Creating Summary Index based on logic

Kirthika · ‎06-16-2023

I have 3 panels. Each panels have the same query except 2nd line which contains patterns.

Eg. index="index_name" source="input.txt"

some regex pattern line ( only this line will be different in all three panels)

table id Action

All remaining lines will be same in all three panels.

How to create one summary index and implement as base search for all three panels

VatsalJagani · ‎06-16-2023

@Kirthika - Few questions:

Why do you need a summary index?
Are you looking to do this for the dashboard, right?
You need to explain the second line, and what it has in order to give you some suggestion.
- Like, regex is _raw based, or any specific field.
Maybe give your existing searches to understand more. (You can mask the critical values before copy-pasting on the community.)

ITWhisperer · ‎06-16-2023

Why do you want a summary index, just use a base search?

Kirthika · ‎06-16-2023

Thanks. But didn't get idea how to implement base search when only second line changes

ITWhisperer · ‎06-16-2023

Your base search would have the first line. Your panel searches would have the second lines followed by the common lines. You could put these in a macro if you want them all to use the same code.

Creating Summary Index based on logic

Analytics Workspace

development

using Splunk Cloud

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform