Hi All, I am trying to create summary index for Cisco ESA Textmail logs. I will then rebuild the Email data model using the summary index. The scheduled search is running correctly but when I try to search the summary index I get no events returned. How does one check that events are going into the summary index correctly? Steps Taken Created a new index called email_summary I have created a scheduled search to run every 15 minutes In the settings I have ticked 'Enable summary indexing' Saved Search   index=email sourcetype=cisco:esa:textmail | stats values(action) as action, values(dest) as dest, values(duration) as duration, values(file_name) as file_name, values(message_id) as message_id, values(recipient) as recipient, dc(recipient) as recipient_count, values(recipient_domain) as recipient_domain, values(src) as src, values(src_user) as src_user, values(src_user_domain) as src_user_domain, values(message_subject) as subject, values(tag) as tag, values(url) as url, values(user) AS user values(vendor_product) as vendor_product, values(vendor_action) as filter_action, values(reputation_score) as filter_score BY internal_message_id     Thanks, Dave ... View more