Solved: fill_summary_index.py is not doing dedup

luhadia_aditya · ‎01-09-2015

I am testing this script to be utilised in production and in my test-bed i found that this script is not doing the dedup, meaning even if the saved search, that populates the summary index, had run at a particular time (say 5 am), script is still triggering the search at the same moment when this time (5 am) falls in the -et #### -lt ##### range and writing the data in to summary index causing duplication >> affecting the stats badly.

Search trigger command --

/opt/splunk/bin/splunk cmd python fill_summary_index.py -app <app_name> -name '<saved_search_name>' -et 1420781400 -lt 1420788600 -dedup true -auth admin:<pwd>

I have already included the -dedup true argument.

I am aware that this -dedup true is different from the search command | dedup and its being triggered on search head (with forward data enabled to indexers) - Splunk 6.0.4 (build 207768)

Correct me if I am missing anything, thanks in advance!!

luhadia_aditya · ‎02-09-2015

Got the hack, was missing an argument of nolocal -

/opt/splunk/bin/splunk cmd python fill_summary_index.py -app -name -et -7d@d -lt @d -dedup true -nolocal true -auth admin:

View solution in original post

luhadia_aditya · ‎02-09-2015

Got the hack, was missing an argument of nolocal -

/opt/splunk/bin/splunk cmd python fill_summary_index.py -app -name -et -7d@d -lt @d -dedup true -nolocal true -auth admin:

fill_summary_index.py is not doing dedup

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation