Solved: Splunk Cloud new index does not show in list of su...

vy · ‎06-28-2024

I built a new index intended for storing a report of some very heavily modified and correlated vulnerability data. I figured the only way to get this data to properly math the CIM requirements was through a lot of evals and lookup correlations. After doing all of that I planned on spitting it back into a summary index and have that be part of the Vulnerability data model.

Anyway, I scheduled the report and enabled summary indexing but my new index doesn't show up in the list of index. I noticed a few indexes are missing from the list. And also the filter doesn't even work lol. indexes that are clearly visible in the list do not filter in when you type the name of the index. Very strange.

I'm an admin and I've done this a few times previously. This particular index is just giving me issues. Not sure what I need to do besides delete it and rebuild it.

vy · ‎06-28-2024

The cache for the summary index drop-down is apparently a bit too small for our environment. I noticed it was missing everything after the Ts so I deleted my index (started with a V) and put it at the top of the alphabet. Sure enough, there it was.

View solution in original post

vy · ‎06-28-2024

The cache for the summary index drop-down is apparently a bit too small for our environment. I noticed it was missing everything after the Ts so I deleted my index (started with a V) and put it at the top of the alphabet. Sure enough, there it was.

Splunk Cloud new index does not show in list of summary indexes for scheduled reports.

kvstore

lookup

summary indexing

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?