Hello, since 2018 our application has been logging to Azure Storage, in a single container, with "folders" broken down as: /Year2018/Month04/Day12/Hour15/Minute20/Subscription123/User/456/logtype.log   My goal is to pull these logs (json) into Splunk, and so I've set up the Add-On and begun ingesting data... but it kept stopping at 2018... never getting to 20(19/20/21/22).  Investigating why, after quite a bit of tinkering around, I found some internal logs that indicated  The number of blobs in container [containername] is 5000  Which... upon further research... is the maximum number of records returned without hitting a movenext marker because of forced paging with the API. So... I mean I can go edit the python script myself... but is there another way/better way to do this or is a fix for this already in the works?  And, if not and I make the change... is there a github or something I can submit the change to? ... View more

Is there by chance a way to set Splunk in a "Developer Mode" so all changes you make in the UI happen at the default folder instead of the user/local folder? A bit of an annoying step when doing development to have to go copy them out when it's time to build the deployment version of an app. ... View more

So... I have a weird one I can't seem to find much info on. I want to use the per_second() command, but i want a sum of it's results. The real scenario is complicated but for simplification lets say we have csv data that returns: _time,feet,name ###,100,steve ###,70,bob ###,200,steve ###,120,bob and i want to know the feet per second, by name. timechart per_second(feet) as Fps by name no problem. makes a nice chart of feet per second, by name, for each time tick. but what i want is a table, that shows a sum of: Name Fps ------------ Bob 23 Steve 42 (numbers in that example made up) when i try to do: timechart per_second(feet) as Fps by name | stats sum(FPS) by Name i get zilch. ... View more

A much more simple version of this question... but along the same lines. All over the google results for this people keep redirecting the questions with "don't use HTML, use a table module" when that's not what was asked... though the people ARE putting stuff in tables the HTML they're requesting help with, it's really not much of an answer for the next person coming along. In my case I'm not making a table... but making a table IS a good simple example of what I DO want and a legit answer to those question would have been very helpful. I have a search that returns a single tabled column. A list. I want that list displayed horizontally, comma separated. So my search is, for example: index="smurf_village" | table smurf_name | dedup smurf_name Which produces: smurf_name ------------------- grumpy sleepy clumsy papa And what I want is: <div>The Smurf Names are: grumpy, sleepy, clumsy, papa</div> And I'm at a standstill because it seems like an impossibility with Splunk to do this in a reasonable way... Tried some javascript, but you can't enumerate the results that way... is $results[0]$, or any known quantity, really all that it's good for? ... View more