searchDomain()

API Stability	`Long-Term`

The searchDomain() GraphQL query is used to search a domain (for example the list of internal views, repositories, packages) within LogScale.

Syntax

Below is the syntax for the searchDomain() query field:

graphql

searchDomain(
     name: string!
   ): SearchDomain!

This query field has one input, but the returned datatype has many parameters. See the Returned Datatypes section for details. Below is an example using this query field:

Show:

graphql

query {
  searchDomain(name:"humio")
  {id, name, 
   installedPackages {
    id, availableUpdate, package{ name } }
  }
}

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  searchDomain(name:\"humio\")
  {id, name, 
   installedPackages {
    id, availableUpdate, package{ name } }
  }
}"
}
EOF

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  searchDomain(name:\"humio\")
  {id, name, 
   installedPackages {
    id, availableUpdate, package{ name } }
  }
}"
}
EOF

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query { ^
  searchDomain(name:\"humio\") ^
  {id, name,  ^
   installedPackages { ^
    id, availableUpdate, package{ name } } ^
  } ^
}" ^
} '

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query {
  searchDomain(name:\"humio\")
  {id, name, 
   installedPackages {
    id, availableUpdate, package{ name } }
  }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "query {
  searchDomain(name:\"humio\")
  {id, name, 
   installedPackages {
    id, availableUpdate, package{ name } }
  }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
  searchDomain(name:\"humio\")
  {id, name, 
   installedPackages {
    id, availableUpdate, package{ name } }
  }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "query {
  searchDomain(name:\"humio\")
  {id, name, 
   installedPackages {
    id, availableUpdate, package{ name } }
  }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Show:

json

{
  "data": {
    "searchDomain": {
      "id": "aK9GKAsTnMXfRxT8Fpecx3fX",
      "name": "humio",
      "installedPackages": [
        {
          "id": "humio/insights@0.0.14",
          "availableUpdate": null,
          "package": {
            "name": "insights"
          }
        }
      ]
    }
  }
}

Returned Datatypes

The returned datatype searchDomain() has several parameters and sub-parameters. Below is a list of parameters with links to the sub-parameters:

