It's really very simple. Look for this use case: You want to get a report on your dashboard with a summary of the number of errors per host from the last 24 hours. Your report without summary indexing would look like this:

index=yourindex ERROR starthoursago=24 | timechart count(_raw) by host

Now you change your search term like this:

index=yourindex ERROR startminutesago=30 | sitimechart count(_raw) by host

and save this search and select to schedule this search. Choose schedule type basic and run it every 30 minutes (must be equal to the value of startminutesago= in your search). Choose enable summary indexing and type "summary" in the field for the summary index name. This index exists already in your default splunk installation. I used to specify a custom field named «report» with the value of «my_custom_report» or whatever you like to. With this field you are able to find easier your results in the summary index. Now save the search. What will happen now? Every 15 minutes splunk runs the saved search and puts the data needed for the timechart in the summary index. You can now get this data with the following search:

index=summary report=my_custom_report | timechart count(_raw) by host

Use this report now for your dashboard and you will recognize that this report will build much faster.

There is a nice page in the splunk documentation too: http://www.splunk.com/base/Documentation/4.0.8/User/UseSummaryIndexingForIncreasedReportingEfficienc...

Let me know if you have further questions.