Create Search

5 min

description initiates a new search in cisco splunk with the specified output mode, returning the search id for subsequent operations endpoint url services/search/jobs method post inputs parameters (object) output mode (string) – required headers (object) content type (string) data body (object) search (string) output output parameters status code (number) reason (string) json body (object) links (object) origin (string) updated (string) generator (object) build (string) version (string) entry (array) name (string) id (string) updated (string) links (object) alternate (string) search telemetry json (string) search log (string) events (string) results (string) results preview (string) timeline (string) summary (string) control (string) published (string) author (string) content (object) cansummarize (boolean) cursortime (string) defaultsavettl (string) defaultttl (string) delegate (string) diskusage (number) dispatchstate (string) doneprogress (number) dropcount (number) earliesttime (string) eventavailablecount (number) eventcount (number) eventfieldcount (number) eventisstreaming (boolean) eventistruncated (boolean) eventsearch (string) eventsorting (string) indexearliesttime (number) indexlatesttime (number) isbatchmodesearch (boolean) isdone (boolean) iseventspreviewenabled (boolean) isfailed (boolean) isfinalized (boolean) ispaused (boolean) ispreviewenabled (boolean) isrealtimesearch (boolean) isremotetimeline (boolean) issaved (boolean) issavedsearch (boolean) istimecursored (boolean) iszombie (boolean) is prjob (boolean) keywords (string) label (string) latesttime (string) numpreviews (number) optimizedsearch (string) phase0 (string) phase1 (string) pid (string) priority (number) provenance (string) reducesearch (string) remotesearch (string) reportsearch (string) resultcount (number) resultisstreaming (boolean) resultpreviewcount (number) runduration (number) sampleratio (string) sampleseed (string) savedsearchlabel (string) scancount (number) search (string) searchcanbeeventtype (boolean) searchearliesttime (number) searchlatesttime (number) searchtotalbucketscount (number) searchtotaleliminatedbucketscount (number) sid (string) statusbuckets (number) ttl (number) workload action information (string) workload pool (string) performance (object) command eval (object) duration secs (number) invocations (number) input count (number) output count (number) command fields (object) invocations (number) input count (number) output count (number) command noop (object) invocations (number) input count (number) output count (number) command prestats (object) duration secs (number) invocations (number) input count (number) output count (number) command stats (object) invocations (number) input count (number) output count (number) command stats execute input (object) invocations (number) input count (number) output count (number) command stats execute output (object) invocations (number) input count (number) output count (number) command summaryindex (object) invocations (number) input count (number) output count (number) command tstats (object) duration secs (number) invocations (number) input count (number) output count (number) command tstats query tsidx (object) duration secs (number) invocations (number) command where (object) duration secs (number) invocations (number) input count (number) output count (number) dispatch createdsearchresultinfrastructure (object) duration secs (number) invocations (number) dispatch evaluate eval (object) invocations (number) dispatch evaluate fields (object) invocations (number) dispatch evaluate stats (object) invocations (number) dispatch evaluate summaryindex (object) invocations (number) dispatch evaluate tstats (object) duration secs (number) invocations (number) dispatch evaluate where (object) invocations (number) dispatch fetch rcp phase 0 (object) duration secs (number) invocations (number) dispatch finalwritetodisk (object) invocations (number) dispatch localsearch (object) duration secs (number) invocations (number) dispatch stream local (object) duration secs (number) invocations (number) dispatch writestatus (object) duration secs (number) invocations (number) startup configuration (object) duration secs (number) invocations (number) startup handoff (object) duration secs (number) invocations (number) fieldmetadatastatic (object) time (object) type (string) host (object) type (string) groupby rank (string) sourcetype (object) type (string) groupby rank (string) fieldmetadataresults (object) time (object) type (string) host (object) type (string) groupby rank (string) sourcetype (object) type (string) groupby rank (string) messages (array) type (string) text (string) request (object) allow partial results (string) auto cancel (string) auto pause (string) buckets (string) earliest time (string) index earliest (string) index latest (string) indexedrealtime (string) indexedrealtimeminspan (string) indexedrealtimeoffset (string) latest time (string) lookups (string) max count (string) max time (string) reduce freq (string) rt backfill (string) rt maximum span (string) sample ratio (string) spawn process (string) time format (string) ui dispatch app (string) ui dispatch view (string) searchproviders (array) acl (object) perms (object) read (array) write (array) owner (string) modifiable (boolean) sharing (string) app (string) can write (boolean) ttl (string) paging (object) total (number) perpage (number) offset (number) response headers header type date string expires string cache control string content type string x content type options string content length string content encoding string vary string connection string x frame options string server string