Solved: what is the difference between "summary index" and...

yutaka1005 · ‎03-18-2019

I think both of these function can output alert's result to index.
Then, is the difference only these?

1. "summary index" is not related to license calculation.(But "Log Event" is related to it.)
2. "Log Event" can output event data to other splunk instance.(But "summary index" can't.)

HiroshiSatoh · ‎03-18-2019

サマリーインデックスはインデックスに取り込んだログをサマリーするためのもの。ログイベントは新しいログイベントを生成するためのもの。新しいログを取り込むのでログイベントはライセンスを消費します。

View solution in original post

HiroshiSatoh · ‎03-18-2019

サマリーインデックスはインデックスに取り込んだログをサマリーするためのもの。ログイベントは新しいログイベントを生成するためのもの。新しいログを取り込むのでログイベントはライセンスを消費します。

yutaka1005 · ‎03-18-2019

English version of above answer.

The summary index is for summarizing the logs included in the index. Log events are for generating new log events. Log events consume licenses because they capture new logs.

what is the difference between "summary index" and alert action "Log Event"?

New Release | Splunk Cloud Platform 10.1.2507

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

Splunk New Course Releases for a Changing World

Are you a member of the Splunk Community?

what is the difference between "summary index" and alert action "Log Event"?

New Release | Splunk Cloud Platform 10.1.2507

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

Splunk New Course Releases for a Changing World