I don't see the real time option in the time range picker. I do have queries to search in real time.
The realtime search is a capability setup for roles and if you don't see that option means your current doesn't have that capability (See this for info on capabilities).
Realtime searches are expensive on resources and in most cases, you can get away with running some more frequent historical searches. What is your requirement for running real-time searches?
The realtime search is a capability setup for roles and if you don't see that option means your current doesn't have that capability (See this for info on capabilities).
Realtime searches are expensive on resources and in most cases, you can get away with running some more frequent historical searches. What is your requirement for running real-time searches?
I need it to view the linechart updating in realtime.
Thank you for your reply . If I dont have the access is there any way to view chart in realtime
Nopes... Work with you Splunk administrator to get the required access.