Splunk Cloud Platform
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Creating Summary Index based on logic

Kirthika
Path Finder
‎06-16-2023 10:53 AM

I have 3 panels. Each panels have the same query except 2nd line which contains patterns.

Eg. index="index_name" source="input.txt"

some regex pattern line ( only this line will be different in all three panels)

table id Action

All remaining lines will be same in all three panels.

 

How to create one summary index and implement as base search for all three panels

 

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎06-16-2023 11:34 AM

@Kirthika - Few questions:

  • Why do you need a summary index?
  • Are you looking to do this for the dashboard, right?
  • You need to explain the second line, and what it has in order to give you some suggestion.
    • Like, regex is _raw based, or any specific field.
  • Maybe give your existing searches to understand more. (You can mask the critical values before copy-pasting on the community.)

 

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎06-16-2023 11:30 AM

Why do you want a summary index, just use a base search?

0 Karma
Reply

Kirthika
Path Finder
‎06-16-2023 11:32 AM

Thanks. But didn't get idea how to implement base search when only second line changes

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎06-16-2023 11:36 AM

Your base search would have the first line. Your panel searches would have the second lines followed by the common lines. You could put these in a macro if you want them all to use the same code.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...