| Connected Account | The connected account to use for the request | Connected Account | Yes | |
| Query | Search language string to execute, in Splunk's Search Processing Language | Text (Long) | Yes | |
| Ad hoc search level | | Predefined Choice List | No | |
| Auto-cancel after (seconds) | Seconds after which the search job automatically cancels | Number | No | |
| Auto-finalize after (num events) | Auto-finalize the search after at least this many events are processed | Number | No | |
| Auto pause after (seconds) | Seconds of inactivity after which the search job automatically pauses | Number | No | |
| Earliest index | The earliest index time for the search (inclusive) | Datetime | No | |
| Earliest time | The earliest cut-off for the search (inclusive) | Datetime | No | |
| Exec mode | | Predefined Choice List | No | |
| Indexed real time offset | Seconds of disk sync delay for indexed real-time search | Number | No | |
| Latest index | The latest index time for the search (inclusive) | Datetime | No | |
| Latest time | The latest cut-off for the search (inclusive) | Datetime | No | |
| Max time | Number of seconds to run this search before finalizing. Enter 0 to never finalize | Number | No | |
| Namespace | Application namespace in which to restrict searches | Text (Short) | No | |
| Reduce frequency | How frequently to run the MapReduce reduce phase on accumulated map values | Number | No | |
| Remote server list | Comma-separated list of (possibly wildcarded) servers from which raw events should be pulled. This same server list is to be used in subsearches | Text (Long) | No | |
| Reuse limit (seconds) | Number of seconds ago to check when an identical search is started and return the job’s search ID instead of starting a new job | Number | No | |
| Required field | Name of a required field to add to the search. Even if not referenced or used directly by the search, a required field is still included in events and summary endpoints | Text (Short) | No | |
| Search mode | | Predefined Choice List | No | |
| Status buckets | The most status buckets to generate. Set to 0 generate no timeline information | Number | No | |
| Timeout | Number of seconds to keep this search after processing has stopped | Number | No | |
| Workload pool | New workload pool where the existing running search should be placed | Text (Short) | No | |