Summary indexing is a simple but very useful feature in Splunk, which allows you to summarize large amounts of data into smaller subsets, based on defined search criteria. This summarized data is usually stored in a separate index from where the original data exists and is typically a lot smaller in size. Reporting over the smaller summary index rather than the original data will be a lot faster. Additionally, as the summary index is smaller, you will be able to retain data for longer periods of time, which is key for long-term trending and predictive analytics. Summary indexing is the only method to keep data longer than the retention time of the index that stores the raw events; the other summarization methods need ...