Solved: Count field is showing in the left most column

dzayas · ‎05-29-2019

Anytime I run a search with a transforming command, the count field is populating in the left column. For some reason, Splunk has been doing this for all users and its messing with all of our dashboards. Anyone have a similar issue and a fix?

dzayas · ‎07-17-2019

The fix for this was to comment out the line:

phased_execution_mode = singlethreaded

in limits.conf of Enterprise Security.

View solution in original post

dzayas · ‎07-17-2019

The fix for this was to comment out the line:

phased_execution_mode = singlethreaded

in limits.conf of Enterprise Security.

rajindurbal · ‎05-29-2019

Good Evening @dzayas ,

I am not able to reproduce that error as well. Something you can do to fix that is:
index=fw
| stats count by description
| table description, count

Please let me know if that helps

dzayas · ‎05-30-2019

I have done that but its a simple spot fix. This isn't normal operation for Splunk. Plus, it's messing up all the prebuilt dashboards in Enterprise Security.

jawaharas · ‎05-29-2019

I can't reproduce the issue in Splunk 7.1.1. Which version of Splunk Enterprise you are using?

dzayas · ‎05-30-2019

Splunk Core - 7.2.1
Splunk ES - 5.2.2

ahmadsaadwarrai · ‎05-29-2019

I can't reproduce this issue also on Splunk version 7.2.4.

dzayas · ‎05-30-2019

Splunk Core - 7.2.1
Splunk ES - 5.2.2

jawaharas · ‎05-30-2019

@Dshys,
Can you try Splunk file integrity check and update here if you find any errors?

./splunk validate files

Count field is showing in the left most column

Splunk Custom Visualizations App End of Life

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk