×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
captaincool07
Loves-to-Learn
Member since: 3 weeks ago
3 weeks ago
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎06-25-2025
View All

Re: Summary index or any other alternative which a...

by in Splunk Search
3 weeks ago
3 weeks ago
 @LAME-Creations   For RBAC purposes, you can just make your summary index reside on the same index that it was created for. --> if I do in this way then will it override my original index data? And how can I differentiate between both index and summary logs present in same index? We use source field to get application name in normal index.  In my case user want to see raw data as well and we need all fields to be viewed everytime. Will summary index provides raw data as well? We have index format in this way - waf_app_<appID> app ID is different for different app teams. And in dashboard I have just given index = waf_app_* in base search. What index can I give now in summary index (same as my original index)  I am very confused here... ... View more

Re: Summary index or any other alternative which a...

by in Splunk Search
3 weeks ago
3 weeks ago
@ITWhisperer what if I use data models instead of summary index? Will it serve the same purpose? And how about RBAC control for data models?  ... View more

Re: Summary index or any other alternative which a...

by in Splunk Search
3 weeks ago
3 weeks ago
Can I use data models here? Will it serve same as Summary index? What is reliable and best and most importantly aligns with RBAC created? ... View more

Summary index or any other alternative which align...

by in Splunk Search
3 weeks ago
3 weeks ago
Summary index or any alternative Hi, I have created a dashboard with 8 panels and time frame is last 5 minutes. Kept that shorter time frame booz for this platform we are receiving large chunks of data, App team want this dashboard to The run for longer time frames may be last 7 days. If we are running for last 7 days, search is taking so much time and lot of resources getting wasted. They asked for solution to implement longer time Frame with faster results I explored and found SUMMARY index as an option but never worked on it. Can this help me? We have nearly 100+ indexes in that particular platform and sourcetype is same for all. We have RBAC implemented for each index (restricting app A users to view app B logs and viceversa ) Now if I implement Summary Index here,can this RBAC sill take effect because summary index provides data for all indexes and if it used the same in dashboard.. app A user can see app B logs by any chance or set RBAC applies here over summary index? Or else suggest other alternatives as well. At the end it should align with my RBACs created. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
3 weeks ago