{"id":968,"date":"2026-04-17T07:51:09","date_gmt":"2026-04-17T07:51:09","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-search-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-observability-and-management\/"},"modified":"2026-04-17T07:51:09","modified_gmt":"2026-04-17T07:51:09","slug":"oracle-cloud-search-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-observability-and-management","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-search-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-observability-and-management\/","title":{"rendered":"Oracle Cloud Search Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Observability and Management"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Category<\/h2>\n\n\n\n<p>Observability and Management<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Introduction<\/h2>\n\n\n\n<p>Oracle Cloud <strong>Search<\/strong> (often referred to in documentation and the Console as <strong>Resource Search<\/strong>) is an Oracle Cloud Infrastructure (OCI) service that helps you <strong>find, filter, and inventory OCI resources<\/strong> across your tenancy using a query language and APIs.<\/p>\n\n\n\n<p>In simple terms: <strong>Search lets you ask OCI \u201cwhat resources do I have?\u201d<\/strong> and get back an accurate list\u2014instances, VCNs, buckets, databases, load balancers, and more\u2014optionally filtered by compartment, tags, lifecycle state, region, and other metadata.<\/p>\n\n\n\n<p>Technically, Search provides a <strong>query endpoint and a resource index<\/strong> for OCI resource metadata. You submit queries (via Console, CLI, SDK, or REST API) using <strong>Resource Query Language<\/strong> and get structured results. Search is commonly used in <strong>operations and governance<\/strong> workflows: inventory, tag compliance, drift detection, incident response, and cleanup.<\/p>\n\n\n\n<p>The problem it solves: in real environments, resources sprawl across compartments and teams. Listing resources service-by-service is slow and error-prone. <strong>Search provides a centralized, query-driven inventory<\/strong> that supports day-2 operations across OCI.<\/p>\n\n\n\n<blockquote>\n<p>Naming note (important): This article is about <strong>Oracle Cloud (OCI) Search \/ Resource Search<\/strong> in the <strong>Observability and Management<\/strong> category. It is <strong>not<\/strong> log search (OCI Logging Search) and not an application\/content search engine.<\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">2. What is Search?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Official purpose (in OCI terms)<\/h3>\n\n\n\n<p><strong>Search<\/strong> is a managed OCI service for <strong>discovering resources in your tenancy<\/strong> using structured queries over resource metadata. It returns results such as resource OCIDs, display names, compartments, resource types, and other indexed attributes.<\/p>\n\n\n\n<p>Official docs (start here):<br\/>\nhttps:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Search\/Concepts\/overview.htm<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Core capabilities<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Structured search<\/strong> using Resource Query Language (RQL) to find resources by type and attributes.<\/li>\n<li><strong>Free-text search<\/strong> capabilities (where supported) to find resources by keywords.<\/li>\n<li><strong>Tag-based discovery<\/strong> (defined tags and freeform tags) for governance and cost allocation workflows.<\/li>\n<li><strong>Cross-compartment discovery<\/strong> (bounded by IAM permissions).<\/li>\n<li><strong>API\/CLI\/SDK automation<\/strong> to integrate resource discovery into scripts and operational tooling.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Major components<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Search endpoint (API)<\/strong>: REST API to execute structured\/free-text searches.<\/li>\n<li><strong>Query language<\/strong>: Resource Query Language expressions (service-specific syntax).<\/li>\n<li><strong>Resource index<\/strong>: An OCI-managed index of resource metadata (not your data plane content).<\/li>\n<li><strong>Console integration<\/strong>: The OCI Console provides an interactive Search experience.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Service type<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Managed control-plane service<\/strong> (metadata search and discovery).<\/li>\n<li>Not a customer-managed search cluster and not a document\/content indexing service.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scope (regional\/global) and tenancy boundaries<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Search operates <strong>within an OCI tenancy<\/strong> and returns only resources you are authorized to view.<\/li>\n<li>Many OCI resources are <strong>regional<\/strong>, so Search behavior can be region-sensitive. In practice, organizations often run Search queries per region when building a complete inventory.<\/li>\n<li>Exact regional behavior and supported resource types can evolve\u2014<strong>verify the current behavior in official docs<\/strong> and test in your target regions.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How it fits into the Oracle Cloud ecosystem<\/h3>\n\n\n\n<p>Search sits in the \u201coperability\u201d layer:\n&#8211; Works alongside <strong>OCI IAM<\/strong> (authorization boundaries).\n&#8211; Supports governance practices alongside <strong>Tagging<\/strong>, <strong>Audit<\/strong>, <strong>Cloud Guard<\/strong>, and <strong>Security Zones<\/strong>.