1. Home
    2. Security Operations
    3. Cortex XDR
    4. Cortex XDR™ XQL Language Reference
    5. Stages Commands Reference
    6. Sort

    Sort

    Cortex XDR XQL sort stage identifies the sort order for records returned in the result set.

    Synopsis

    sort asc|desc <
    field1
    >[, asc|desc <
    field2
    >...]

    Description

    The
    sort
     stage identifies the sort order for records returned in the result set. Records can be returned in ascending (
    asc
    ) or descending (
    desc
    ) order. If you provide more than one field to the
    sort
     stage, records are sorted in field specification order.

    Examples

    Return the
    action_country
     and
    event_timestamp
     fields from all
    xdr_data
     records where the
    action_country
     field is not "-". Sort the result set first by the
    action_country
     field value in descending order, then by
    event_timestamp
     field in ascending order. 
    dataset = xdr_data 
| fields action_country as ac, event_timestamp as et 
| replacenull ac = "N/A" 
| filter ac != "-"
| sort desc ac, asc et

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo