Splunk Enterprise Security

Count field is showing in the left most column

dzayas
Explorer

Anytime I run a search with a transforming command, the count field is populating in the left column. For some reason, Splunk has been doing this for all users and its messing with all of our dashboards. Anyone have a similar issue and a fix?

alt text

alt text

0 Karma
1 Solution

dzayas
Explorer

The fix for this was to comment out the line:

phased_execution_mode = singlethreaded

in limits.conf of Enterprise Security.

View solution in original post

0 Karma

dzayas
Explorer

The fix for this was to comment out the line:

phased_execution_mode = singlethreaded

in limits.conf of Enterprise Security.

0 Karma

rajindurbal
Path Finder

Good Evening @dzayas ,

I am not able to reproduce that error as well. Something you can do to fix that is:
index=fw
| stats count by description
| table description, count

Please let me know if that helps

0 Karma

dzayas
Explorer

I have done that but its a simple spot fix. This isn't normal operation for Splunk. Plus, it's messing up all the prebuilt dashboards in Enterprise Security.

0 Karma

jawaharas
Motivator

I can't reproduce the issue in Splunk 7.1.1. Which version of Splunk Enterprise you are using?

0 Karma

dzayas
Explorer

Splunk Core - 7.2.1
Splunk ES - 5.2.2

0 Karma

ahmadsaadwarrai
Explorer

I can't reproduce this issue also on Splunk version 7.2.4.

0 Karma

dzayas
Explorer

Splunk Core - 7.2.1
Splunk ES - 5.2.2

0 Karma

jawaharas
Motivator

@Dshys,
Can you try Splunk file integrity check and update here if you find any errors?

./splunk validate files

0 Karma
Get Updates on the Splunk Community!

Thanks for the Memories! Splunk University, .conf24, and Community Connections

Thank you to everyone in the Splunk Community who joined us for .conf24 – starting with Splunk University and ...

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...