Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Where is Splunk creating my summary index?

a212830
Champion
‎07-23-2015 08:49 AM

Hi,
I have a customer who is scheduling a search that uses db query. He then wants to send the output of that search to a summary index. Since db connect runs from the search-head, will the summary index get created on the search-head? I'm trying to make all indexers are created on the indexers. (We are running Splunk 6.1.1)

0 Karma
Reply

bwooden
Splunk Employee
Splunk Employee
‎07-23-2015 09:03 AM

If your search head is setup as a forwarder, the summary index will be populated on the indexers. It sounds like this is what you want. That configuration (Forwarding Search Head data to Indexers) is considered a best practice. Additional information on why (& how to set that up) may be found here: http://docs.splunk.com/Documentation/Splunk/6.2.4/DistSearch/Forwardsearchheaddata.

Reply
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

Observability Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...

Security Newsletter Updates | March 2023

 March 2023 | Check out the latest and greatestUnify Your Security Operations with Splunk Mission Control The ...