Welcome to Splunk Yusuf,.
splunk keeps updating ur data into index as the logs are generated.
splunk uses reverse chronological time sort, which means Latest event first and earliest next.
While searching for events,
it can be either for searching,saved search are Alerting, etc..
alt text
As the data is parsed it triggers a alert
eg: if any security event is generated it must shoot up a alert where,
latest time:Now (Real time)
people talks about Real-time which is nothing but Latest event..
Keep splunking .. 🙂
... View more