Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Did folderize stop working?

ualbanytech
Path Finder
‎04-22-2011 03:02 PM

I had an old Splunk saved search from several versions ago which successfully used folderize.

However, when I ran it recently under Splunk 4.1.6 it seems to run but, finally returns the error:

[SimpleResultsTable module] Server reported HTTP status=400 while getting mode=results Error in 'folderize' command: Folderize requires an 'attr' value.

Here is my search:

 index=uad-ps sourcetype="access_combined_rsptime" | stats count(uri) by uri | folderize size=count(uri) attr=uri   sep="/"

The example in the Splunk docu. also fails with same error. Here is that search:

| metadata type=sources | folderize maxfolders=20 attr=source sep="/"| sort totalCount d

I swear my search was working when I saved it.
Should I submit a bug report?

Tags (2)
Reply

MuS
Legend
‎07-28-2015 07:47 PM

Hi ualbanytech,

you probably should have done so. Meanwhile we arrived at Splunk verison 6.2.4 and folderize works again.
Running your last example | metadata type=sources | folderize maxfolders=20 attr=source sep="/"| sort totalCount d will give you this result:

alt text

cheers, MuS

Preview file
1 KB
Reply
Get Updates on the Splunk Community!

Access Tokens Page - New & Improved

Splunk Observability Cloud recently launched an improved design for the access tokens page for better ...

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...