Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What is the earliest and latest for running a backfill script in realtime?

Dark_Ichigo
Builder
‎05-30-2012 10:00 PM

I want to run a backfill script to create a summary index, I want to do this in realtime!

I have tried using the rt but it doesnt seem to work as I have seen other questions about this only working under times.conf.

How can I run a backfill script in realtime, I would Like an example and not just what I need to put in the limits.conf

Thanks

0 Karma
Reply

daskuntal
Path Finder
‎08-17-2012 01:56 PM

Yes, you already answered your question. I believe what you are trying to do is exactly what a Summary Indexed search is supposed to do. Perform a scheduled search to populate the summary index. The problem with taht is, you will only start fillign up the index from the moment you created & started the running the Search.

What backfill script does is goes back in time & pre-fills the Summary Index with data from whoever many months you want to go back to.

Hope that clarifies your question.

0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎05-30-2012 10:44 PM

It's not possible to create a summary index in real time.

0 Karma
Reply

Dark_Ichigo
Builder
‎05-30-2012 11:31 PM

I want to run a backfill script to populate my summary index, the backfill script runs everyday via a cron job.

Can this be done without a backfill script and just a scheduled saved search with summary indexing enabled?

0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎05-30-2012 11:15 PM

I don't think I understand what you mean by backfill, or what you expect backfill is supposed to do.

0 Karma
Reply

Dark_Ichigo
Builder
‎05-30-2012 10:50 PM

Then whats the point of running a Backfill if you can just schedule a saved to populate a summary index?

Whats the closest to running a summary index in realtime?

0 Karma
Reply
Get Updates on the Splunk Community!

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...