Getting Data In

Compatible commands with Summary Index- Why aren't stats and chart command working?

Poojitha
Path Finder

Hi All,

I have created a summary index . I am making use of "sistats count by <fields>" to populate all the fields required. And I see those fields as well. 

The issue is - On this index I am trying to use chart command and also stats count(<field>) as test (chart command in one query and stats count in another query) but its not working. There is no results returned. Instead I use stats command and populate data to summary index , both commands are working.

Please let me know why chart and stats command are not working on the summary index that I have created using sistats command . [sichart as well not working]. I am missing some technical information here.

Regards,
PNV

Labels (1)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

I may be wrong as I haven't used sistats, although I have used summary indexes. My interpretation of the documentation is that to retrieve the stats from the summary index created by the sistats command, you have to use the exact same command apart from substituting the sistats with stats. Similarly, for sichart and chart. You cannot mix them. Therefore, the reason you are not getting results from your summary index with chart is because they were put there by sistats (not sichart).

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...