Knowledge Management
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Report not displayed using summary index

mike7860
Explorer
‎11-26-2012 10:51 AM

I am able to generate events using summary indexing. In the search app I type in index=_internal search_name="index usage". The results displays the events, but actually the results that I have saved and scheduled search using summary index is in the form of a table report. Why isn't the table report getting generated? The event logs get displayed but i need the original saved report displayed.

Tags (1)
0 Karma
Reply

lguinn2
Legend
‎11-26-2012 11:07 AM

Assume you created the summary index with the a saved search named "index usage" that looks like this:

yoursearchhere | sistats count by fx fy fz

You should not be saving your search results in the _internal index!! They should be saved in a summary index; there is a default summary index, named summary. A Splunk admin can create other summary indexes, but I will use summary for this example.

Then you retrieve the results with this search:

index=summary search_name="index usage" | stats count by fx fy fz

Note that this search ends with the same command as the first search, but substituting the stats command for the sistats.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...