Refine your search:

summary index without using si-commands

0

Hi Folks,

Can i create summary without using sistats, sicharts etc. My search outputs a table as i don't require to use inbuilt functions like avg, first, count etc. Hence I cannot use one of these si commands. I was wondering if i can just use table field1,filed2, field3 | | addinfo | collect index=summary addtime=t marker=info_search_name=somesearchname ?

Thanks, Amit

asked 23 May '12, 08:52

amitsehgal's gravatar image

amitsehgal
31118
accept rate: 0%

edited 04 Dec '12, 20:28

lguinn's gravatar image

lguinn ♦
11.0k5723
One Answer:
oldestnewestmost voted
0

Yes, you can. But it is not nearly as simple as using the si- commands. I would suggest that you also examine report acceleration in Splunk 5.x - but I don't think that will work for your case.

Look here for info: Configure Summary Indexes

link

answered 04 Dec '12, 20:30

lguinn's gravatar image

lguinn ♦
11.0k5723
accept rate: 28%

edited 26 Dec '12, 09:31

ChrisG's gravatar image

ChrisG ♦
2.8k46
Post your answer
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×235
×156
×76
×17

Asked: 23 May '12, 08:52

Seen: 563 times

Last updated: 26 Dec '12, 09:31

Related questions

summary indexing, "si-" commands

Summary Index & sistats

summary indexing manual with sistats list

SISTATS vs STATS

Using Summary Index Data

summary index & permissions

sistats - Which stats functions can be used on the final search?

Summary Indexing (or nice monthly stats from data)

Copyright © 2005-2012 Splunk Inc. All rights reserved.