Hello, does anyone what generates realtime searches whose search_id starts with "rt_md"?
I rarely run real time searches but if I look at audit.log, I see a bunch of searches under my username for which is_realtime field is set to 1. Also their search_ids begin with "rt_md".
However if I do run a real time search and look for it's search_id, it starts only with "rt_".
So what are these searches which I never ran but show up as realtime and their search_ids start with "rt_md"?
Hi Arpit. I have been trying to answer the same question and may have an answer for you.
Unfortunately this naming convention is not documented under Dispatch directory and search artifacts:
However, I found some information on the real-time metadata search in this post. Its a query that is embedded in the search app page which automatically retrieves a user's data:
I hope this helps!!
For example, here's a search_id and related search string.
'| metadata type=sourcetypes | search totalCount > 0'
I think "rt_md" stands for real time meta data search.
What is the nature of such searches?