Solved: Re: what is the difference between "summary index"...

yutaka1005 · ‎03-18-2019

I think both of these function can output alert's result to index.
Then, is the difference only these?

1. "summary index" is not related to license calculation.(But "Log Event" is related to it.)
2. "Log Event" can output event data to other splunk instance.(But "summary index" can't.)

HiroshiSatoh · ‎03-18-2019

サマリーインデックスはインデックスに取り込んだログをサマリーするためのもの。ログイベントは新しいログイベントを生成するためのもの。新しいログを取り込むのでログイベントはライセンスを消費します。

View solution in original post

HiroshiSatoh · ‎03-18-2019

サマリーインデックスはインデックスに取り込んだログをサマリーするためのもの。ログイベントは新しいログイベントを生成するためのもの。新しいログを取り込むのでログイベントはライセンスを消費します。

yutaka1005 · ‎03-18-2019

English version of above answer.

The summary index is for summarizing the logs included in the index. Log events are for generating new log events. Log events consume licenses because they capture new logs.

what is the difference between "summary index" and alert action "Log Event"?

Index This | Why did the turkey cross the road?

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers

Are you a member of the Splunk Community?

what is the difference between "summary index" and alert action "Log Event"?

Index This | Why did the turkey cross the road?

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers