Name | Default value | Description |
| id | | Required. The unique ID for this control. |
| app | The current app | Sets the namespace (the app context) to run in.
For example, let's say your app, MyApp, runs saved searches. By default, all searches are run in the context of your MyApp app. If you try to run a search that is private to the Search app, you'll get an error, so you need to change this "app" property to "search" to successfully run those searches. |
| autostart | true | When true, the manager will automatically start a new job whenever any search properties change or when the page is loaded (the component-loader is called). If false, application code must call startSearch manually to start a search. |
| cache | false | true: Always use the results from a preexisting search job when possible.
false: Never use results from preexisting search jobs.
n: The number of seconds indicating the maximum age a search job can be to use its results. Results from search jobs that are newer than n seconds will be used. |
| cancelOnUnload | true | When true, cancels any running searches when navigating away from the page. |
| owner | The current owner | Sets the namespace (the owner context) to run in. |
| settings | | The properties of the search manager. |
| sid | | The search job ID (SID). |
Name | Description |
| auto_cancel | The number of seconds of inactivity after which to automatically cancel a job. 0 means never auto-cancel. |
| auto_finalize_ec | The number of events to process after which to auto-finalize the search. 0 means no limit. |
| auto_pause | The number of seconds of inactivity after which to automatically pause a job. 0 means never auto-pause. |
| earliest_time | A time string that specifies the earliest time in the time range to search. The time string can be a UTC time (with fractional seconds), a relative time specifier (to now), or a formatted time string. For a real-time search, specify "rt". |
| enable_lookups | A Boolean that indicates whether to apply lookups to events. |
| exec_mode | An enum value that indicates the search mode ("blocking", "oneshot", or "normal"). |
| force_bundle_replication | A Boolean that indicates whether this search should cause (and wait depending on the value of "sync_bundle_replication") bundle synchronization with all search peers. |
| id | A string that contains a search ID. If unspecified, a random ID is generated. |
| label | A custom name created for this search. |
| latest_time | A time string that specifies the latest time in the time range to search. The time string can be a UTC time (with fractional seconds), a relative time specifier (to now), or a formatted time string. For a real-time search, specify "rt". |
| max_count | The number of events that can be accessible in any given status bucket. |
| max_time | The number of seconds to run this search before finalizing. Specify 0 to never finalize. |
| namespace | A string that contains the application namespace in which to restrict searches. |
| now | A time string that sets the absolute time used for any relative time specifier in the search. |
| preview | Indicates if preview is enabled for this search job. By default, preview is enabled for realtime searches and for searches where status_buckets > 0. Set to false to disable preview. |
| reduce_freq | The number of seconds (frequency) to run the MapReduce reduce phase on accumulated map values. |
| reload_macros | A Boolean that indicates whether to reload macro definitions from the macros.conf configuration file. |
| remote_server_list | A string that contains a comma-separated list of (possibly wildcarded) servers from which to pull raw events. This same server list is used in subsearches. |
| required_field_list | Deprecated. Use "rf" instead. |
| rf | A string that adds one or more required fields to the search. |
| rt_blocking | A Boolean that indicates whether the indexer blocks if the queue for this search is full. For real-time searches. |
| rt_indexfilter | A Boolean that indicates whether the indexer pre-filters events. For real-time searches. |
| rt_maxblocksecs | The number of seconds indicating the maximum time to block. 0 means no limit. For real-time searches with "rt_blocking" set to "true". |
| rt_queue_size | The number indicating the queue size (in events) that the indexer should use for this search. For real-time searches. |
| search | A string that contains the search query. |
| search_listener | A string that registers a search state listener with the search. Use the format: search_state;results_condition;http_method;uri; |
| search_mode | An enum value that indicates the search mode ("normal" or "realtime"). If set to "realtime", searches live data. A real-time search is also specified by setting "earliest_time" and "latest_time" properties to "rt", even if the search_mode is normal or is not set. |
| spawn_process | A Boolean that indicates whether to run the search in a separate spawned process. Searches against indexes must run in a separate process. |
| status_buckets | The maximum number of status buckets to generate. 0 means to not generate timeline information. |
| sync_bundle_replication | A Boolean that indicates whether this search should wait for bundle replication to complete. |
| time_format | A string that specifies the format to use to convert a formatted time string from {start,end}_time into UTC seconds. |
| timeout | The number of seconds to keep this search after processing has stopped. |