I'm executing the following search to generate a report with columns sorted chronologically by month:
( ... ) | eval month_num = strftime( _time ,"%m" ) | stats count by date_month | sort - month_num
**date_month** = month field taken from the events' data
Splunk can't still interpret the chronological order of the months.
What am I missing?
Thanks for the help!
↧