\n&#8211; Often used by platform teams and SREs as an inventory input to tooling, dashboards, and cleanup jobs.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">3. Why use Search?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Business reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Faster inventory and accountability<\/strong>: Identify what exists and who owns it (via tags).<\/li>\n<li><strong>Cost control<\/strong>: Find unused, oversized, or orphaned resources for cleanup.<\/li>\n<li><strong>Reduced risk<\/strong>: Locate exposed resources quickly (for example, public buckets, internet-facing load balancers) and confirm configuration baselines.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Technical reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Single query interface<\/strong> for multi-service inventory.<\/li>\n<li><strong>Automation-ready<\/strong>: works with OCI CLI\/SDK\/REST for repeatable scripts.<\/li>\n<li><strong>Consistent identifiers<\/strong>: results include OCIDs that can be fed into service-specific APIs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Incident response<\/strong>: quickly find affected resources by name patterns, tags, or compartment.<\/li>\n<li><strong>Change validation<\/strong>: confirm that a deployment created\/updated resources as expected.<\/li>\n<li><strong>Drift discovery<\/strong>: detect resources that exist outside expected compartments or tag standards.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/compliance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Tag compliance and asset inventory<\/strong>: demonstrate that assets are accounted for and labeled.<\/li>\n<li><strong>Access-aware discovery<\/strong>: Search results reflect IAM permissions, supporting least privilege.<\/li>\n<li><strong>Auditability<\/strong>: Search API calls can be captured through OCI <strong>Audit<\/strong> (verify in your tenancy).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scalability\/performance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Search avoids manual enumeration across many services\/compartments.<\/li>\n<li>Enables centralized inventory at scale (bounded by service limits and indexing behavior).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should choose it<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You need <strong>resource inventory<\/strong> across compartments and teams.<\/li>\n<li>You want to <strong>automate governance<\/strong> (tagging, cleanup, ownership).<\/li>\n<li>You need a <strong>control-plane discovery tool<\/strong> for operations.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should not choose it<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You need full-text search over <strong>application content<\/strong>, documents, logs, or database rows (use services designed for content\/log analytics).<\/li>\n<li>You need deep configuration assessment and remediation orchestration by itself (Search helps discover resources; other services\/tools handle policy-as-code, posture management, remediation workflows).<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">4. Where is Search used?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Industries<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Financial services<\/strong>: asset inventory, audit preparation, governance enforcement.<\/li>\n<li><strong>Healthcare<\/strong>: compliance inventories, environment separation validation.<\/li>\n<li><strong>SaaS and tech<\/strong>: multi-team cloud platform operations, cost controls.<\/li>\n<li><strong>Public sector<\/strong>: compartment-based segregation and asset reporting.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Team types<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud platform\/CoE teams<\/li>\n<li>DevOps and SRE teams<\/li>\n<li>Security engineering and GRC teams<\/li>\n<li>FinOps\/cost optimization teams<\/li>\n<li>Application teams (for self-service discovery)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Workloads<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Multi-compartment environments (dev\/test\/prod separation)<\/li>\n<li>Multi-region deployments (DR, latency optimization)<\/li>\n<li>Shared services architectures (hub-and-spoke networks, centralized logging)<\/li>\n<li>Regulated environments with strict tagging and inventory needs<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Architectures<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Landing zone \/ multi-account-like compartment design<\/li>\n<li>Microservices platforms with many small resources<\/li>\n<li>Data platforms with buckets, streams, DBs, analytics services<\/li>\n<li>Hybrid environments needing cloud inventory synchronization (CMDB)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Real-world deployment contexts<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Production<\/strong>: scheduled inventory reports, compliance scanning, incident response tooling.<\/li>\n<li><strong>Dev\/Test<\/strong>: cleanup scripts to remove resources after labs, PoCs, and ephemeral testing.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">5. Top Use Cases and Scenarios<\/h2>\n\n\n\n<p>Below are realistic, common ways Oracle Cloud <strong>Search<\/strong> is used in operational environments.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1) Tenancy-wide asset inventory<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: You need a complete list of OCI resources for reporting or a CMDB.