reverse command: Overview, syntax, and usage
The SPL2 reverse command reverses the order of the search results.
Use these links to quickly navigate to the main sections in this topic:
How the SPL2 reverse command works
The SPL2 reverse command reverses the rows in the search results.
For example, suppose you have a search that calculate aggregate statistics for the magnitudes of earthquakes in and around California. You use statistical functions to calculate the count, minimum, maximum, range (the difference between the min and max), and average magnitudes of the recent earthquakes. You list the values by magnitude type magType.
source=all_month.csv place=*California* | stats count, max(mag), min(mag), range(mag), avg(mag) BY magType
The results look something like this:
| magType | count | max(mag) | min(mag) | range(mag) | avg(mag) |
|---|---|---|---|---|---|
| H | 123 | 2.8 | 0.0 | 2.8 | 0.549593 |
| MbLg | 1 | 0 | 0 | 0 | 0.0000000 |
| Md | 1565 | 3.2 | 0.1 | 3.1 | 1.056486 |
| Me | 2 | 2.0 | 1.6 | .04 | 1.800000 |
| Ml | 1202 | 4.3 | -0.4 | 4.7 | 1.226622 |
| Mw | 6 | 4.9 | 3.0 | 1.9 | 3.650000 |
| ml | 10 | 1.56 | 0.19 | 1.37 | 0.934000 |
Because the search uses a BY clause, the results are sorted by magnitude type magType.
Notice the last magType value. The default sort order used is Lexicographical sort order, where uppercase letters come before lowercase letters.
If you add the reverse command to the end of the search the rows of the results are reversed.
source=all_month.csv place=*California* | stats count, max(mag), min(mag), range(mag), avg(mag) BY magType | reverse
| magType | count | max(mag) | min(mag) | range(mag) | avg(mag) |
|---|---|---|---|---|---|
| ml | 10 | 1.56 | 0.19 | 1.37 | 0.934000 |
| Mw | 6 | 4.9 | 3.0 | 1.9 | 3.650000 |
| Ml | 1202 | 4.3 | -0.4 | 4.7 | 1.226622 |
| Me | 2 | 2.0 | 1.6 | .04 | 1.800000 |
| Md | 1565 | 3.2 | 0.1 | 3.1 | 1.056486 |
| MbLg | 1 | 0 | 0 | 0 | 0.0000000 |
| H | 123 | 2.8 | 0.0 | 2.8 | 0.549593 |
Syntax
The required syntax is in bold.
- reverse
Required arguments
- reverse
- Syntax: reverse
- Description: Specifies to reverse the order of the rows in the search results.
Usage
The reverse command does not affect which events are returned by the search, only the order in which the results are displayed.
Very large result sets
Using the reverse command on very large search result sets might result in the search being prematurely cancelled. Very large search result sets, such as sets with millions of results or more, can consume a vast quantity of processing resources.
To avoid this issue, try to reduce the number of results returned before you use the reverse command.
Use sort to order results by a specific field
The reverse command reverses the order of the rows in your search results. The reverse command does not change the order of the rows based on the values in a particular field.
The sort command sorts the search results based on the values in the field you specify. Use the sort command if you want to change the order of the search results based on a particular field.
Multivalue fields
If the results contain a multivalue field, the results in that field remain unchanged. The reverse command does not impact the order of the values in the multivalue field.
See also
- reverse command
- reverse command: Examples
| rename command: Examples | reverse command: Examples |
This documentation applies to the following versions of Splunk® Cloud Services: current
Download manual
Feedback submitted, thanks!