Knowledge Management
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Collect command not storing to existing index

jamesvz84
Communicator
‎12-09-2014 11:16 AM

I have created an index on the indexer (myindex).

I have a search that pipes to collect so that results are stored in the index "win_snapshot":

index=windows_stats | addinfo | table _time info_min_time Drive server_name avg counter site_name | collect index=win_snapshot addtime=true

However, this does not end up getting stored in the win_snapshot index.

What must I do for the data to be stored in win_snapshot. I have another environment where the exact same query is working, but I cannot find out what the difference is.

The role for my user has visibility into this index on both environments.

0 Karma
Reply

vasanthmss
Motivator
‎12-12-2014 10:46 AM

is it working?

V
0 Karma
Reply

vasanthmss
Motivator
‎12-11-2014 02:30 PM

Hi James,

I faced the same scenario once, Where as the index is not available in search head.(I am not sure why/how this happen).

you will came to know the same by any of the below options,

Option 1: Go to search head Settings-> Data -> Indexes and check your index is available or not.

Option 2:

 1. create a search
 2. schedule it based on your requirement
 3. check the summary indexing check box
 4. you can see the list of indexes available for summary. I guess the index which you are referring will not be available.

In that case you need create a same index in search head that will work.

Give a try.

Cherrs!

V
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...