Hi,
Is it possible to create Indexed-Fields with the help of collect Command from the splunk search ?
Hi @manikanthkoti,
when you use the collect command, you save the search results in a summary index that's and index with asll indexed fields.
So you have to create your search ending with the table command and store results in a summary index.
Then you can search on the summary index that's more performant.
see the documentation at https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Collect
see also mcollect and tscollect.
Ciao.
Giuseppe
Hi @gcusello ,
Thank you very much for your response.
Already we have tried the same thing.
Here Problem is we are able to store the table results to summary index using collect.
But we are unable perform tstats on these summary index fileds.
Can you please help us in this.
Regards,
Manikanth
Hi @manikanthkoti,
to use tstats you have to use tscollect instead collect, but tscollect is deprecated, so you could use a Data Model.
Ciao.
Giuseppe