Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Summary Indexing Not Updating

IRHM73
Motivator
‎07-18-2019 12:03 AM

Hi, I wonder if someone could help me please.

We're using Enterprise V6.5.7 and we have issues in updating summary indexes using both the 'fill summary' command and scheduled searches (via cron jobs).

The jobs are shown as being run successfully but, the data is not being ingested into the Summary Index, and this is affecting multiple Summary Indexes.

However, when we run the same search in the UI using the 'collect' command, an example of which is:

collect index=summary_dg_allcode marker="report=CoDE2019Data"

The data is ingested correctly into the Summary Index.

I appreciate that the details are sketchy, basically I'm not even sure where to start looking, but I just wondered whether someone may be able to offer some guidance if they've experienced similar issues, and how they've resolved this, and /or whether they can suggest areas to look into, in greater depth?

Many thanks and kind regards

Chris

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...