|
I'm attempting to populate a summary index with results based on this search: sourcetype=release-log OR sourcetype=selector-web | localop | geoip client_ip | sistats count AS TotalRequests BY client_ip_countryname the non "sistats" version of this search does return valid results. "client_ip" is a search time field extraction and client_ip_countryname is generated by the output of geoip. when i schedule the search above to populate the summary index using "sistats", the saved search statuses claim that each run is returning about 9000 results. However, when i try to search against at the summary index none of the results appear to have been stored in the index. I have two other summary index populating searches working (though they use sitimechart, not sistats) so I know my index itself is ok. any ideas on what could be wrong? |
Refine your search:
- Apps & Questions
- Apps
- Questions
- Users
- Tags
Markdown Basics
- *italic* or _italic_
- **bold** or __bold__
- link:[text](http://url.com/ "Title")
- image?
- numbered list: 1. Foo 2. Bar
- to add a line break simply add two spaces to where you would like the new line to be.
- basic HTML tags are also supported
Tags:
Asked: 11 Aug '11, 10:56
Seen: 427 times
Last updated: 11 Aug '11, 12:10