Solved: Re: Using collect for summary indexing not working

jambajuice · ‎02-04-2011

I have a search that produces a table. I am piping that search to: | collect index=vulnerabilities

When the search runs, I see a status message like: Successfully wrote file to '299100603_events.stash'.

When I search on: index=vulnerabilities, no results show up. How do I troubleshoot this?

Thanks.

Craig

jambajuice · ‎02-04-2011

I reinstalled Splunk and chose the "Repair" option and it's working now.

View solution in original post

Ron_Naken · ‎02-04-2011

If you search index=_internal, you should be able to locate references to the stash file. Once the file is indexed, you should see a message of sourcetype=splunkd that has this text in it:

INFO Metrics - group=per_source_thruput, series="$SPLUNK_HOME/var/spool/splunk/99100603_events.stash" kbps=0.067, eps=0.78, kb=1.0

Any errors should also turn up.

jambajuice · ‎02-04-2011

I reinstalled Splunk and chose the "Repair" option and it's working now.

Using collect for summary indexing not working

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

Using collect for summary indexing not working

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...