I am somewhat confused on how to set up my searches to populate my summary index. For example, two of the reports will have similar data but different sort orders:
starthoursago="2" endhoursago="1" eventtype="HAProxy Web Logs" | sistats count, sum(HTTP_HAPROXY_BYTES_SENT) by HTTP_CLIENT_IP | sort by count desc | head 2000
vs
starthoursago="2" endhoursago="1" eventtype="HAProxy Web Logs" | sistats count, sum(HTTP_HAPROXY_BYTES_SENT) by HTTP_CLIENT_IP | sort by sum(HTTP_HAPROXY_BYTES_SENT) | head 2000
Should I somehow be combing these two searches and then running the sorts from search against the summary index?
Yes. There is not much point in sorting the summarized data. You should sort when you retrieve the data from the summary. Summarization is not for saving a report, but rather for saving data.