Can you set sort field and sort order via the query? By default it sorts descending by timestamp and descending sort is a ridiculous default. Viewing the ES query I see it does:
“sort”: [
{
“timestamp”: {
“order”: “desc”
}
}
]
I want to change order to “asc”. I have tried something like this:
“SORT timestamp ASC” at the end of my query, but it does nothing.
he @joecrocker
you can’t define that in the query - but when you are in the UI of Graylog you can sort by timestamp when you click on the icon next to the title.
If that is not what you are looking for, please be a little more specific about your goal and why you want to change sorting.
Yeah, I knew I could sort by timestamp with the icon. I was hoping I could do it via the query so I wouldn’t have to always go to the mouse and hit the icon. Is there a way to change the default sort then? Descending by timestamp seems silly, why would someone want to see log entries in reverse order? I need to see logs in the order they occured.
he @joecrocker
currently no way available to change that behaviour in Graylog. You would need to create a feature request in Graylog Github repository for that feature.
Jan
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