Table: SearchDomain

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Mar 27, 2025
`action`	multiple	yes	`Long-Term`	A saved action. The multiple datatype consists of (id: string): Action. See `Action`.
`actions`	`Action`	yes	`Long-Term`	A list of saved actions. See `Action`.
`aggregateAlert`	multiple	yes	`Long-Term`	A saved aggregate alert. The multiple datatype consists of (id: string): AggregateAlert. See `AggregateAlert`.
`aggregateAlerts`	[`AggregateAlert`]	yes	`Long-Term`	A list of saved aggregate alerts. See `AggregateAlert`.
`alert`	multiple	yes	`Long-Term`	A saved alert. The multiple datatype consists of (id: string): Alert. See `Alert`.
`alerts`	[`Alert`]	yes	`Long-Term`	Saved alerts. See `Alert`.
`allowedViewActions`	[`ViewAction`]	yes	`Long-Term`	Returns the all actions the user is allowed to perform on the view. See `ViewAction`.
`automaticSearch`	boolean	yes	`Long-Term`	Whether to execute automatically the default search query.
`availablePackages`	multiple	yes	`Long-Term`	Returns a list of available packages that can be installed. The multiple datatype consists of (filter: string, tags: [PackageTag], categories: [string]): [PackageRegistrySearchResultItem]. PackageTag is a scalar. See `PackageRegistrySearchResultItem`.
`dashboard`	multiple	yes	`Long-Term`	The default or initial Dashboard to use. The multiple datatype consists of (id: string): Dashboard. See `Dashboard`).
`dashboards`	[`Dashboard`]	yes	`Long-Term`	All dashboards available on the view. See `Dashboard`.
`defaultQuery`	`SavedQuery`	yes	`Long-Term`	The default query used for the search domain when none is selected. See `SavedQuery`.
`deletedDate`	long		`Long-Term`	The point in time the search domain was marked for deletion.
`description`	string		`Long-Term`	A description of the search domain.
`fileFieldSearch`	multiple	yes	`Long-Term`	Used to search fields in a CSV or JSON file. The multiple datatype consists of fileFieldSearch(fileName: string, fieldName: string, prefixFilter: string, valueFilters: [FileFieldFilterType], fieldsToInclude: [string], maxEntries: integer): [[DictionaryEntryType]]. See `FileFieldFilterType` and `DictionaryEntryType`.
`files`	[`File`]	yes	`Long-Term`	Files belonging to the search domain. See `File`.
`filterAlert`	multiple	yes	`Long-Term`	A saved filter alert. The multiple datatype consists of (id: string): FilterAlert. See `FilterAlert`.
`filterAlerts`	[`FilterAlert`]	yes	`Long-Term`	Saved filter alerts. See `FilterAlert`.
`groups`	[`Group`]	yes	`Long-Term`	Groups with assigned roles. See `Group`.
`hasPackageInstalled`	multiple	yes	`Long-Term`	Whether there is an installed package. The multiple datatype consists of (packageId: VersionedPackageSpecifier): boolean. VersionedPackageSpecifier is a scalar.
`id`	string	yes	`Long-Term`	The unique identifier for the search domain.
`installedPackages`	[`PackageInstallation`]	yes	`Long-Term`	List packages installed on a specific view or repository. See `PackageInstallation`.
`interactions`	[`ViewInteraction`]	yes	`Long-Term`	All interactions defined on the view. See `ViewInteraction`.
`isActionAllowed`	multiple	yes	`Long-Term`	Whether the current user is allowed to perform the action. The multiple datatype consists of (action: ViewAction): boolean. See `ViewAction`.
`isStarred`	boolean	yes	`Long-Term`	Whether the search domain is highlighted with a star.
`name`	`RepoOrViewName`	yes	`Long-Term`	The name of the search domain. `RepoOrViewName` is a scalar.
`packageV2`	multiple	yes	`Long-Term`	Returns a specific version of a package given a package version. The multiple datatype consists of (packageId: VersionedPackageSpecifier): Package2. VersionedPackageSpecifier is a scalar value. See `Package2`.
`packageVersions`	multiple	yes	`Long-Term`	The available versions of a package. This is a preview and may be moved to the Package2. The multiple datatype consists of (packageId: UnversionedPackageSpecifier): [RegistryPackageVersionInfo]. UnversionedPackageSpecifier is a scalar. See `RegistryPackageVersionInfo`.
`permanentlyDeletedAt`	long		`Long-Term`	The point in time the search domain will not be restorable anymore.
`recentQueriesV2`	[`RecentQuery`]	yes	`Long-Term`	All recent queries for the search domain. See `RecentQuery`.
`reposExcludedInSearchLimit`	[string]	yes	`Long-Term`	Repositories not part of the search limitation.
`resource`	string	yes	`Short-Term`	The resource identifier for the search domain.
`savedQueries`	[`SavedQuery`]	yes	`Long-Term`	The saved queries. See `SavedQuery`.
`savedQuery`	multiple	yes	`Long-Term`	A saved query. The multiple datatype consists of (id: string): SavedQuery. `SavedQuery`).
`scheduledReport`	multiple	yes	`Long-Term`	A saved scheduled report. The multiple datatype consists of (id: string): ScheduledReport. See `ScheduledReport`.
`scheduledReports`	[`ScheduledReport`]	yes	`Long-Term`	Saved scheduled reports. See `ScheduledReport`.
`scheduledSearch`	multiple	yes	`Long-Term`	A saved scheduled search. The multiple datatype consists of (id: string): ScheduledSearch. See `ScheduledSearch`).
`scheduledSearches`	[`ScheduledSearch`]	yes	`Long-Term`	The scheduled searches to use with the search domain. See `ScheduledSearch`.
`searchLimitedMs`	long		`Long-Term`	Limit in milliseconds to which searches should are limited.
`starredFields`	[string]	yes	`Long-Term`	All fields in the search domain to mark with a star.
`tags`	[string]	yes	`Long-Term`	All tags from all datasources.
`users`	[`User`]	yes	`Long-Term`	Users who have access to the search domain. See `User`.
`usersandgroups`	multiple	yes	`Long-Term`	Users and groups associated with the search domain. The multiple datatype consists of (search: string, skip: integer, limit: integer): UsersAndGroupsSearchResultSet. See `UsersAndGroupsSearchResultSet`.
`usersV2`	multiple	yes	`Preview`	Search users with a given permission, whose email or name matches this search string. The multiple datatype consists of (search: string, permissionFilter: Permission, skip: integer, limit: integer): Users. See `Permission` and `Users`.
`viewerQueryPrefix`	string	yes	`Long-Term`	The query prefix prepended to each search in this domain.

GraphQL Queries

GraphQL API Stability

GraphQL Mutations

GraphQL Datatypes

searchDomain()

Syntax

Returned Datatypes

Enter search term