I am using collect command but some data is missing, can you give me proper query

Hi @welcome

please try something like this:

index=your_orig_index
| table _time _raw
| collect index=new_index

but there isn't any reason to do this!

ciao.

Giuseppe

Which data is missing? Is it whole events or some fields in all events or some fields in some events? What characterises the missing data?

Not all events only some events, suppose when we see in events section we have some fields ,in that  we can see build related fileds ,we cant get the exact number of build fileds ,Job urls  and job names etc....  as in previous index ,can you please give me proper answer

You keep asking for a proper answer, but you haven't really given a proper question, or at least one that can be answered in a meaningful way.

What events did you start with?

What events have you copied?

Which events did not get copied?

How did you do the copy?

Once we know what it is you are dealing with, and what you have already tried, we might be able to advise you further.

This is the query i have tried:    index=A source=sourceA host=hostA | collect index=B source=sourceA sourcetype=sourcetypeA host=hostA   

when I select for specific time range suppose from april1 to april 30, suppose there are 2 lakh events in indexA but I am getting only 1 lakh events into indexB ,I don't know why some events are missing.

There is possibly a limit to the number of events you can add to the summary index at any one time. Try running from Apr 1 to Apr 15, and then again from Apr 16 to Apr 30, or even Apr 1 to Apr 10, Apr 11 to Apr 20 and Apr 21 to Apr 30

Just for the copy