Did folderize stop working?

ualbanytech · ‎04-22-2011

I had an old Splunk saved search from several versions ago which successfully used folderize.

However, when I ran it recently under Splunk 4.1.6 it seems to run but, finally returns the error:

[SimpleResultsTable module] Server reported HTTP status=400 while getting mode=results Error in 'folderize' command: Folderize requires an 'attr' value.

Here is my search:

 index=uad-ps sourcetype="access_combined_rsptime" | stats count(uri) by uri | folderize size=count(uri) attr=uri   sep="/"

The example in the Splunk docu. also fails with same error. Here is that search:

| metadata type=sources | folderize maxfolders=20 attr=source sep="/"| sort totalCount d

I swear my search was working when I saved it.
Should I submit a bug report?

MuS · ‎07-28-2015

Hi ualbanytech,

you probably should have done so. Meanwhile we arrived at Splunk verison 6.2.4 and folderize works again.
Running your last example | metadata type=sources | folderize maxfolders=20 attr=source sep="/"| sort totalCount d will give you this result:

alt text

cheers, MuS

Did folderize stop working?

Index This | What did the zero say to the eight?

Splunk Observability Cloud's AI Assistant in Action Series: Onboarding New Hires & ...

Now Playing: Splunk Education Summer Learning Premieres

Are you a member of the Splunk Community?

Did folderize stop working?

Index This | What did the zero say to the eight?

Splunk Observability Cloud's AI Assistant in Action Series: Onboarding New Hires & ...

Now Playing: Splunk Education Summer Learning Premieres