Knowledge Management
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Summary Index : Results not generated

mike7860
Explorer
‎11-26-2012 07:16 AM

I saved and scheduled a search by the name index usage. I am trying to use summary indexing but cannot get the results displayed. I have selected the default index as summary.

In in order to test the summary indexing performance, i am using the following search

index=summary search_name="index usage". The screen displayes no matching data.

If this information is useful, I have tried to schedule the search at evry 9:00 a.m.

Your help is highly recommended as I have been working on this issue for the past two weeks and still unable to resolve the issue.

Tags (1)
0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎11-26-2012 09:40 AM
  • look at all your summary searches results with index=summary | stats count by search_name
  • try with underscore instead of spaces index=summary search_name="index_usage"
  • double check that you have permission to search on other indexes
  • look in other indexes index=* search_name="index*usage"

If you do not find any results :

  • test the search manually (to see the results)
  • check that the search ran a least one in the scheduler index=_internal source=*scheduler.log* "index*usage"
  • check for files stuck in the spooler $SPLUNK_HOME/var/run/spool/splunk (temporary csv files of the results ready to be indexed to the summary index, if they are not deleted after indexing, then they were not indexed.)
  • check that you can actually index things (in case of complex forwarding setup)
Reply

jonuwz
Influencer
‎11-26-2012 07:58 AM

Can you post the search that populates the summary index?

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...