<\/li>\n<li><strong>Why Search fits<\/strong>: One query surface across many resource types and compartments.<\/li>\n<li><strong>Scenario<\/strong>: A platform team runs nightly structured queries and exports results to an internal inventory system.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2) Tag compliance checks (ownership\/cost center)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Resources are created without required tags.<\/li>\n<li><strong>Why Search fits<\/strong>: Query for resources missing specific defined tags.<\/li>\n<li><strong>Scenario<\/strong>: A FinOps team finds untagged compute instances and asks owners to remediate.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3) Find orphaned resources after CI\/CD changes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Old load balancers, volumes, or IPs remain after deployments.<\/li>\n<li><strong>Why Search fits<\/strong>: Query by tag, name pattern, or compartment to identify leftovers.<\/li>\n<li><strong>Scenario<\/strong>: After a blue\/green cutover, Search finds resources with <code>environment=blue<\/code> still present.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4) Incident response: identify blast radius<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: A security incident affects a project compartment; you need a list of assets fast.<\/li>\n<li><strong>Why Search fits<\/strong>: Query by compartment and resource types; pivot using OCIDs.<\/li>\n<li><strong>Scenario<\/strong>: Security queries for all public-facing endpoints in a compromised compartment.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5) Cleanup of Always Free \/ lab environments<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Students or engineers leave resources running.<\/li>\n<li><strong>Why Search fits<\/strong>: Query for resources with lab tags or naming conventions.<\/li>\n<li><strong>Scenario<\/strong>: A nightly job finds instances tagged <code>owner=training<\/code> older than X days and flags them for deletion.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6) Migration readiness: verify resource counts pre\/post move<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: You moved workloads to a new compartment\/region; need validation.<\/li>\n<li><strong>Why Search fits<\/strong>: Compare query results before and after migration.<\/li>\n<li><strong>Scenario<\/strong>: An architect validates all required resources exist in the target compartment.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7) Governance: detect resources in wrong compartments<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Teams create resources in the root compartment or shared compartments.<\/li>\n<li><strong>Why Search fits<\/strong>: Query by compartmentId and resource types; report violations.<\/li>\n<li><strong>Scenario<\/strong>: A policy requires all app resources to be under <code>App-Prod<\/code>; Search finds exceptions.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8) Network operations: locate networking objects by naming patterns<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Troubleshooting depends on finding the right VCN\/subnet\/NSG quickly.<\/li>\n<li><strong>Why Search fits<\/strong>: Search for network resources by displayName patterns and compartment.<\/li>\n<li><strong>Scenario<\/strong>: An SRE finds a subnet by matching <code>subnet-*prod*<\/code> in a hub VCN.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">9) Cost optimization: find unattached block volumes or reserved public IPs<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Unattached storage and reserved IPs can generate cost (service-dependent).<\/li>\n<li><strong>Why Search fits<\/strong>: Query for resource types\/states that indicate \u201cunused.\u201d<\/li>\n<li><strong>Scenario<\/strong>: Monthly report enumerates unattached volumes for approval and cleanup.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">10) Audit preparation: evidence of inventory and classification<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Auditors request evidence that assets are inventoried and classified.<\/li>\n<li><strong>Why Search fits<\/strong>: Exportable query-based inventory with tag classification.<\/li>\n<li><strong>Scenario<\/strong>: Compliance produces a report of all databases labeled with <code>data_classification=restricted<\/code>.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">11) Posture checking: locate internet-facing resources<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Security needs to identify potentially exposed resources.<\/li>\n<li><strong>Why Search fits<\/strong>: Query resource types that can be public (for example, public IPs, LBs) and validate attributes.<\/li>\n<li><strong>Scenario<\/strong>: A weekly review finds internet-facing load balancers not in approved compartments.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">12) Platform engineering: discover resources for automation targeting<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: A script needs to apply configuration to a dynamic set of resources.<\/li>\n<li><strong>Why Search fits<\/strong>: Search provides a dynamic set of OCIDs to feed into automation.<\/li>\n<li><strong>Scenario<\/strong>: A script finds all instances with tag <code>patch_group=linux-prod<\/code> and triggers patch orchestration.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">6. Core Features<\/h2>\n\n\n\n<blockquote>\n<p>Feature availability and exact query syntax can change; validate with the official docs for your region and tenancy.