addinfo
Description
Adds fields to each record containing general search information: the start and end time boundaries of the search, the start time of the execution, and its ID.
Syntax
| addinfo
| Field | Description |
|---|---|
info_min_time | The start time boundary of the search. |
info_max_time | The end time boundary of the search. |
info_search_time | The start time of the search. |
info_sid | The search ID. |
Query Examples
Example №1
source server_warnings
| addinfo
Example №2
source server_warnings
| addinfo
| rename info_min_time as start, info_max_time as end
Example №3
source server_warnings
| addinfo
| eval start = info_min_time, end = info_max_time