Solved: Indexing problem

xiaoyuew · ‎09-01-2011

I tried to create a summary index for a search string. I scheduled the search, and enabled the index in the manager view. However, after the search is done, i couldn't find the summary. When i typed "index=summary ..." and it showed 0 records.

Can anybody help me to create this index? Thanks.

Damien_Dallimor · ‎09-01-2011

A few things to troubleshoot :

Are you sure the search is returning results ?

Have you "enabled" summary indexing on the scheduled search ?

Are you sure the search is being fired ? What does the time schedule pattern look like(Basic/Cron) ?

View solution in original post

Damien_Dallimor · ‎09-01-2011

A few things to troubleshoot :

Are you sure the search is returning results ?

Have you "enabled" summary indexing on the scheduled search ?

Are you sure the search is being fired ? What does the time schedule pattern look like(Basic/Cron) ?

TISKAR · ‎09-20-2016

Hello,

I have a problem with indexes in Splunk Entreprise .
the problem is that I added a folder contains several files , the Splunk began indexing but at some point it removes all that has indexed(COUNT EVENT=0) , knowing that I have not found this problem in Splunk light.

index characteristic:
range=ALL Time
The Max Size=500GB

index.conf:
[indexTest]
coldPath = $SPLUNK_DB/ffjj/colddb
enableDataIntegrityControl = 0
enableTsidxReduction = 0
homePath = $SPLUNK_DB/indexTest/db
maxTotalDataSizeMB = 512000
thawedPath = $SPLUNK_DB/indexTest/thaweddb
disabled = 0

input.conf:
[monitor:///data/splunk/test]
disabled = false
index = indexTest
sourcetype = LICENCIE

Indexing problem

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!