Summary Index: Why is a search that took less time...

Knowledge Management

Hello,

I am running a saved search(every 5 min) to populate a summary index using collect command.

Now the search on the summary index is taking too much time to give results. Earlier it was not taking as much time.

What could be the reason for this delay in giving results? Ideally search query on summary index should give results quickly right?

When i searched _internal index for errors, i saw error msg "ERROR IndexScopedSearch - STMgr::distinct_apply_terms failed (rc=-33) while scanning for _indextime bounds in bucket".

Is this error related to my issue?

Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability In the realm of IT operations, the ...