search time

search time


Refers to the period of time beginning when a search is launched and ending when it finishes. During search time, certain types of event processing take place, such as search time field extraction, field aliasing, source type renaming, event type matching, and so on.

In the context of Splunk Observability Cloud, use search-time rules to transform your data, or a designated subset of your data, during a unique search in Log Observer. The transformation is temporary, occurring only in the search results, not in the data itself.

For more information

In Managing Indexers and Clusters:

In Splunk Observability Cloud documentation: