Summary Indexing Not Updating

Splunk Search

Hi, I wonder if someone could help me please.

We're using Enterprise V6.5.7 and we have issues in updating summary indexes using both the 'fill summary' command and scheduled searches (via cron jobs).

The jobs are shown as being run successfully but, the data is not being ingested into the Summary Index, and this is affecting multiple Summary Indexes.

However, when we run the same search in the UI using the 'collect' command, an example of which is:

collect index=summary_dg_allcode marker="report=CoDE2019Data"

The data is ingested correctly into the Summary Index.

I appreciate that the details are sketchy, basically I'm not even sure where to start looking, but I just wondered whether someone may be able to offer some guidance if they've experienced similar issues, and how they've resolved this, and /or whether they can suggest areas to look into, in greater depth?

Many thanks and kind regards

Chris

Get Updates on the Splunk Community!

Summary Indexing Not Updating

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation

Summary Indexing Not Updating

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future