Splunk Search

What is the difference between search and real-time search? Doesn't a search provide real-time data?

Roopaul
Explorer

What is the difference between search and real-time search? Doesn't the search provide the real-time data?

Tags (2)
0 Karma
1 Solution

skoelpin
SplunkTrust
SplunkTrust

There is a difference.. If you select Real Time search for 15 minutes then it will bring in the past ~15 minutes of data but is relative and will bring in new events as the time changes. So if you were to set a search for 15 minutes (Not real time) then it will only bring search results for the last 15 minutes and will not bring in new events.

View solution in original post

andrewb_splunk
Splunk Employee
Splunk Employee

The definition of real-time search in the Splunk documentation Splexicon is also useful: http://docs.splunk.com/Splexicon:Realtimesearch.

skoelpin
SplunkTrust
SplunkTrust

There is a difference.. If you select Real Time search for 15 minutes then it will bring in the past ~15 minutes of data but is relative and will bring in new events as the time changes. So if you were to set a search for 15 minutes (Not real time) then it will only bring search results for the last 15 minutes and will not bring in new events.

Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...