Getting Data In

Compatible commands with Summary Index- Why aren't stats and chart command working?

Poojitha
Path Finder

Hi All,

I have created a summary index . I am making use of "sistats count by <fields>" to populate all the fields required. And I see those fields as well. 

The issue is - On this index I am trying to use chart command and also stats count(<field>) as test (chart command in one query and stats count in another query) but its not working. There is no results returned. Instead I use stats command and populate data to summary index , both commands are working.

Please let me know why chart and stats command are not working on the summary index that I have created using sistats command . [sichart as well not working]. I am missing some technical information here.

Regards,
PNV

Labels (1)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

I may be wrong as I haven't used sistats, although I have used summary indexes. My interpretation of the documentation is that to retrieve the stats from the summary index created by the sistats command, you have to use the exact same command apart from substituting the sistats with stats. Similarly, for sichart and chart. You cannot mix them. Therefore, the reason you are not getting results from your summary index with chart is because they were put there by sistats (not sichart).

0 Karma
Get Updates on the Splunk Community!

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...

New This Month - SLO Capabilities, APM Advanced Filtering & Usage Analytics Plus ...

More for SLO Management We’re continuing to expand the built-in SLO management experience in Splunk ...

Enterprise Security Content Update (ESCU) | New Releases

In June, the Splunk Threat Research Team had 2 releases of new security content via the Enterprise Security ...