Knowledge Management
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

collect and summary index problem

EricPartington
Communicator
‎02-17-2012 07:36 PM

i've been running around in circles for a few hours now, cant figure this out.

I have a dev and prod environment (prod 4.2.5 and dev 4.3)

In dev environment i can run a search and use collect to write the events to the summary index

splunk_server=a |top host | collect index=summary

using the stash file name that is shown i can locate the data with this command

index=_internal 254301636_events.stash_new

i try the same thing in prod(4.2.5) and I am not able to find the data in the summary index. No errors as far as i can see relating to the index or command. No data anywhere.

Is there a difference in the collect command between 4.2.5 and 4.3?

What other troubleshooting can be done to help figure this out?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎04-23-2012 06:29 PM

Once indexed in the index=summary, you should search for it using

index=summary

If you wanted to name your results, look at the option marker
http://docs.splunk.com/Documentation/Splunk/4.3.1/SearchReference/Collect

View solution in original post

Reply
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎04-23-2012 06:29 PM

Once indexed in the index=summary, you should search for it using

index=summary

If you wanted to name your results, look at the option marker
http://docs.splunk.com/Documentation/Splunk/4.3.1/SearchReference/Collect

Reply
Register for .conf25!
Get Updates on the Splunk Community!

The Payment Operations Wake-Up Call: Why Financial Institutions Can't Afford ...

The same scenario plays out across financial institutions daily. A payment system fails at 11:30 AM on a busy ...

Make Your Case: A Ready-to-Send Letter for Getting Approval to Attend .conf25

Hello Splunkers, Want to attend .conf25 in Boston this year but not sure how to convince your manager? We've ...

Community Spotlight: A Splunk Expert's Journey

In the world of data analytics, some journeys leave a lasting impact not only on the individual but on the ...
Top