Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
796 results
Sorted by:
04-15-2018
10:18 AM
Could anyone please provide the difference between addinfo and search
Please
Show results in replies (5)
-
...ommand, it is a filter and any events or rows that do not match the terms get dropped. Addinfo does not a...
-
| addinfo is used to add search meatdata to the search results where search is used to search e...
-
@logloganathan could you provide the reason for finding the difference between addinfo and s...
-
All | addinfo does is tell you some basic things about your search job (timepicker settings, j...
-
1)I just reported your comment and i never down-voted. 2) I want to get difference between addinfo...
09-25-2012
11:43 AM
I asked a few weeks ago how to get the total duration of my search timeframe and was told to use addinfo. Got it working out but when I made my search more complex by outer-joining to a subsearch i...
01-17-2019
12:55 AM
...nfo_max_time..
This is in 6.6.2 splunk Enterprise-Here it will give correct results in single right side is results of addinfo query.
This is the default time for date picker
<input t...
08-15-2017
08:23 PM
The new fields that are created when using the addinfo cmd
info_min_time The earliest time boundary for the search.
info_max_time The latest time boundary for the search.
How are they c...
10-15-2018
05:53 AM
1 Karma
...but doesn't work in 7. I have a tstats command that requires earliest/latest parameters, then pipes to an addinfo command, but I think I'm getting two different results. It appears that I only g...
08-02-2019
03:10 AM
I want to change the time range of my search by using addinfo. Below is my search query:
index =xxx sourcetype = xxx source="xxx/new_offers_web_*.log" Channel="web" Page="accthub" Placement="t...
02-20-2019
06:37 AM
Hi all,
Previously I've used "search_now" to determine the start time of a late-running scheduled search. This appears not to work anymore. Has this been deprecated? I can still use info_min_time,...
04-22-2020
05:58 AM
...earch, however it doesn't return any events:
foo| timechart count span=1h
| where strftime(_time, "%A %H")==strftime(latest,"%A %H")
I tried using addinfo, but to no avail:
foo
| addinfo...
07-08-2013
01:29 PM
5 Karma
Ok I'm rewriting this question as it has become much simpler than before. All I need to do is have a way the get the length of the current time range I am searching over (as a variable I hope) so tha...
02-10-2015
07:45 AM
1 Karma
Hi,
i have a problem with those fields. I use them in my query to calculate some average statistics.
When i select "All time" in the timerange i get:
info_max_time = "+Infinity"
info_min_...
