Getting Data In

About Summary Indexing

christantoy
Path Finder

Good day!

May i ask you guys a favor can you tell us on how we can use Summary indexing or how to configure it? i have already seen the document about summary indexing but i'm still didn't understand on how i can apply the summary indexing into may search.

Thank you in advance sorry with my little poor english

Regards
Cris

Tags (2)
0 Karma

MuS
SplunkTrust
SplunkTrust

Hi christantoy

the easiest way is to create a search that suits your needs, save it. Then in Manager » Searches and reports click your saved search and schedule it, enable summary indexing and your done with your first summary index.

Remember that the summary index only contains the data it gets through your saved search, meaning you can only that data in your summary index and nothing else.

hope this helps to get you started....

cheers,

MuS

christantoy
Path Finder

Ok got it but can i ask you again after i do a test for it?

thanks a lot!

Regard
Cris

0 Karma

MuS
SplunkTrust
SplunkTrust

this to limit the search in time, meaning start searching 26 hours ago and stop 2 hours ago from that time when the search started. the cron like stuff would be if you schedule your search

0 Karma

christantoy
Path Finder

Ohh ic ic but im still wondering what the use of this search string "starthoursago=26 endhoursago=2" or is this the same if i go for the CRON set-up??

Thanks in advance
Cris

0 Karma

MuS
SplunkTrust
SplunkTrust

sure will this work, basically it is the same as I wrote you just with bit more explanation around it 🙂

christantoy
Path Finder

Hi MuS

I appreciate your answer thank you! but is there another way? i been seen this documentation. please take a look.

http://wiki.splunk.com/Community:Summary_Indexing

what do you think? is this work?

Thanks in advance

Regards
Cris

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...