Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

summary index not showing any events

prasireddy
Explorer
‎08-27-2024 09:21 AM

hi team,
I wanted to create summary index using the following query.

Daily Request counts Last Month

 

index=service_audit REQUEST
| bucket span=d _time
| eval time_diff=round(((stopDate - startDate)/3600000),0)
| stats count as Request_Count by _time

 

 
1.I followed all the steps mentioned in the splunk.com 
2.i have created new summary index as name service_audit_summary 

prasireddy_2-1724775622090.png

3.using collect command 

 

index=service_audit REQUEST
| bucket span=d _time
| eval time_diff=round(((stopDate - startDate)/3600000),0)
| stats count as Request_Count by _time
| collect index=service_audit_summary

 

but the summary index not showing any event ?

prasireddy_0-1724775453498.png

 

prasireddy_1-1724775512077.png

 

4.even created report and tried but same problem I'm facing 
please anyone could suggest 


Thanks in advance 

Labels (2)
0 Karma
Reply

PaulPanther
Motivator
‎09-19-2024 06:21 AM

@prasireddy Sorry was on vacation the last two weeks. Are you still facing the issue?

0 Karma
Reply

PaulPanther
Motivator
‎08-29-2024 03:14 AM

Please execute your original search without testmode=true and after the execution please click on Job --> Inspect Job.

Check if you see any error message in the popup.

 

PaulPanther_0-1724926253677.png

 

0 Karma
Reply

prasireddy
Explorer
‎09-03-2024 06:38 AM

hi @PaulPanther 

This is the screen shot of Job --> Inspect Job. Please I need help on this asap.

prasireddy_0-1725370746251.png

 

0 Karma
Reply

PaulPanther
Motivator
‎08-28-2024 02:50 AM

Please set testmode=true in your collect command and please post the outcome. 

0 Karma
Reply

prasireddy
Explorer
‎08-28-2024 05:44 AM

 

Hi @PaulPanther this is screen shot after adding testmode=true

prasireddy_0-1724849048921.png

 

0 Karma
Reply

PaulPanther
Motivator
‎08-28-2024 06:19 AM

Okay, looks good. Could you please search in the summary index over all time? And please ensure you have access to the summary index.

0 Karma
Reply

prasireddy
Explorer
‎08-28-2024 07:29 AM



Hi @PaulPanther Still same I'm Facing Issue

prasireddy_0-1724855283286.png

How can check weather I have access to the summary index. could you please help me.

0 Karma
Reply

prasireddy
Explorer
‎08-28-2024 07:38 AM

Hi @PaulPanther
I believe I have access

 

prasireddy_0-1724855949193.png

 

0 Karma
Reply
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...