Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

summary index without using si-commands

amitsehgal
Path Finder
‎05-23-2012 08:52 AM

Hi Folks,

Can i create summary without using sistats, sicharts etc. My search outputs a table as i don't require to use inbuilt functions like avg, first, count etc. Hence I cannot use one of these si commands. I was wondering if i can just use table field1,filed2, field3 | | addinfo | collect index=summary addtime=t marker=info_search_name=somesearchname ?

Thanks,
Amit

0 Karma
Reply

lguinn2
Legend
‎12-04-2012 08:30 PM

Yes, you can. But it is not nearly as simple as using the si- commands. I would suggest that you also examine report acceleration in Splunk 5.x - but I don't think that will work for your case.

Look here for info: Configure Summary Indexes

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of Splunk APM’s and Splunk RUM’s streaming infrastructure in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...