sort operator

Sorts the rows of the dataset into an order by one or more columns.

Syntax

| sort by Expression [asc | desc] [, ...]

Arguments

nametypedescription
expressionexpressionA scalar expression by which to sort. The value type must be numeric, date, time or string.
ascstringSort by into ascending order, low to high.
descstringSort by into descending order, high to low.

Examples

['sample-http-logs']
| where method == 'GET'
| sort by method
['sample-http-logs']
| sort by _time asc, ['geo.country'] desc
['sample-http-logs']
| sort by _time desc

Was this page helpful?