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">6.1 Structured search (Resource Query Language)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Allows precise queries for resources by type and metadata fields.<\/li>\n<li><strong>Why it matters<\/strong>: Structured queries are predictable, automatable, and script-friendly.<\/li>\n<li><strong>Practical benefit<\/strong>: Build repeatable inventory checks like \u201call instances in prod compartments missing an owner tag.\u201d<\/li>\n<li><strong>Limitations\/caveats<\/strong>:<\/li>\n<li>Requires learning the query language.<\/li>\n<li>Results depend on indexing timeliness (there can be delays between creation and discoverability).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.2 Free-text search (where supported)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Searches by keywords across certain indexed fields.<\/li>\n<li><strong>Why it matters<\/strong>: Faster for interactive exploration when you don\u2019t know the exact field.<\/li>\n<li><strong>Practical benefit<\/strong>: Find a resource by a partial display name or tag value.<\/li>\n<li><strong>Limitations\/caveats<\/strong>:<\/li>\n<li>Typically less precise than structured search.<\/li>\n<li>May not support complex conditions.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.3 Search across compartments (permission-aware)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Search can return resources across compartments you can access.<\/li>\n<li><strong>Why it matters<\/strong>: Most organizations use compartments for isolation; operations needs cross-compartment visibility.<\/li>\n<li><strong>Practical benefit<\/strong>: Platform teams can inventory across all application compartments.<\/li>\n<li><strong>Limitations\/caveats<\/strong>:<\/li>\n<li><strong>IAM controls<\/strong> what you can see; Search does not bypass authorization.<\/li>\n<li>Some orgs intentionally limit cross-compartment visibility.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.4 Tag-aware discovery (defined tags and freeform tags)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Enables queries that filter on tags for ownership, environment, cost center, etc.<\/li>\n<li><strong>Why it matters<\/strong>: Tags are the foundation of governance, cost allocation, and automation targeting.<\/li>\n<li><strong>Practical benefit<\/strong>: Find all resources belonging to \u201cteam-a\u201d or \u201cprod\u201d.<\/li>\n<li><strong>Limitations\/caveats<\/strong>:<\/li>\n<li>Tag indexing may not be immediate.<\/li>\n<li>Tag key naming and namespaces must be consistent for good results.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.5 API access (REST) and automation (CLI\/SDK)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Provides API-driven search suitable for scripts and systems integration.<\/li>\n<li><strong>Why it matters<\/strong>: Repeatable governance and operational workflows depend on automation.<\/li>\n<li><strong>Practical benefit<\/strong>: Nightly reports, cleanup scripts, and inventory exports.<\/li>\n<li><strong>Limitations\/caveats<\/strong>:<\/li>\n<li>Service limits and rate limits apply.<\/li>\n<li>Authentication requires correct IAM policies and API signing.<\/li>\n<\/ul>\n\n\n\n<p>API reference (Search):<br\/>\nhttps:\/\/docs.oracle.com\/en-us\/iaas\/api\/#\/en\/search\/<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">6.6 Console experience for interactive operations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Allows operators to search without writing code.<\/li>\n<li><strong>Why it matters<\/strong>: Useful during incidents and interactive investigations.<\/li>\n<li><strong>Practical benefit<\/strong>: Quickly find a resource by name and jump to its details page.<\/li>\n<li><strong>Limitations\/caveats<\/strong>:<\/li>\n<li>Console experience may differ slightly from CLI\/SDK options.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.7 Result metadata: OCIDs and resource identifiers<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Returns resource OCIDs and metadata fields useful for follow-up actions.<\/li>\n<li><strong>Why it matters<\/strong>: OCID is the universal identifier to call service-specific APIs.<\/li>\n<li><strong>Practical benefit<\/strong>: Pipe Search results into automation that modifies or validates resources.<\/li>\n<li><strong>Limitations\/caveats<\/strong>:<\/li>\n<li>Returned fields vary by resource type.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.8 Pagination and sorting behaviors (API-level)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Supports pagination over large result sets.<\/li>\n<li><strong>Why it matters<\/strong>: Real tenancies can have tens of thousands of resources.<\/li>\n<li><strong>Practical benefit<\/strong>: Build robust inventory pipelines.<\/li>\n<li><strong>Limitations\/caveats<\/strong>:<\/li>\n<li>You must implement pagination logic in scripts.<\/li>\n<li>Verify any ordering guarantees in official docs.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">7. Architecture and How It Works<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">High-level architecture<\/h3>\n\n\n\n<p>At a high level, Search is a <strong>control-plane discovery service<\/strong>:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>OCI services (Compute, Networking, Object Storage, etc.) emit\/maintain control-plane metadata.<\/li>\n<li>Search maintains a <strong>managed index<\/strong> of resource metadata.<\/li>\n<li>Users and automation submit queries to the <strong>Search endpoint<\/strong>.