...rom the summaryindex via rest api of a search head. We also use the summaryindexfor historic searching over longer periods of time, like day/weeks vs minutes or hours.
My question is whether a s...
Hi there!
Is there a search command that will allow me to look up results from a "saved result"? I'm looking for ways I could speed up my populating search. My populating search is taking too l...
...rocessed data.
for instance - if i have a firewall event that has a new unseen public IP, i want to store some data from that event, as well as some new fields from lookups, iplocation command.
now i...
...ith the results of a search, but in this case the data summary is actually a special summaryindex that is built and stored on the search head. Usesummaryindexingforincreasedreportingefficiency s...
...m a bit confued when to use the collect command.
I have configured the search (report) with the summaryindex, but nothing happened...
What am I doing wrong?
I am trying to make a summaryindexfor data in April 2014.
Using the current default search and joins, and to query more than 25 GB of data takes more than 35 seconds of time.
I want to use a...
Hi,
I have a search that will fetch about 5 GB of application logs. In order not to put load on the Splunk instance and slow search output, i am planning to use "SummaryIndexing" using the new S...
Hi Splunkers,
I am pretty new to the concept of Summaryindexing, would like some more detailed explanation with examples of why Summaryindexing is used. My broad understanding is that Summaryindexing...
If my index is set for 30 day retention, is it possible to have a data model summaryfor a longer period? Is the data model storing its... cumulative .. results separate from the index?
Thanks.