Documentation > Splunk > Search Reference > addinfo

Search Reference

 


Introduction
Search Overview
Search Reference Overview
Search Commands and Functions
Search Command Reference
Custom Search Commands
Internal Search Commands
Search in the CLI

addinfo

Contents

addinfo

Synopsis

Add fields that contain common information about the current search.

Syntax

| addinfo

Description

Adds global information about the search to each event. Currently the following fields are added:

  • info_min_time: the earliest time bound for the search
  • info_max_time: the latest time bound for the search
  • info_sid: ID of the search that generated the event
  • info_search_time: time when the search was executed.

Examples

Example 1: Add information about the search to each event.

... |addinfo

See also

search

Answers

Have questions? Visit Splunk Answers and see what questions and answers the Splunk community has using the adinfo command.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.2.3/SearchReference/Addinfo"

This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 , 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 , 4.3.3 , 4.3.4 , 4.3.5 , 4.3.6 , 5.0 , 5.0.1 , 5.0.2 View the Article History for its revisions.


Comments

Thanks, Lalleman! Corrected.

Sophy, Splunker
August 16, 2012

Is there a typo above, or did something change? In 4.3.3, addinfo is returning "info_sid" not "info_search_id".

Lalleman
August 10, 2012

You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!