<\/li>\n<li>Search returns results (resource identifiers + selected metadata), constrained by <strong>IAM authorization<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Request\/data\/control flow<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Control flow<\/strong>: Your identity (user or dynamic group) authenticates via IAM \u2192 calls Search API.<\/li>\n<li><strong>Data flow<\/strong>: Query \u2192 Search index lookup \u2192 results returned.<\/li>\n<li><strong>Follow-up<\/strong>: Use returned OCIDs to call the underlying service APIs (Compute, Network, etc.) for deeper details or actions.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Integrations with related OCI services<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>IAM<\/strong>: Policies and compartment boundaries determine visibility.<\/li>\n<li><strong>Audit<\/strong>: Search API calls can be audited (verify your Audit configuration and retention).<\/li>\n<li><strong>Tagging<\/strong>: Tags are commonly used as search filters and governance controls.<\/li>\n<li><strong>Events \/ Functions \/ DevOps<\/strong> (pattern-based): Use Search to discover targets, then run actions via Functions or pipelines.<\/li>\n<li><strong>Monitoring\/Logging<\/strong>: Not a direct metric-heavy service by itself; teams often monitor the automation using Logging\/Monitoring around the scripts that call Search.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Dependency services<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OCI IAM<\/strong> (authentication and authorization)<\/li>\n<li>Underlying OCI service control planes that publish resource metadata<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/authentication model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Uses standard OCI request signing (API keys) for users, or instance principal \/ resource principal for workloads (depending on your environment).<\/li>\n<li>Authorization is enforced via IAM policies at tenancy\/compartment scope.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Networking model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Search is accessed via OCI public service endpoints (typical OCI API model).<\/li>\n<li>If you require private access patterns, evaluate OCI networking options (for example, private endpoints where applicable) and <strong>verify in official docs<\/strong> whether Search supports specific private access mechanisms in your region.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Track Search usage via <strong>Audit<\/strong> for compliance.<\/li>\n<li>For automated inventory jobs, log query executions, result counts, and error codes to <strong>OCI Logging<\/strong>.<\/li>\n<li>Apply <strong>tag governance<\/strong> so Search results can be sliced reliably by owner\/environment\/cost center.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Simple architecture diagram (Mermaid)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart LR\n  U[Operator \/ Script] --&gt;|Console \/ CLI \/ SDK| API[OCI Search API Endpoint]\n  API --&gt; IDX[Managed Resource Metadata Index]\n  IDX --&gt; API\n  API --&gt; R[Search Results: OCIDs + metadata]\n  R --&gt; SVC[Follow-up calls to OCI services\\n(Compute, Network, Storage, DB)]\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Production-style architecture diagram (Mermaid)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart TB\n  subgraph Tenancy[OCI Tenancy]\n    subgraph Regions[Multiple OCI Regions]\n      API1[Search API (Region A)]\n      API2[Search API (Region B)]\n    end\n\n    subgraph Ops[Operations &amp; Governance Tooling]\n      CRON[Scheduled Inventory Job\\n(Functions\/Compute\/CI Runner)]\n      LOG[OCI Logging]\n      MON[OCI Monitoring]\n      TKT[Ticketing \/ ChatOps\\n(external)]\n      CMDB[Inventory DB \/ CMDB\\n(external)]\n    end\n\n    IAM[IAM Policies\\n&amp; Dynamic Groups]\n    AUD[OCI Audit]\n    TAG[Tagging Standards\\n(Defined Tags)]\n  end\n\n  CRON --&gt;|Assume principal\\n(API signing)| IAM\n  CRON --&gt;|Structured queries| API1\n  CRON --&gt;|Structured queries| API2\n  CRON --&gt;|Write logs| LOG\n  CRON --&gt;|Custom metrics (optional)| MON\n  CRON --&gt;|Export inventory| CMDB\n  CRON --&gt;|Create issues| TKT\n  API1 --&gt; AUD\n  API2 --&gt; AUD\n  TAG --&gt;|Used as filters| API1\n  TAG --&gt;|Used as filters| API2\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">8. Prerequisites<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Tenancy\/account requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An active <strong>Oracle Cloud (OCI) tenancy<\/strong><\/li>\n<li>Access to the OCI Console<\/li>\n<li>Ability to create\/read resources in at least one compartment (for the lab)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Permissions \/ IAM<\/h3>\n\n\n\n<p>You need:\n&#8211; Permission to <strong>use Search<\/strong> and to <strong>read the resources<\/strong> you intend to find.\n&#8211; In OCI, Search results are constrained by what your identity is authorized to see.<\/p>\n\n\n\n<p>Because IAM policy syntax and required verbs can vary by organization and service evolution, use the official IAM guidance for Search and test with least privilege:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Search documentation (overview and related topics):<br\/>\n  https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Search\/Concepts\/overview.htm<\/li>\n<\/ul>\n\n\n\n<p>If you cannot see expected resources:\n&#8211; Confirm you have <code>read<\/code>\/<code>inspect<\/code> permissions in the relevant compartments for the resource types.