Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Did folderize stop working?

ualbanytech
Path Finder
‎04-22-2011 03:02 PM

I had an old Splunk saved search from several versions ago which successfully used folderize.

However, when I ran it recently under Splunk 4.1.6 it seems to run but, finally returns the error:

[SimpleResultsTable module] Server reported HTTP status=400 while getting mode=results Error in 'folderize' command: Folderize requires an 'attr' value.

Here is my search:

 index=uad-ps sourcetype="access_combined_rsptime" | stats count(uri) by uri | folderize size=count(uri) attr=uri   sep="/"

The example in the Splunk docu. also fails with same error. Here is that search:

| metadata type=sources | folderize maxfolders=20 attr=source sep="/"| sort totalCount d

I swear my search was working when I saved it.
Should I submit a bug report?

Tags (2)
Reply

MuS
SplunkTrust
SplunkTrust
‎07-28-2015 07:47 PM

Hi ualbanytech,

you probably should have done so. Meanwhile we arrived at Splunk verison 6.2.4 and folderize works again.
Running your last example | metadata type=sources | folderize maxfolders=20 attr=source sep="/"| sort totalCount d will give you this result:

alt text

cheers, MuS

Preview file
44 KB
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...