addinfo
Here's the translation of the text into English with all formatting preserved:
Description
Adds fields to each record containing general search information: the start and end time boundaries of the search, the start time of the execution, and its ID.
Syntax
| addinfo
| Field | Description |
|---|---|
info_min_time | The start time boundary of the search. |
info_max_time | The end time boundary of the search. |
info_search_time | The start time of the search. |
info_sid | The search ID. |
Query Examples
Example #1
source server_warnings
| addinfo
Example #2
source server_warnings
| addinfo
| rename info_min_time as start, info_max_time as end
Example #3
source server_warnings
| addinfo
| eval start = info_min_time, end = info_max_time