Knowledge Management
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Report not displayed using summary index

mike7860
Explorer
‎11-26-2012 10:51 AM

I am able to generate events using summary indexing. In the search app I type in index=_internal search_name="index usage". The results displays the events, but actually the results that I have saved and scheduled search using summary index is in the form of a table report. Why isn't the table report getting generated? The event logs get displayed but i need the original saved report displayed.

Tags (1)
0 Karma
Reply

lguinn2
Legend
‎11-26-2012 11:07 AM

Assume you created the summary index with the a saved search named "index usage" that looks like this:

yoursearchhere | sistats count by fx fy fz

You should not be saving your search results in the _internal index!! They should be saved in a summary index; there is a default summary index, named summary. A Splunk admin can create other summary indexes, but I will use summary for this example.

Then you retrieve the results with this search:

index=summary search_name="index usage" | stats count by fx fy fz

Note that this search ends with the same command as the first search, but substituting the stats command for the sistats.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...