Solved: License Percentage Used Saved Search returning odd...

wwhitener · ‎11-29-2011

Greetings,

I have a saved search:

index=_internal sourcetype=splunkd Metrics "group=per_host_thruput" | stats sum(kb) AS Totalkb | Eval GB=round(Totalkb/1048576,2) | eval percent=round(GB/.5 * 100) | TABLE percent

This is tied to the custom time range -24h@d -- to hopefully snap it so that I get the past 24 hours up to 000 hours this morning.

I saved this little query and tried to run it from the command line. I was expecting a single value, but instead got:

Preview of: | savedsearch Percent_Used

percent

------

74

Preview of: | savedsearch Percent_Used

percent

-------

84

percent

-------

2148

I've never seen the previews before upgrading to 4.2.2. I really only need the last value--not the "previews". Is there a way to turn this off with 4.2.2?

Thank you!

wwhitener · ‎11-30-2011

http://splunk-base.splunk.com/answers/8288/where-is-the-option-to-disable-preview-at-cant-find-it-an... has some good information on this. I ended up going to the search and clicking on the results and found this checkbox.

View solution in original post

wwhitener · ‎11-30-2011

http://splunk-base.splunk.com/answers/8288/where-is-the-option-to-disable-preview-at-cant-find-it-an... has some good information on this. I ended up going to the search and clicking on the results and found this checkbox.

wwhitener · ‎12-05-2011

This more or less answered my question--how to get rid of the Preview. I'm marking it as answered.

License Percentage Used Saved Search returning odd values

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector

Adoption of Infrastructure Monitoring at Splunk