Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Summary Indexing Not Updating

IRHM73
Motivator
‎07-18-2019 12:03 AM

Hi, I wonder if someone could help me please.

We're using Enterprise V6.5.7 and we have issues in updating summary indexes using both the 'fill summary' command and scheduled searches (via cron jobs).

The jobs are shown as being run successfully but, the data is not being ingested into the Summary Index, and this is affecting multiple Summary Indexes.

However, when we run the same search in the UI using the 'collect' command, an example of which is:

collect index=summary_dg_allcode marker="report=CoDE2019Data"

The data is ingested correctly into the Summary Index.

I appreciate that the details are sketchy, basically I'm not even sure where to start looking, but I just wondered whether someone may be able to offer some guidance if they've experienced similar issues, and how they've resolved this, and /or whether they can suggest areas to look into, in greater depth?

Many thanks and kind regards

Chris

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...