Hello, I just discovered summary indexes (Oh joy! I can have results immediately instead of waiting a few minutes) and I'm starting to use them for a lot of my searches. The question is: should I create multiple indexes, one for each summary search, or should I put all of them into one index? How efficient is Splunk at picking up summary search events from index using 'index=summary search_name="trololo"' ? "Everything in one index" is easier to use and maintain, but I want to avoid hitting a performance wall again after I accumulate some data. So, for a lots of data and tens of summary searches, is it significantly faster to do index='special-index-for-search-foo' than index='common-index' search_name='foo' ? cheers, Bob ... View more

Hi, I'm creating a form with multiple searches (let's say 10). When user selects the time range using the time input element, all these searches start at the same time. That's bad, as it creates a big load on the server and for some users it hits the concurrent search limit. Is it possible to somehow make multiple searches in a single form run in sequence instead in parallel? I know that it is possible to have one master search and use postprocess searches to drive multiple reports on a same page, however, the searches I need to present do not have much in common and this technique can not be used here. cheers, Bob ... View more