Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

why indexed fields are not creating when i collect data to summary index

nagendraDumpala
Engager
‎07-08-2020 05:29 AM

Hello,

I have created indexed fields at the time of indexing, then i executed the tstats query, and it's working fine.

But when i collect resulted data into summary index using splunk collect command, my tstats is not working on summary index.

| tstats latest(result._time) as _time ,values(result.relational_correlationId) as relational_correlationId,values(result.tracePoint) as tracePoint where index="hec_example1" by result.environment,result.businessGroup,result.appName,result.interfaceName,result.correlationId | table _time,tracePoint | collect index="summary_mt"

 

tstats is not working on summary index(I have configured fields.conf as well)

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Greetings, Splunk Cloud Admins and Splunk enthusiasts! The Admin Configuration Service (ACS) team is excited ...