Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Summary Index Setup, Now How to Load Old Data?

aferone
Builder
‎02-22-2013 08:25 AM

I am using the following query to load firewall data into a summary index I've created:

host="aegis1.grc.nasa.gov" | sitop policy_id

This query runs every 5 minutes and it working well.

However, now, I want to be able to "backfill" data into this summary index, using past firewall data. How is this done? I tried scheduling the query from the beginning of the year, but I'm not sure if it worked.

Any ideas?

Thanks!

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

aferone
Builder
‎02-22-2013 08:47 AM

OK, I've just discovered the fill_summary_index.py script! 🙂

http://docs.splunk.com/Documentation/Splunk/4.1.5/Knowledge/Managesummaryindexgapsandoverlaps#Use_th...

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

aferone
Builder
‎02-22-2013 08:47 AM

OK, I've just discovered the fill_summary_index.py script! 🙂

http://docs.splunk.com/Documentation/Splunk/4.1.5/Knowledge/Managesummaryindexgapsandoverlaps#Use_th...

0 Karma
Reply
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...