Splunk Search

Why is summary index is missing a few indexes in its output?

umsundar2015
Path Finder

Hi,

I am using around 8 indexes to create a summary index. But after creating the summary index, i am seeing the data for only 6 indexes and 2 indexes were missing.

Please help me with reason and steps to rectify. I need to see all the 8 indexes in the output.

0 Karma

somesoni2
SplunkTrust
SplunkTrust

What is you summary index search?

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi umsundar2015,
did you write twice this question (see 496099)?
every way, run the search you are using to populate summary index without summarization command and with a filter on the two loss indexes and see is there are events that match your condition, probably you're using a wrong condition.
Bye.
Giuseppe

0 Karma

umsundar2015
Path Finder

thanks Giuseppe

But i have all the index values when i run it without summarization. i mean in normal search format.
But after summarization the index values are missing like index=dem(newly created summary index)

what might be the reason ...

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...