Knowledge Management

apparent dedup which sometimes occurs in summary index

New Member

in rt index we have duplicates of the events but not finding same duplicates in summery indexes.Can some one tell me what might be the case?

Labels (1)
0 Karma

Esteemed Legend

If you are not doing an aggregation before dumping to summary index then you are doing it all wrong.

0 Karma

please share your search query writing to summary index and some duplicate event examples

0 Karma


Have you checked the search that populates the summary-index?

If this reply helps you, an upvote would be appreciated.
0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes and swag!