Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to View Endpoint LogsHow to Use Audit LogsHow to Use Agent LogsWhere to Find PostgreSQL LogsAdvanced Log and Log Location Information for Power UsersWhat are common errors shown in the Agent Log and how do I fix them?Can I Export Agent Log Data for External Analysis?Can I export Audit Log data for External Analysis?How do I export Audit Log data via the Web API?Can I customize which events appear in the Audit Log?Can I schedule automated exports of Audit Log data?Is there a sample script for API-based audit log export?Guide to Analyzing Logs and Generating Graphs in Time IntervalsIs There a Sample Script for Exporting Agent Log Data?What are Best Practices for Managing Large Log Exports?Is There an Example of Filtering Logs by Severity?What are best practices for storing and securing exported log data?What Tools Integrate Well with Spirion for Log Integrity VerificationIs There a Sample Script for Hash Verification?
PowerBI
Can the information within a Gather Data file be viewed in a third-party tool such as PowerBI?What Charts are Most Useful when using a tools like PowerBI?Power Query (M) Script in PowerBI for Log AnalysisHow do I parse an Agent Log in PowerBI?How can I detect duplicate log entries in PowerBI?How do I compare two log files in PowerBI?How do I compare timestamps across files?What if timestamps are missing from my Spirion Logs?How should I handle null rows?Example of a Power Query Script in PowerBIHow do I sort Logs Chronologically in PowerBI?How do I handle mixed timestamp formats in PowerBI?
How to Manage Users and Roles
Reports
Settings and Resources
Additional Resources
Release Notes
Reporting API
Customer Support Articles

How do I sort Logs Chronologically in PowerBI?

To sort Spirion logs chronologically in Power BI, you must move beyond simple alphabetical sorting (which fails because IDF.log.10 often comes before IDF.log.2) and use a True Timestamp Sort.

Here is the step-by-step process to ensure your logs appear in the exact order they occurred:

1. Convert to "Date/Time" Data Type

Power BI cannot chronologically sort "Text." If your timestamp column has a small calendar icon next to it, it is ready. If it has an "ABC" icon, it is being treated as text.

  • In Power Query: Right-click your Timestamp column > Change Type > Date/Time.
  • Why: Text sorting puts "10:00 AM" before "2:00 PM," but it also puts "01/01/2024" before "12/31/2023" regardless of the year. Date/Time type understands the actual passage of time.

2. Use the "Sort Ascending" Feature

Once the data type is correct, the sort is simple:

  • In the Data View: Click the dropdown arrow on the header of your Timestamp column and select Sort Ascending.
  • In a Table Visual: Click the column header for Timestamp until the small arrow points upward.

3. The "Tie-Breaker": Adding an Index Column

Spirion agents can generate multiple log entries in the same second (e.g., during a high-speed file scan). If two rows have the exact same timestamp, Power BI might "jumble" their order.

  • The Fix: In Power Query, go to Add Column > Index Column (from 1).
  • The Logic:
    1. Sort by Timestamp (Ascending).
    2. Hold Shift and click the Index column to add a secondary sort.
  • Result: This ensures that even if 10 lines happen at 12:01:05 PM, they stay in the exact order the agent wrote them to the file.

4. Handling Rotated Logs (The "Name" Trap)

If you are looking at IDF.log, IDF.log.1, and IDF.log.2, Power BI's default "Folder" view will sort them alphabetically. This is the opposite of chronological order (since .log.2 is older than .log).

  • The Fix: Ignore the filename. Once you have parsed the timestamps from inside the files, the filename no longer matters for sorting. Sorting by the internal Timestamp column will automatically "re-stitch" the files into one continuous timeline.

5. Sorting in Visuals (Charts)

If your Line Chart looks "zig-zagged" or out of order:

  1. Click the three dots (...) in the top right corner of the visual.
  2. Select Sort axis.
  3. Choose your Timestamp column (not "Count of Message").
  4. Select Sort ascending.

Troubleshooting: "My logs are still out of order!"

If the logs still look wrong, check for these two common Spirion log issues:

  • Timezone Drift: If you are comparing logs from a Server in New York and an Agent in London, the London logs will appear 5 hours "ahead." You must normalize them to a single timezone (like UTC) in Power Query before sorting.
  • System Clock Changes: If a server's clock was manually adjusted during a scan, the logs will physically overlap. In this case, the Index Column is your only way to see the "true" sequence of how the agent experienced the events.

Summary: Ensure your timestamp is set to the Date/Time data type, then apply an Ascending Sort. For perfect accuracy, add an Index Column to act as a tie-breaker for events that occur in the same second.

Was this article helpful?

Powered by Product Fruits