Knowledge Management
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Collect command not storing to existing index

jamesvz84
Communicator
‎12-09-2014 11:16 AM

I have created an index on the indexer (myindex).

I have a search that pipes to collect so that results are stored in the index "win_snapshot":

index=windows_stats | addinfo | table _time info_min_time Drive server_name avg counter site_name | collect index=win_snapshot addtime=true

However, this does not end up getting stored in the win_snapshot index.

What must I do for the data to be stored in win_snapshot. I have another environment where the exact same query is working, but I cannot find out what the difference is.

The role for my user has visibility into this index on both environments.

0 Karma
Reply

vasanthmss
Motivator
‎12-12-2014 10:46 AM

is it working?

V
0 Karma
Reply

vasanthmss
Motivator
‎12-11-2014 02:30 PM

Hi James,

I faced the same scenario once, Where as the index is not available in search head.(I am not sure why/how this happen).

you will came to know the same by any of the below options,

Option 1: Go to search head Settings-> Data -> Indexes and check your index is available or not.

Option 2:

 1. create a search
 2. schedule it based on your requirement
 3. check the summary indexing check box
 4. you can see the list of indexes available for summary. I guess the index which you are referring will not be available.

In that case you need create a same index in search head that will work.

Give a try.

Cherrs!

V
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...