Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

summary index without using si-commands

amitsehgal
Path Finder
‎05-23-2012 08:52 AM

Hi Folks,

Can i create summary without using sistats, sicharts etc. My search outputs a table as i don't require to use inbuilt functions like avg, first, count etc. Hence I cannot use one of these si commands. I was wondering if i can just use table field1,filed2, field3 | | addinfo | collect index=summary addtime=t marker=info_search_name=somesearchname ?

Thanks,
Amit

0 Karma
Reply

lguinn2
Legend
‎12-04-2012 08:30 PM

Yes, you can. But it is not nearly as simple as using the si- commands. I would suggest that you also examine report acceleration in Splunk 5.x - but I don't think that will work for your case.

Look here for info: Configure Summary Indexes

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Celebrating the Winners of the ‘Splunk Build-a-thon’ Hackathon!

We are thrilled to announce the winners of the Splunk Build-a-thon, our first-ever hackathon dedicated to ...

Why You Should Register for Splunk University at .conf25

Level up before .conf25 even begins Splunk University is back in Boston, September 6–8, and it’s your chance ...

Building Splunk proficiency is a marathon, not a sprint

Building Splunk skills is a lot like training for a marathon. It’s about consistent progress, celebrating ...
Top