• About Preview
  • About Preview
    • Welcome to Splunk Preview!
    • Installing Splunk Preview
    • Preview license information
    • Important changes in Splunk Preview
    • About Splunk Preview documentation
    • Developers involved
    • Tell us what you think
  • Known Issues in this Preview
    • General issues
    • Windows-specific issues
• New Splunk Web features
  • Changes to Splunk Web
    • Dashboard elements
    • Admin navigation
• New search-related features
  • crawl
    • Use crawl
    • Save a crawl
    • Configure crawl
    • Command syntax
    • Arguments
    • Examples
    • crawl.conf
  • Search command: addinfo
    • Syntax
    • Arguments
    • Examples
  • Search command: collect
    • Syntax
    • Arguments
    • Examples
  • Search command: eventstats
    • Syntax
    • Arguments
    • Examples
  • Search command: makemv
    • Syntax
    • Arguments
    • Examples
  • Search command: mvcombine
    • Syntax
    • Arguments
    • Examples
  • Search command: mvexpand
    • Syntax
    • Arguments
    • Examples
  • Search command: nomv
    • Syntax
    • Arguments
    • Examples
  • Search command: overlap
    • Syntax
    • Arguments
    • Examples
  • Search command: rawstats
    • Syntax
    • Arguments
    • Examples
• New reporting features
  • Summary indexing
    • How summary indexing works
    • Search commands useful to summary indexing
    • How to configure summary indexing
  • Configure summary indexing
    • Set up summary indexing via Splunk Web
    • Configure summary indexing via savedsearches.conf
    • Other configuration files affected by summary indexing
  • Best practices for summary indexing
    • General guidelines for summary indexing
    • Aggregated statistics
    • Gaps and overlaps
• New application and configuration features
  • Applications
    • View and manage applications
    • Browse SplunkBase
  • Indexes
    • View and manage indexes
    • Create new index
  • Configuration file architecture changes
  • Automatic header-based field extraction
    • How automatic header-based field extraction works
    • Configure automatic header-based field extraction
    • Note about search and header-based field extraction
    • Examples
• New Windows features
  • Install Splunk on Windows
    • Start Splunk
    • Install or upgrade license
    • Uninstall Splunk
  • Windows registry input
    • How it works
    • Get a baseline snapshot
    • What to consider
    • Configure Windows registry input
    • Hear from the developers!
  • WMI input
    • Security and remote access considerations
    • Configure WMI input
    • Source and source type for WMI data
    • Hear from the developers!

Search command: addinfo

Summary indexing uses the addinfo command to add fields containing general information about the current search to events going into a summary index. You can also use | addinfo in any search to add general information (about the current search) to the search results. This is useful if you want to build and test searches and reports on search results before using summary indexing.

Currently, addinfo adds the following fields to each result:

• info_min_time: The earliest time bound of the search.
• info_max_time: The latest time bound of the search.
• info_search_id: The query_id of the search that generated the event.
• info_search_time: The search execution time.

Note: The fields that addinfo adds are defined in savedsearches.conf. Currently, you can't customize the fields addinfo adds to the search results.

Syntax

addinfo

Arguments

None.

Examples

Splunk Web:
This example searches Web server data and builds a report based on client IPs. It then adds fields containing general search information to the search results, returns a list sorted by unique IP addresses and by what search each event came from (query_ID).

This example searches Web server data for raw downloads and adds global data to the search results.