Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

info_search_time vs search_now?

the_wolverine
Champion
‎11-27-2012 03:01 PM

What is the difference between the info_search_time vs search_now fields in my summary data?

Tags (2)
0 Karma
Reply

feorlen
Splunk Employee
Splunk Employee
‎04-11-2013 03:40 PM

info_search_time is the time it actually ran, search_now is when it was scheduled to run. You can sorta kinda see that by looking at info_search_time for addinfo (which is how some fields are generated) but there isn't much documented about the actual contents of the summary events. (I didn't go look at older versions of the docs to see if there was more before the si commands existed.)

Manually configure a search to populate a summary index

Reply
Get Updates on the Splunk Community!

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...