\n&#8211; Confirm no policy denies or restricts access.\n&#8211; <strong>Verify required Search permissions in official docs<\/strong> for your tenancy setup.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Billing requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Search itself is typically not a separately billed \u201cmetered\u201d resource, but always confirm in pricing docs (see Pricing section).<\/li>\n<li>The lab can be designed to use mostly free control-plane resources (like VCN and tags), but always validate cost implications in your region and account.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Tools (choose one)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI Console (web UI)<\/li>\n<li>OCI CLI (recommended for the hands-on lab):<br\/>\n  https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/SDKDocs\/cliinstall.htm<\/li>\n<li>Optional: OCI SDK (Python\/Java\/Go, etc.) if automating<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Region availability<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Search is broadly available across OCI regions, but regional feature parity can vary. <strong>Verify region support<\/strong> in official docs for any regulated or specialty region.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas\/limits<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>API rate limits and pagination limits apply.<\/li>\n<li>If you plan tenancy-wide inventory at scale, design around pagination and rate limiting.<\/li>\n<li>Verify service limits here (general OCI limits entry point):<br\/>\n  https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/General\/Concepts\/servicelimits.htm<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisite services (for this tutorial)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>IAM (users\/groups\/policies) to authenticate<\/li>\n<li>One compartment and at least one resource to search for (we\u2019ll create a VCN and tags)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">9. Pricing \/ Cost<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing model (what to expect)<\/h3>\n\n\n\n<p>Oracle Cloud <strong>Search<\/strong> is a control-plane discovery capability. Oracle typically does <strong>not<\/strong> list Search as a separately priced, metered service in the way compute\/storage are priced. In many OCI setups, using Search does not incur a standalone line-item charge.<\/p>\n\n\n\n<p>However:\n&#8211; Pricing and entitlements can change.\n&#8211; Some costs are indirect (automation runtime, logging, data egress).\n&#8211; Always validate using official Oracle pricing sources.<\/p>\n\n\n\n<p>Start with:\n&#8211; Oracle Cloud Pricing landing page: https:\/\/www.oracle.com\/cloud\/pricing\/\n&#8211; OCI Cost Estimator: https:\/\/www.oracle.com\/cloud\/costestimator.html<\/p>\n\n\n\n<p>If Search has a dedicated pricing page for your tenancy\/region, use that as the source of truth. If it is not listed, treat it as \u201cincluded\u201d but <strong>verify in official docs\/pricing<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing dimensions to consider<\/h3>\n\n\n\n<p>Even when Search is not directly billed, you should plan for:\n&#8211; <strong>API call volume<\/strong>: may be limited by rate limits (not cost), but impacts automation reliability.\n&#8211; <strong>Automation compute<\/strong>: where your scheduled inventory scripts run (Compute, Functions, containers).\n&#8211; <strong>Logging\/Monitoring<\/strong>: storing job logs, metrics, and alerts.\n&#8211; <strong>Data export\/storage<\/strong>: storing inventory snapshots in Object Storage or a database.\n&#8211; <strong>Cross-region iteration<\/strong>: querying multiple regions can increase runtime and associated costs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Free tier<\/h3>\n\n\n\n<p>OCI has an Always Free tier for some services, but eligibility and specifics vary by region and program updates. Search usage itself is generally not a \u201cresource\u201d you provision.<br\/>\n<strong>Verify Always Free details<\/strong>: https:\/\/www.oracle.com\/cloud\/free\/<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Main cost drivers (practical)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Running inventory jobs too frequently (every minute instead of daily\/hourly).<\/li>\n<li>Exporting large inventories and storing long history without lifecycle policies.<\/li>\n<li>Excessive logging verbosity for scheduled jobs.<\/li>\n<li>Using paid compute shapes to run simple queries.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Hidden or indirect costs<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Data transfer<\/strong>: If you export results to systems outside OCI or across regions, network egress may apply.<\/li>\n<li><strong>Downstream API calls<\/strong>: Search results often lead to additional API calls (Compute\/Network) for deeper inspection, increasing automation runtime.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How to optimize cost<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use Search as the first-pass filter; only call downstream APIs for resources that match.<\/li>\n<li>Run inventory at a reasonable cadence (daily or a few times per day) unless you truly need near-real-time.<\/li>\n<li>Store inventory snapshots with Object Storage lifecycle rules (archive\/delete old data).<\/li>\n<li>Keep logs structured and concise; retain only what you need.