sort command syntax details
Syntax
The required syntax is in bold.
- sort
- [<count>]
- [<sort-order>]
- [<sort-option>]
- <field>
Required arguments
- <field>
- Syntax: <field> [,<field>]...
- Description: One or more fields to sort by. When specifying more than one field, separate the field names with commas.
Optional arguments
- count
- Syntax: <integer>
- Description: Specify the maximum number of results to return from the sorted results. You must specify the count before specifying the fields. If no count is specified, the default limit of 10000 is used. If 0 is specified, all of the results are returned.
- Default: 10000
Using
sort 0might have a negative impact performance, depending on how many results are returned. Try to filter the results to minimize the number of results before using thesortcommand.
- <sort-order>
- Syntax: + | -
- Description: Use a minus sign ( - ) for descending order and a plus sign ( + ) for ascending order.
- Default: Ascending ( + )
- <sort-option>
- Syntax: auto | ip | num | str
- Description: Options you can specify with <field>. The default sort option is
auto. See sort command examples.
sort option Description auto Determine the type of field value automatically. This is the default sort option. ip Interpret the values of the field as IP addresses. num Interpret the values of the field as numbers. str Interpret the values of the field as strings and order the values alphabetically.
See also
- sort command
- sort command overview
- sort command usage
- sort command examples
Last modified on 18 June, 2021
| sort command overview | sort command usage |
This documentation applies to the following versions of Splunk® Cloud Services: current
Download manual
Feedback submitted, thanks!