I am trying to build a summaryindex to pull a week over week comparison of specific applications. The below query works normally, but for efficiency reasons I would like to place this in a summaryindex...
...o not seem to be available, only internal and summary and a new index which has been created on the search head.
What is the best practice to follow here as far as removing any configurations r...
Good day!
May i ask you guys a favor can you tell us on how we can use Summaryindexing or how to configure it? i have already seen the document about summaryindexing but i'm still didn't u...
...esult, Question: How to create the summaryindex based on above query? I found that all the summaryindex command are below 5 si commands per this official document h...
...INEVENTLOG_SYS_ENABLE=1 AGREETOLICENSE=Yes /quiet from Install a Windows universal forwarder . The same for Linux with the command ./splunk add monitor /var/log from Configure the universal forwarder using configur...
In the documentation about using summaryindexes it says at step 8:
Select a summaryindex. The default
summaryindex is named summary. The
list only displays indexes to which
you have p...
Hi , I have two searches joined using join command. The first search i need to run earliest=-60mins and the second search is using summaryindex here i need to fetch all the results in summary...
...issing" events in an index, but what does it mean exactly (I have read the doc: configuresummaryindexing). The trouble I have is how does splunk know if there are missing events or not (how can it t...
...ames can be configured in the output.conf file. However, I do not know how to define server specific summaryindexes. That is, how can I configure that the results in App 1 are collected in summaryindex...