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Example low-cost starter estimate (no fabricated prices)<\/h3>\n\n\n\n<p>A low-cost approach typically includes:\n&#8211; OCI CLI script run on a small runner (or your workstation)\n&#8211; One daily Search query per region\n&#8211; Export results to a small Object Storage bucket with lifecycle policy<\/p>\n\n\n\n<p>Costs depend on:\n&#8211; Where the script runs (your laptop vs OCI compute)\n&#8211; Storage used for exports\n&#8211; Network egress if exporting off-cloud<\/p>\n\n\n\n<p>Because actual numbers vary by region and pricing updates, use:\n&#8211; OCI Cost Estimator: https:\/\/www.oracle.com\/cloud\/costestimator.html<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example production cost considerations<\/h3>\n\n\n\n<p>In production, you might run:\n&#8211; Hourly inventory in multiple regions\n&#8211; Exports to Object Storage + a database\n&#8211; SIEM integration\n&#8211; More detailed downstream API enrichment<\/p>\n\n\n\n<p>Cost focus areas:\n&#8211; Automation runtime\n&#8211; Data retention and storage class\n&#8211; SIEM ingestion fees (often external)\n&#8211; Network egress (if exporting outside OCI)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n<p>This lab walks you through using <strong>Oracle Cloud Search<\/strong> to find resources by <strong>type<\/strong> and <strong>tags<\/strong>, using both the <strong>OCI Console<\/strong> and <strong>OCI CLI<\/strong>. The lab is designed to be low-risk and low-cost by using primarily control-plane resources (VCN and tags). Always confirm any cost implications in your tenancy.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Objective<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Create a small, identifiable resource (a VCN) and tag it.<\/li>\n<li>Use <strong>Search<\/strong> to find the resource:\n   &#8211; In the OCI Console\n   &#8211; Using the OCI CLI structured search command<\/li>\n<li>Validate results and learn common troubleshooting steps.<\/li>\n<li>Clean up created resources.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Lab Overview<\/h3>\n\n\n\n<p>You will:\n&#8211; (Optional) Create a dedicated compartment for the lab\n&#8211; Create a <strong>tag namespace<\/strong> and <strong>defined tag<\/strong>\n&#8211; Create a <strong>VCN<\/strong> (Virtual Cloud Network) and apply the defined tag\n&#8211; Query Search using:\n  &#8211; Console Search\n  &#8211; CLI structured search\n&#8211; Clean up: delete the VCN and tags\/compartment (if created)<\/p>\n\n\n\n<blockquote>\n<p>If you do not have permission to create compartments or tag namespaces, you can still complete most of the lab by:\n&#8211; Using an existing compartment\n&#8211; Using freeform tags (if allowed), or skipping tag creation and searching by resource type\/name<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Confirm region and select (or create) a compartment<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">Option A (recommended): Create a lab compartment (requires elevated permissions)<\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In the OCI Console, open the navigation menu.<\/li>\n<li>Go to <strong>Identity &amp; Security<\/strong> \u2192 <strong>Compartments<\/strong>.<\/li>\n<li>Click <strong>Create Compartment<\/strong>.<\/li>\n<li>Name it: <code>lab-search<\/code><\/li>\n<li>Description: <code>Lab compartment for Search tutorial<\/code><\/li>\n<li>Choose the parent compartment (often the root compartment).<\/li>\n<li>Click <strong>Create Compartment<\/strong>.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; A new compartment <code>lab-search<\/code> exists and is in <strong>Active<\/strong> state.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Option B: Use an existing compartment<\/h4>\n\n\n\n<p>Pick a compartment where you have permission to create networking resources.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; You can open the compartment and view its OCID (useful later).<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Create a defined tag (namespace + key)<\/h3>\n\n\n\n<p>Defined tags are best practice for governance because they are consistent and centrally managed.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to <strong>Governance &amp; Administration<\/strong> \u2192 <strong>Tag Namespaces<\/strong> (wording may vary by Console layout).<\/li>\n<li>Click <strong>Create Tag Namespace<\/strong>:\n   &#8211; Name: <code>Lab<\/code>\n   &#8211; Description: <code>Lab tags for Search tutorial<\/code><\/li>\n<li>Open the <code>Lab<\/code> namespace and click <strong>Create Tag Key<\/strong>:\n   &#8211; Tag Key Name: <code>Project<\/code>\n   &#8211; (If there is a choice for value type, pick a simple string type if prompted; exact options may vary\u2014<strong>verify in Console<\/strong>.)<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; You have a defined tag <code>Lab.Project<\/code>.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; You can see the namespace and key listed in the Console.<\/p>\n\n\n\n<p><strong>Common issue<\/strong>\n&#8211; If you don\u2019t have permission: you may see authorization errors. In that case:\n  &#8211; Skip defined tags and use <strong>freeform tags<\/strong> later, or\n  &#8211; Ask an admin to create the namespace\/key and grant you permission to use it.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Create a VCN and apply the tag<\/h3>\n\n\n\n<p>A VCN is a good lab resource because it\u2019s common, easy to identify, and typically low cost (confirm pricing in your environment).