Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I know the title of my system index

aohls
Contributor
‎07-18-2019 11:29 AM

I have read through the documentation and still feel that I am missing something with creating an index summary. I want to use sistats and have my data setup how I want it to generate the index summary. How would I know what the summary is named or how do I generate an index summary for where my data will get stored. I might have missed a key point but I done see how if I use sistats I know how to reference my data.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

adonio
Ultra Champion
‎07-18-2019 01:07 PM

a summary index is just like any other index
for creating, setting, and all other purposes

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

adonio
Ultra Champion
‎07-18-2019 01:07 PM

a summary index is just like any other index
for creating, setting, and all other purposes

0 Karma
Reply
Solved! Jump to solution

aohls
Contributor
‎07-19-2019 05:57 AM

So at the end of the search if I have sistats. How would I then search that index? I might need to read up on indexing more but I am looking to speed searching the data. Using sistats seems that it would allow me to search just that data but I am not sure how I would then search it after. Is it more of a behind the scenes item where my search will simply be faste?

0 Karma
Reply
Solved! Jump to solution

aohls
Contributor
‎07-19-2019 07:44 AM

@adonio thank you. I checked these before and it clicked better this time. Will this persist data also? We have about a 3 month limit. I am creating a manual dataset to persist for a longer timerange. Do indexes keep data longer also or only accelerate reporting?

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎07-19-2019 07:56 AM

you can set index to whatever retention period you want
retention is limited by either time or size, whatever comes first

0 Karma
Reply
Solved! Jump to solution

aohls
Contributor
‎07-19-2019 08:56 AM

This makes a lot more sense thank you. I think half the confusion has come from me not having the access to create an index.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...