Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What search commands are supported by real-time searches?

Jason
Motivator
‎03-05-2013 02:15 AM

What search commands are supported by real-time searches?

I can't find this information in the manual.

Tags (2)
0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎04-26-2013 12:44 PM

Quoting from the Search Manual topic, About real-time searches: "Real-time searches can take advantage of all Splunk search functionality, including advanced functionality like lookups, transactions, and so on. We've also designed search commands that are to be used specifically in conjunction with real-time searches, such as streamstats and rtorder."

0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎09-27-2013 08:09 AM

Thanks, Jason. I will have the writer for the Search Manual look into that and update the docs!

0 Karma
Reply

Jason
Motivator
‎09-27-2013 02:33 AM

Evidently that's not completely true, as you get an error "This command is not supported in a real-time search" when you try to run an | inputlookup in a real time search. Also, appends don't work, and don't give errors.

index=_internal | stats count by host | append [inputlookup allhosts] | stats max(count) as count by host works as expected on a non-RT search but doesn't show any values in the lookup that are not in the main seach when changed to RT.

0 Karma
Reply

Jason
Motivator
‎04-26-2013 03:56 AM

Bump. There must be a listing of these somewhere?

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...