Knowledge Management

Splunk Cloud new index does not show in list of summary indexes for scheduled reports.

vy
Explorer

I built a new index intended for storing a report of some very heavily modified and correlated vulnerability data. I figured the only way to get this data to properly math the CIM requirements was through a lot of evals and lookup correlations. After doing all of that I planned on spitting it back into a summary index and have that be part of the Vulnerability data model.

 

Anyway, I scheduled the report and enabled summary indexing but my new index doesn't show up in the list of index. I noticed a few indexes are missing from the list. And also the filter doesn't even work lol. indexes that are clearly visible in the list do not filter in when you type the name of the index. Very strange.

 

I'm an admin and I've done this a few times previously. This particular index is just giving me issues. Not sure what I need to do besides delete it and rebuild it.

Labels (3)
0 Karma
1 Solution

vy
Explorer

The cache for the summary index drop-down is apparently a bit too small for our environment. I noticed it was missing everything after the Ts so I deleted my index (started with a V) and put it at the top of the alphabet. Sure enough, there it was.

View solution in original post

0 Karma

vy
Explorer

The cache for the summary index drop-down is apparently a bit too small for our environment. I noticed it was missing everything after the Ts so I deleted my index (started with a V) and put it at the top of the alphabet. Sure enough, there it was.

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...