topic Backfill summary index without original data? in Knowledge Management https://community.splunk.com/t5/Knowledge-Management/Backfill-summary-index-without-original-data/m-p/31380#M284 <P>We used to have a system that aggregated accounting information from some log files and produced daily summaries. We have about 5 years' worth of this summary data.</P> <P>Now we'd like to use Splunk to index the accounting logs and to produce daily summaries in a summary index. However, we'd also like to be able to import all our old summary data into the summary index. The fill_summary_index.py script doesn't help here because the original data is gone. Is there a way to do this?</P> Mon, 28 Sep 2020 09:41:30 GMT alexiri 2020-09-28T09:41:30Z Backfill summary index without original data? https://community.splunk.com/t5/Knowledge-Management/Backfill-summary-index-without-original-data/m-p/31380#M284 <P>We used to have a system that aggregated accounting information from some log files and produced daily summaries. We have about 5 years' worth of this summary data.</P> <P>Now we'd like to use Splunk to index the accounting logs and to produce daily summaries in a summary index. However, we'd also like to be able to import all our old summary data into the summary index. The fill_summary_index.py script doesn't help here because the original data is gone. Is there a way to do this?</P> Mon, 28 Sep 2020 09:41:30 GMT https://community.splunk.com/t5/Knowledge-Management/Backfill-summary-index-without-original-data/m-p/31380#M284 alexiri 2020-09-28T09:41:30Z Re: Backfill summary index without original data? https://community.splunk.com/t5/Knowledge-Management/Backfill-summary-index-without-original-data/m-p/31381#M285 <P>There's nothing special about a "summary index" except that the data it holds is summarized. If you have data that is already summarized you can just stuff it in any index (just create a new one) and use it just like you would any other data (i.e. index=accounting_data | timechart sum(income) by department).</P> Tue, 21 Jun 2011 22:08:51 GMT https://community.splunk.com/t5/Knowledge-Management/Backfill-summary-index-without-original-data/m-p/31381#M285 mw 2011-06-21T22:08:51Z Re: Backfill summary index without original data? https://community.splunk.com/t5/Knowledge-Management/Backfill-summary-index-without-original-data/m-p/31382#M286 <P>My summary index is built with sistats, so I'm not quite sure of what the internal format is like. Is there any description of it?</P> Wed, 22 Jun 2011 08:45:04 GMT https://community.splunk.com/t5/Knowledge-Management/Backfill-summary-index-without-original-data/m-p/31382#M286 alexiri 2011-06-22T08:45:04Z