Knowledge Management

Summary Index: Why is a search that took less time before taking much longer now?



I am running a saved search(every 5 min) to populate a summary index using collect command.

Now the search on the summary index is taking too much time to give results. Earlier it was not taking as much time.

What could be the reason for this delay in giving results? Ideally search query on summary index should give results quickly right?

When i searched _internal index for errors, i saw error msg "ERROR IndexScopedSearch - STMgr::distinct_apply_terms failed (rc=-33) while scanning for _indextime bounds in bucket".

Is this error related to my issue?

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...