Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Did folderize stop working?

ualbanytech
Path Finder
‎04-22-2011 03:02 PM

I had an old Splunk saved search from several versions ago which successfully used folderize.

However, when I ran it recently under Splunk 4.1.6 it seems to run but, finally returns the error:

[SimpleResultsTable module] Server reported HTTP status=400 while getting mode=results Error in 'folderize' command: Folderize requires an 'attr' value.

Here is my search:

 index=uad-ps sourcetype="access_combined_rsptime" | stats count(uri) by uri | folderize size=count(uri) attr=uri   sep="/"

The example in the Splunk docu. also fails with same error. Here is that search:

| metadata type=sources | folderize maxfolders=20 attr=source sep="/"| sort totalCount d

I swear my search was working when I saved it.
Should I submit a bug report?

Tags (2)
Reply

MuS
Legend
‎07-28-2015 07:47 PM

Hi ualbanytech,

you probably should have done so. Meanwhile we arrived at Splunk verison 6.2.4 and folderize works again.
Running your last example | metadata type=sources | folderize maxfolders=20 attr=source sep="/"| sort totalCount d will give you this result:

alt text

cheers, MuS

capture.png
Preview file
44 KB
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
Top