Splunk Cloud Platform

Splunk Cloud Platform Splunk Enterprise Data Management Splunk Observability Cloud Splunk IT Service Intelligence AppDynamics SaaS AppDynamics On-Premises AppDynamics SAP Agent Splunk Enterprise Security 8 Splunk Enterprise Security 7 Splunk SOAR Security Offerings Release Notes and Updates Supported Add-ons Splunk Style Guide

Splunk Cloud Platform Splunk Enterprise Data Management Splunk Observability Cloud Splunk IT Service Intelligence AppDynamics SaaS AppDynamics On-Premises AppDynamics SAP Agent Splunk Enterprise Security 8 Splunk Enterprise Security 7 Splunk SOAR Security Offerings Release Notes and Updates Supported Add-ons Splunk Style Guide

Splunk Cloud Platform

Splunk Cloud Platform Contents

Get Started

Administer

Search

SPL2 Search Reference

addinfo command

addinfo command: Overview, syntax, and usage

Manage Knowledge Objects

Leverage REST APIs

Release Notes

Analytics and Insights

Create Dashboards and Reports

Alert and Respond

Apply Machine Learning

Data Sources

Get Data In

Ingest Data from Cloud Services

Forward and Process Data

Process Data at the Edge

Process Data at Ingest Time

Collect Stream Data

Connect Relational Databases

Common Information Model

InfoSec App for Splunk

OT Intelligence

Using Splunk Mobile

REST API Reference

SPL Search Reference

Splunk Validated Architectures

Developing Views and Apps for Splunk Web

MCP Server for Splunk Platform

addinfo command: Overview, syntax, and usage

The SPL2 addinfo command adds fields to each event. These fields contain global, common information about the search.

The SPL2 addinfo command adds fields to each event. These fields contain global, common information about the search. This command is primarily an internally-used component of Summary Indexing. See Use summary indexing for increased search efficiency

Syntax

The required syntax is in bold.

addinfo

Usage

This command expects events. You can't use this command after an SPL2 command that returns summary information, such as the stats command.

The following fields are added to each event when you use the addinfo command:

info_min_time. The earliest time boundary for the search, in UNIX time.
info_max_time. The latest time boundary for the search, in UNIX time.
info_search_time The time when the search was run, in UNIX time.
info_sid. The ID of the search that generated the event.

See also

addinfo command

addinfo command: Examples

Last updated: January 16, 2026

Explore Topics

Splunk Cloud Platform

Splunk Enterprise

Data Management

Splunk Observability Cloud

Splunk IT Service Intelligence

AppDynamics SaaS

AppDynamics On-Premises

AppDynamics SAP Agent

Splunk Enterprise Security 8

Splunk Enterprise Security 7

Splunk SOAR

Security Offerings

Release Notes and Updates

Supported Add-ons

Splunk Style Guide

©2005-2025 Splunk Inc. All rights reserved.