I have found a search in the charge back application that might fit for seeing the SVC's by index.  Unfortunately that's how my company manages costs, by index.  The search is good, but I'm still having issues getting just the SVC's and index as my return:  I did modify it from one day to 1 month, but I only want it to bring back for one month and thus have only one line of results.   Any help would be appreciated.

index=summary source="splunk-ingestion"
| `sim_filter_stack(myimplementation)`
| dedup keepempty=t _time idx st
| stats sum(ingestion_gb) as ingestion_gb by _time idx
| eventstats sum(ingestion_gb) as total_gb by _time
| eval pct=ingestion_gb/total_gb
| bin _time span=1m
| join _time
[ search index=summary source="splunk-svc-consumer" svc_consumer="data services" svc_usage=*
| fillnull value="" svc_consumer process_type search_provenances search_type search_app search_label search_user unified_sid search_modes labels search_head_names usage_source
| eval unified_sid=if(unified_sid="",usage_source,unified_sid)
| stats max(svc_usage) as utilized_svc by _time svc_consumer search_type search_app search_label search_user search_head_names unified_sid process_type
| timechart span=1m sum(utilized_svc) as svc_usage ]
| eval svc_usage=svc_usage*pct
| timechart useother=false span=1m sum(svc_usage) by idx limit=200