Archive

summary index not working

Path Finder

I have created a query

index="xxx" source="xxxxxx"|dedup dn|sistats count

scheduled this hourly

I could not find any data with
index=summary search_name="my schedule report name"

could not understand what went wrong, can anybody please help

Thank you
AB

Tags (1)
0 Karma
1 Solution

Path Finder

changed the value of
action.summary_index to 1 in savedsearches.conf and then restared SPLUNK

it is working now

View solution in original post

0 Karma

Path Finder

changed the value of
action.summary_index to 1 in savedsearches.conf and then restared SPLUNK

it is working now

View solution in original post

0 Karma

Champion

Can you share the contents of savedsearches.conf that shows the full configuration for your summary indexing search?

0 Karma

Path Finder

Thank you... forgot completely about savedsearches.conf.... working now ...

0 Karma