After a moderate amount of experimentation, I found what works, which is that there has to be a comma and a space between the key=value pairs. And if the value contains spaces or commas, it needs to be escape quoted. And the stream should have an | addinfo included for the manual population of the index (backfill):
... | stats count by _time,vpn_action,country_source | addinfo | collect index=mysummary marker="summary_type=vpn, summary_span=3600, summary_method=bucket, search_name=\"vpn starts and stops\""
Using a search of this form gives me fields I can use when I do a search (e.g. search index=mysummary ). The | addinfo ensures that the search results contain fields that specify when the search was run to populate these particular index values. I think that gets added automatically for scheduled searches. But if you're doing a manual search to backfill the index, throw the | addinfo into the stream before the collect.
In the category of "error between keyboard and monitor", I thought I'd tried this before posting a question, but I hadn't (quite). The space after the comma is necessary. I do wonder why space-separated doesn't work, since space separated key=value pairs are automatically parsed at search time for _raw fields otherwise.
... View more