Splunk® Cloud Services

SPL2 Search Reference

sort command examples

The following are examples for using the SPL2 sort command. To learn more about the sort command, see How the SPL2 sort command works.

1. Specify different sort orders for each field

This example sorts the results first by the lastname field in ascending order and then by the firstname field in descending order. Because ascending is the default sort order, you don't need to specify it unless you want to be explicit.

... | sort lastname, -firstname

2. Specify the number of sorted results to return

This example sorts the results and returns a maximum of 100 of the sorted results. The results are sorted first by the size field in descending order. If there are duplicate values in the size field, the results are sorted by the source field in ascending order.

... | sort 100 -size, +source

3. Use the sort options to specify field types

Sort the results by the ipaddress field in ascending order and then sort by the url field in descending order.

... | sort ip(ipaddress), -str(url)

See also

sort command
sort command overview
sort command syntax details
sort command usage
Last modified on 31 January, 2024
sort command usage   spl1 command overview

This documentation applies to the following versions of Splunk® Cloud Services: current

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters