reverse

The reverse command reverses the display order of the search results. It returns the same results but in the opposite order.

The reverse command processes the entire dataset. If applied directly to millions of records, it consumes significant coordinating node memory resources. Only apply the reverse command to smaller datasets, typically after aggregation operations.

Syntax

The reverse command has the following syntax:

reverse

Example 1: Using basic reverse operation

The following query reverses the order of all documents in the results:

source=otellogs
| fields severityText, `resource.attributes.service.name`
| head 5
| reverse

The query returns the following results:

Example 2: Using the reverse and sort commands

The following query reverses results after sorting by severityNumber in ascending order, effectively implementing descending order:

source=otellogs
| sort severityNumber
| fields severityText, severityNumber
| head 5
| reverse

The query returns the following results:

Example 3: Using the reverse and head commands

The following query uses the reverse command together with the head command to retrieve the last two records from the original result order:

source=otellogs
| reverse
| head 2
| fields severityText, `resource.attributes.service.name`

The query returns the following results:

Example 4: Double reverse

The following query shows that applying reverse twice returns documents in the original order:

source=otellogs
| reverse
| reverse
| fields severityText, `resource.attributes.service.name`
| head 5

The query returns the following results:

Example 5: Using the reverse command with filtering

The following query uses the reverse command with filtering and field selection:

source=otellogs
| where severityText = 'ERROR'
| fields severityText, `resource.attributes.service.name`
| reverse

The query returns the following results: