Knowledge Management
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Cloud new index does not show in list of summary indexes for scheduled reports.

vy
Explorer
‎06-28-2024 09:22 AM

I built a new index intended for storing a report of some very heavily modified and correlated vulnerability data. I figured the only way to get this data to properly math the CIM requirements was through a lot of evals and lookup correlations. After doing all of that I planned on spitting it back into a summary index and have that be part of the Vulnerability data model.

 

Anyway, I scheduled the report and enabled summary indexing but my new index doesn't show up in the list of index. I noticed a few indexes are missing from the list. And also the filter doesn't even work lol. indexes that are clearly visible in the list do not filter in when you type the name of the index. Very strange.

 

I'm an admin and I've done this a few times previously. This particular index is just giving me issues. Not sure what I need to do besides delete it and rebuild it.

Labels (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

vy
Explorer
‎06-28-2024 01:25 PM

The cache for the summary index drop-down is apparently a bit too small for our environment. I noticed it was missing everything after the Ts so I deleted my index (started with a V) and put it at the top of the alphabet. Sure enough, there it was.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

vy
Explorer
‎06-28-2024 01:25 PM

The cache for the summary index drop-down is apparently a bit too small for our environment. I noticed it was missing everything after the Ts so I deleted my index (started with a V) and put it at the top of the alphabet. Sure enough, there it was.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...

Unlock Instant Security Insights from Amazon S3 with Splunk Cloud — Try Federated ...

Availability: Must be on Splunk Cloud Platform version 10.1.2507.x to view the free trial banner. If you are ...