sort

Sorts records according to a specified sequence and order.

Syntax

sort [limit=INT] [-]FIELD, ... [by PARTITION_FIELD, ...]
Required Parameters
[-]FIELD, ...
Sort fields and order in which to sort the input data set, separated by a comma (,). The default order of the field is ascending order. To sort in descending order, prefix the name with a minus symbol().
Optional Parameters
limit=INT
Number of records to return from the sorted results (default: unlimited).
by PRTITION_FIELD, ...
After partitioning based on the value of the partition field, you can sort records by partition. If you use the limit option with the by clause, the command returns top n records from each partition.

Usage

  1. Return the top 10 records in descending order based on the count field.

    sort limit=10 -count
    
  2. Return the top 10 records in descending order based on the bytes and pkts fields.

    sort limt=10 -bytes, -pkts
    
  3. Return the top 10 records in descending order based on the bytes and pkts fields for each src and dst.

    sort limt=10 -bytes, -pkts by src, dst