mag)	range(mag)	avg(mag)
ml	10	1.56	0.19	1.37	0.934000
Mw	6	4.9	3.0	1.9	3.650000
Ml	1202	4.3	-0.4	4.7	1.226622
Me	2	2.0	1.6	.04	1.800000
Md	1565	3.2	0.1	3.1	1.056486
MbLg	1	0	0	0	0.0000000
H	123	2.8	0.0	2.8	0.549593

Related answers from Splunk Community

reverse command overview

Syntax

How the SPL2 reverse command works

See also

Comments

reverse command overview

Was this topic useful?