I am trying to build a summaryindex to pull a week over week comparison of specific applications. The below query works normally, but for efficiency reasons I would like to place this in a summaryindex...
...o not seem to be available, only internal and summary and a new index which has been created on the search head.
What is the best practice to follow here as far as removing any configurations r...
Good day!
May i ask you guys a favor can you tell us on how we can use Summaryindexing or how to configure it? i have already seen the document about summaryindexing but i'm still didn't u...
...INEVENTLOG_SYS_ENABLE=1 AGREETOLICENSE=Yes /quiet from Install a Windows universal forwarder . The same for Linux with the command ./splunk add monitor /var/log from Configure the universal forwarder using configur...
...esult, Question: How to create the summaryindex based on above query? I found that all the summaryindex command are below 5 si commands per this official document h...
Hi Team, Can you please let me know what should be the configuration done at the heavy Forwarder Splunk instance so that the saved search results that are indexed into the Summaryindex can be f...
In the documentation about using summaryindexes it says at step 8:
Select a summaryindex. The default
summaryindex is named summary. The
list only displays indexes to which
you have p...
Hi , I have two searches joined using join command. The first search i need to run earliest=-60mins and the second search is using summaryindex here i need to fetch all the results in summary...
...issing" events in an index, but what does it mean exactly (I have read the doc: configuresummaryindexing). The trouble I have is how does splunk know if there are missing events or not (how can it t...