Search

auntyem · ‎09-25-2012

I asked a few weeks ago how to get the total duration of my search timeframe and was told to use addinfo. Got it working out but when I made my search more complex by outer-joining to a subsearch i...

harishalipaka · ‎01-17-2019

...nfo_max_time.. This is in 6.6.2 splunk Enterprise-Here it will give correct results in single right side is results of addinfo query. This is the default time for date picker <input t...

jamesmoriarty · ‎10-15-2018

...but doesn't work in 7. I have a tstats command that requires earliest/latest parameters, then pipes to an addinfo command, but I think I'm getting two different results. It appears that I only g...

althomas · ‎02-20-2019

Hi all, Previously I've used "search_now" to determine the start time of a late-running scheduled search. This appears not to work anymore. Has this been deprecated? I can still use info_min_time,...

jasonmadesometh · ‎04-22-2020

...earch, however it doesn't return any events: foo| timechart count span=1h | where strftime(_time, "%A %H")==strftime(latest,"%A %H") I tried using addinfo, but to no avail: foo | addinfo...

cpeteman · ‎07-08-2013

Ok I'm rewriting this question as it has become much simpler than before. All I need to do is have a way the get the length of the current time range I am searching over (as a variable I hope) so tha...

mr_brightside · ‎02-10-2015

Hi, i have a problem with those fields. I use them in my query to calculate some average statistics. When i select "All time" in the timerange i get: info_max_time = "+Infinity" info_min_...

DalJeanis · ‎08-03-2017

I have an odd use case, where I'd like to be able to add a field naming the saved search I happen to be executing. I know that addinfo gives the SID, is there any way to get the search name?

aputz · ‎06-16-2011

Hello, I was curious if there was a way to reference a search duration for use within the search? Primarily for use inside a dashboard. If the timepicker selects a 5 day duration then the search st...

jedatt01 · ‎11-21-2014

I need figure out a way to take the earliest of a search and subtract it from the earliest of a subsearch to be used in the subsearch. I've tried using addinfo and doing a delta on the i...

Search

Search the Community

why is addinfo not working in my search?

addinfo command bug in splunk 7.1.4 version

Splunk 7.2 Tstats, Addinfo, and Earliest/Latest Bu...

"addinfo" and "search_now" -- has search_now been ...

use latest as part of where clause

Eval value based on timerange

Info_max_time and info_min_time issue

Any way to get the name of the scheduled search yo...

Search Language variable for search duration

comparing earliest of subsearch and main search