Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

what is the difference between "summary index" and alert action "Log Event"?

yutaka1005
Builder
‎03-18-2019 12:47 AM

I think both of these function can output alert's result to index.
Then, is the difference only these?

1. "summary index" is not related to license calculation.(But "Log Event" is related to it.)
2. "Log Event" can output event data to other splunk instance.(But "summary index" can't.)

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

HiroshiSatoh
Champion
‎03-18-2019 02:48 AM

サマリーインデックスはインデックスに取り込んだログをサマリーするためのもの。ログイベントは新しいログイベントを生成するためのもの。新しいログを取り込むのでログイベントはライセンスを消費します。

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

HiroshiSatoh
Champion
‎03-18-2019 02:48 AM

サマリーインデックスはインデックスに取り込んだログをサマリーするためのもの。ログイベントは新しいログイベントを生成するためのもの。新しいログを取り込むのでログイベントはライセンスを消費します。

0 Karma
Reply
Solved! Jump to solution

yutaka1005
Builder
‎03-18-2019 05:54 PM

English version of above answer.

The summary index is for summarizing the logs included in the index. Log events are for generating new log events. Log events consume licenses because they capture new logs.

0 Karma
Reply
Get Updates on the Splunk Community!

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...