Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

what is the difference between "summary index" and alert action "Log Event"?

yutaka1005
Builder
‎03-18-2019 12:47 AM

I think both of these function can output alert's result to index.
Then, is the difference only these?

1. "summary index" is not related to license calculation.(But "Log Event" is related to it.)
2. "Log Event" can output event data to other splunk instance.(But "summary index" can't.)

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

HiroshiSatoh
Champion
‎03-18-2019 02:48 AM

サマリーインデックスはインデックスに取り込んだログをサマリーするためのもの。ログイベントは新しいログイベントを生成するためのもの。新しいログを取り込むのでログイベントはライセンスを消費します。

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

HiroshiSatoh
Champion
‎03-18-2019 02:48 AM

サマリーインデックスはインデックスに取り込んだログをサマリーするためのもの。ログイベントは新しいログイベントを生成するためのもの。新しいログを取り込むのでログイベントはライセンスを消費します。

0 Karma
Reply
Solved! Jump to solution

yutaka1005
Builder
‎03-18-2019 05:54 PM

English version of above answer.

The summary index is for summarizing the logs included in the index. Log events are for generating new log events. Log events consume licenses because they capture new logs.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...