sort command overview
The SPL2 sort command sorts all of the results by the specified fields. Results missing a given field are treated as having the smallest possible value of that field if descending or largest possible value of that field if ascending.
Syntax
The required syntax is in bold.
- sort
- [<count>]
- [<sort-order>]
- [<sort-option>]
- <field>
How the SPL2 sort command works
The SPL2 sort command is most often used at the end of your search, either as the last command or the next to the last command.
Here is an example of some data returned by a search:
| supplier_id | supplier_name | city | state/province | country |
|---|---|---|---|---|
| 5007 | EuroToys | Prague | Central Bohemia | Czech Republic |
| 1009 | Mile High Games | Denver | Colorado | United States |
| 7024 | Happy Fun Games | Kyoto | Kyoto | Japan |
| 1237 | Area 51 Games | Roswell | New Mexico | United States |
| 4111 | Isthmus Pastimes | Panama City | Panama | Panama |
| 5017 | Der Kriegsspiel | Cologne | North Rhine-Westphalia | Germany |
| 7045 | Kiwi Game Warehouse | Auckland | Auckland | New Zealand |
| 1080 | EuroToys | Dublin | Ireland |
You want to sort the data type supplier ID:
... | sort supplier_id
The results look like this:
| supplier_id | supplier_name | city | state/province | country |
|---|---|---|---|---|
| 1009 | Mile High Games | Denver | Colorado | United States |
| 1080 | EuroToys | Dublin | Ireland | |
| 1237 | Area 51 Games | Roswell | New Mexico | United States |
| 4111 | Isthmus Pastimes | Panama City | Panama | Panama |
| 5007 | EuroToys | Prague | Central Bohemia | Czech Republic |
| 5017 | Der Kriegsspiel | Cologne | North Rhine-Westphalia | Germany |
| 7024 | Happy Fun Games | Kyoto | Kyoto | Japan |
| 7045 | Kiwi Game Warehouse | Auckland | Auckland | New Zealand |
To sort by Supplier Name and then Supplier ID, specify a comma between the field names when you add the sort command to your search:
... | sort supplier_name, supplier_id
The results look like this:
| supplier_id | supplier_name | city | state/province | country |
|---|---|---|---|---|
| 1237 | Area 51 Games | Roswell | New Mexico | United States |
| 5017 | Der Kriegsspiel | Cologne | North Rhine-Westphalia | Germany |
| 1080 | EuroToys | Dublin | Ireland | |
| 5007 | EuroToys | Prague | Central Bohemia | Czech Republic |
| 7024 | Happy Fun Games | Kyoto | Kyoto | Japan |
| 4111 | Isthmus Pastimes | Panama City | Panama | Panama |
| 7045 | Kiwi Game Warehouse | Auckland | Auckland | New Zealand |
| 1009 | Mile High Games | Denver | Colorado | United States |
Notice that both of the EuroToys suppliers are listed together and that those are in ascending order. The default sort order is ascending order. To specify descending order, add a minus ( - ) sign before the field name.
To learn how alphanumeric strings and punctuation are sorted, see sort command usage.
See also
- Related information in the SPL2 Search Manual
- Commands that sort results
- Lexicographical order
| search command examples | sort command syntax details |
This documentation applies to the following versions of Splunk® Cloud Services: current
Download manual
Feedback submitted, thanks!