Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I schedule a report with summary index enabled?

joachimroshan
New Member
‎03-31-2020 01:46 PM

I have created a scheduled search for the below query with the summary index enabled. When I open the link from the email generated, I get this response in Splunk:
"There are no results because the first scheduled run of the report has not completed."

I have scheduled the search to run for the last 30 days with a frequency of 1 hour.
Am I doing something incorrectly here? The Splunk version is 7.2.0

sourcetype="pcf:Log" AND cf_space_name=perf AND cf_org_name=* | timechart span=1h dc(span_id) by cf_org_name usenull=f useother=f limit=10
Labels (2)
0 Karma
Reply

akocak
Contributor
‎04-07-2020 12:44 PM

I think one solution could be , First, disable summary indexing from this scheduled search, and create a new scheduled search that runs after this search and works for summary indexing:

| savedsearch "timechart search scheduled" | sistats dc(span_id) by cf_org_name

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...