Collect command not storing to existing index

jamesvz84 · ‎12-09-2014

I have created an index on the indexer (myindex).

I have a search that pipes to collect so that results are stored in the index "win_snapshot":

index=windows_stats | addinfo | table _time info_min_time Drive server_name avg counter site_name | collect index=win_snapshot addtime=true

However, this does not end up getting stored in the win_snapshot index.

What must I do for the data to be stored in win_snapshot. I have another environment where the exact same query is working, but I cannot find out what the difference is.

The role for my user has visibility into this index on both environments.

vasanthmss · ‎12-12-2014

is it working?

V

vasanthmss · ‎12-11-2014

Hi James,

I faced the same scenario once, Where as the index is not available in search head.(I am not sure why/how this happen).

you will came to know the same by any of the below options,

Option 1: Go to search head Settings-> Data -> Indexes and check your index is available or not.

Option 2:

 1. create a search
 2. schedule it based on your requirement
 3. check the summary indexing check box
 4. you can see the list of indexes available for summary. I guess the index which you are referring will not be available.

In that case you need create a same index in search head that will work.

Give a try.

Cherrs!

V

Collect command not storing to existing index

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor