order
Rearranges the field output order of query results. Outputs the specified fields first, then displays the remaining fields in alphabetical order.
Command properties
| Property | Description |
|---|---|
| Command type | Transforming |
| Required permission | None |
| License usage | N/A |
| Parallel execution | Supported |
| Distributed execution | Not supported |
Syntax
Target
FIELD, ...(required)- Field names to specify the output order. List multiple fields separated by commas (
,). The listed fields are output first in the specified order, and unlisted fields are sorted alphabetically.
Error codes
Parse errors
| Error code | Message | Description |
|---|---|---|
| 23500 | No field list specified for the order command. | No fields were specified. |
Runtime errors
None
Description
The order command rearranges the field output order when displaying query results. It does not change the record data — it outputs the specified fields first and then displays the remaining fields in alphabetical order.
Unlike the fields command, which selects or excludes specific fields, the order command keeps all fields and only changes the output order.
Examples
-
Output specific fields first
json "[{'src_ip': '192.0.2.1', 'action': 'allow', 'dst_ip': '198.51.100.1', 'bytes': 1024}]" | order src_ip, dst_ip, actionOutputs the
src_ip,dst_ip, andactionfields first in the specified order, followed by the remaining fields (bytes) in alphabetical order. -
Rearrange field order in table query results
table duration=1h WEB_LOGS | order method, status, src_ipPlaces the
method,status, andsrc_ipfields at the front and outputs the remaining fields in alphabetical order.