Abstract
Learn more about the Cortex Query Language sort
stage that identifies the sort order for records returned in the result set.
Syntax
sort asc|desc <field1>[, asc|desc <field2>...]
Description
The sort
stage identifies the sort order for records returned in the result set. Records can be returned in ascending (asc
) or descending (desc
) order. If you include more than one field in the sort
stage, records are sorted in field specification order.
Examples
Return the action_country
and event_timestamp
fields from all xdr_data
records where the action_country
field is not "-". Sort the result set first by the action_country
field value in descending order, then by event_timestamp
field in ascending order.
dataset = xdr_data | fields action_country as ac, event_timestamp as et | replacenull ac = "N/A" | filter ac != "-" | sort desc ac, asc et