Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

why indexed fields are not creating when i collect data to summary index

nagendraDumpala
Engager
‎07-08-2020 05:29 AM

Hello,

I have created indexed fields at the time of indexing, then i executed the tstats query, and it's working fine.

But when i collect resulted data into summary index using splunk collect command, my tstats is not working on summary index.

| tstats latest(result._time) as _time ,values(result.relational_correlationId) as relational_correlationId,values(result.tracePoint) as tracePoint where index="hec_example1" by result.environment,result.businessGroup,result.appName,result.interfaceName,result.correlationId | table _time,tracePoint | collect index="summary_mt"

 

tstats is not working on summary index(I have configured fields.conf as well)

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Good Sourcetype Naming

When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Splunk App for Anomaly Detection End of Life Announcement

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...