Lognalytics Technology
The addinfo command in splunk is used to enhance the information about a particular event which is not shown in the _raw events, Hence in order to get more information we use addinfo command –
This command comes with its own functions which can be used with this command like –
- Info_search_time – using this you will get an exact time of the search query when it is executed
- Info_sid – using this command you will get the search id and so on..
Addinfo command adds fields to each event that contain common information about the search. This command is primarily an internally-used elements of Summary Indexing.
Syntax:
addinfoThe addinfo command adds the following fields to each event:
| Field | Description |
| info_min_time | The earliest time of the search. |
| info_max_time | The latest time of the search. |
| info_sid | Search ID that generated the event. |
| info_search_time | The time when the search was run. |
Before using addinfo command:
index=* | stats c by metric_unitResults before using addinfo command:
After using addinfo command:
index=* | stats c by metric_unit | addinfoResults after using addinfo command:
Explanation:
Th addinfo command automatically adds the time factor in the _raw events containing all the values which are responsible for searching with a specific timerange it was searched for.
Also looking more more such commands in splunk: CLICK HERE
If you are still facing issue regarding this topic, Feel free to Ask Doubts in the Comment Box Below and Don’t Forget to Follow us on social platforms, Happy Splunking >
GIPHY App Key not set. Please check settings