Splunk Search

What is the difference between search and real-time search? Doesn't a search provide real-time data?

Roopaul
Explorer

What is the difference between search and real-time search? Doesn't the search provide the real-time data?

Tags (2)
0 Karma
1 Solution

skoelpin
SplunkTrust
SplunkTrust

There is a difference.. If you select Real Time search for 15 minutes then it will bring in the past ~15 minutes of data but is relative and will bring in new events as the time changes. So if you were to set a search for 15 minutes (Not real time) then it will only bring search results for the last 15 minutes and will not bring in new events.

View solution in original post

andrewb_splunk
Splunk Employee
Splunk Employee

The definition of real-time search in the Splunk documentation Splexicon is also useful: http://docs.splunk.com/Splexicon:Realtimesearch.

skoelpin
SplunkTrust
SplunkTrust

There is a difference.. If you select Real Time search for 15 minutes then it will bring in the past ~15 minutes of data but is relative and will bring in new events as the time changes. So if you were to set a search for 15 minutes (Not real time) then it will only bring search results for the last 15 minutes and will not bring in new events.

Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...