Splunk Cloud Platform
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Creating Summary Index based on logic

Kirthika
Path Finder
‎06-16-2023 10:53 AM

I have 3 panels. Each panels have the same query except 2nd line which contains patterns.

Eg. index="index_name" source="input.txt"

some regex pattern line ( only this line will be different in all three panels)

table id Action

All remaining lines will be same in all three panels.

 

How to create one summary index and implement as base search for all three panels

 

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎06-16-2023 11:34 AM

@Kirthika - Few questions:

  • Why do you need a summary index?
  • Are you looking to do this for the dashboard, right?
  • You need to explain the second line, and what it has in order to give you some suggestion.
    • Like, regex is _raw based, or any specific field.
  • Maybe give your existing searches to understand more. (You can mask the critical values before copy-pasting on the community.)

 

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎06-16-2023 11:30 AM

Why do you want a summary index, just use a base search?

0 Karma
Reply

Kirthika
Path Finder
‎06-16-2023 11:32 AM

Thanks. But didn't get idea how to implement base search when only second line changes

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎06-16-2023 11:36 AM

Your base search would have the first line. Your panel searches would have the second lines followed by the common lines. You could put these in a macro if you want them all to use the same code.

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Get Operational Insights Quickly with Natural Language on the Splunk Platform

In today’s fast-paced digital world, turning data into actionable insights is essential for success. With ...

Stay Connected: Your Guide to August Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...

Unleash the Power of Splunk MCP and AI, Meet Us at .Conf 2025, and Find Even More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
Top