Re: using tstats in summary index

mcohen13 · ‎04-03-2021

Hi

I have created a summary index from an existing index using tstats

but, when I try to use tstats directly on the data in the summary index it doesn't work, I can only using stats

is there a reason or a workaround?

tscroggins · ‎04-04-2021

How did you create the summary index?

mcohen13 · ‎04-04-2021

I'm using tstats for creating the data for the summary index

tscroggins · ‎04-04-2021

tstats reads data from tsidx files, but it doesn't create them. Can you provide more detailed examples?

mcohen13 · ‎04-04-2021

I am using the following search template to create the summary index:

| tstats count as event_count where (index="<index name>")
by <fields> _time span=1d
| stats sum(event_count) as event_count
by <fields>

using tstats in summary index