I have followed this guide.
My search is a simple one, just to export errors to another index:
index=index_1 ... level>30
After the scheduled job finished running, the index is empty.
I am a bit confued when to use the
I have configured the search (report) with the summary index, but nothing happened...
What am I doing wrong?
Did you "Set up summary index searches in Splunk Web?", as documented on Use summary indexing for increased reporting efficiency
Or you can use the collect command in the search, I use the above via Splunk Web as per the docs...