<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to <strong>Networking<\/strong> \u2192 <strong>Virtual Cloud Networks<\/strong>.<\/li>\n<li>Ensure you\u2019re in the correct compartment (for example, <code>lab-search<\/code>).<\/li>\n<li>Click <strong>Create VCN<\/strong>.<\/li>\n<li>Choose <strong>VCN with Internet Connectivity<\/strong> or <strong>VCN with Custom CIDR<\/strong> (either is fine for search purposes).<\/li>\n<li>Name: <code>vcn-search-lab<\/code><\/li>\n<li>When prompted for tags:\n   &#8211; <strong>Defined tags<\/strong>: set <code>Lab.Project = search-tutorial<\/code>\n   &#8211; (Optional) <strong>Freeform tags<\/strong>: <code>purpose=search-lab<\/code><\/li>\n<li>Create the VCN.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; VCN <code>vcn-search-lab<\/code> exists.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; Open the VCN details page and confirm:\n  &#8211; Display name\n  &#8211; Compartment\n  &#8211; Tags applied<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 4: Use Search in the OCI Console<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Open <strong>Search<\/strong> in the OCI Console navigation menu (Observability &amp; Management category placement can vary by Console).<\/li>\n<li>Use a structured search query to find the VCN.<\/li>\n<\/ol>\n\n\n\n<p><strong>Example queries (validate syntax in your Console help)<\/strong>\nTry one of the following patterns:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>By resource type (VCN):<\/li>\n<li><code>query vcn resources<\/code><\/li>\n<li>By tag (defined tag):<\/li>\n<li><code>query vcn resources where definedTags.namespace = 'Lab'<\/code><\/li>\n<li>By tag key\/value (typical intent):<\/li>\n<li><code>query vcn resources where definedTags.Lab.Project = 'search-tutorial'<\/code><\/li>\n<\/ul>\n\n\n\n<blockquote>\n<p>Query syntax can be strict (quoting, field names, capitalization). If a query errors, use the Console\u2019s query hints\/help, and cross-check the official docs:\nhttps:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Search\/Concepts\/overview.htm<\/p>\n<\/blockquote>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; The results list includes <code>vcn-search-lab<\/code>.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; Click the result and confirm it links to the correct VCN OCID\/details.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 5: Use Search with OCI CLI (structured search)<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">5.1 Install and configure OCI CLI (if not already)<\/h4>\n\n\n\n<p>Follow the official installation guide:<br\/>\nhttps:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/SDKDocs\/cliinstall.htm<\/p>\n\n\n\n<p>After installation, configure:<\/p>\n\n\n\n<pre><code class=\"language-bash\">oci setup config\n<\/code><\/pre>\n\n\n\n<p>You\u2019ll need:\n&#8211; Tenancy OCID\n&#8211; User OCID\n&#8211; Region\n&#8211; API key (generated and uploaded to your user)<\/p>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; <code>~\/.oci\/config<\/code> exists and CLI commands authenticate successfully.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\nTry:<\/p>\n\n\n\n<pre><code class=\"language-bash\">oci iam region list --output table\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">5.2 Run a structured search query<\/h4>\n\n\n\n<p>The OCI CLI includes Search commands. The exact command group can vary by CLI version, but commonly follows this pattern:<\/p>\n\n\n\n<pre><code class=\"language-bash\">oci search resource structured-search --query-text \"query vcn resources\"\n<\/code><\/pre>\n\n\n\n<p>If you want to narrow by compartment, you can either:\n&#8211; Add a <code>where<\/code> clause (if supported by your query syntax), and\/or\n&#8211; Filter locally after retrieval<\/p>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; The command returns JSON including matching VCNs.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\nLook for:\n&#8211; <code>display-name<\/code> or <code>displayName<\/code> matching <code>vcn-search-lab<\/code>\n&#8211; <code>identifier<\/code> or <code>ocid<\/code> of the VCN<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">5.3 Useful CLI output formatting<\/h4>\n\n\n\n<p>To view in a table-like form, you can use <code>--query<\/code> (JMESPath) and <code>--output table<\/code>:<\/p>\n\n\n\n<pre><code class=\"language-bash\">oci search resource structured-search \\\n  --query-text \"query vcn resources\" \\\n  --query \"data.items[].{name:\\\"display-name\\\", ocid:identifier, compartment:compartment-id}\" \\\n  --output table\n<\/code><\/pre>\n\n\n\n<blockquote>\n<p>Field names in CLI output can vary (hyphenated vs camelCase). If this query fails, run without <code>--query<\/code> first and inspect the returned structure.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 6 (Optional): Automate with Python SDK (mini example)<\/h3>\n\n\n\n<p>If you prefer SDK-based automation, OCI provides SDKs. Python example (verify module names with current SDK docs):<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Install SDK:<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">python3 -m pip install oci\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\">\n<li>Create <code>search_vcn.py<\/code>:<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-python\">import oci\nfrom oci.resource_search import ResourceSearchClient\nfrom oci.resource_search.models import StructuredSearchDetails\n\nconfig = oci.config.from_file()  # reads ~\/.oci\/config\nclient = ResourceSearchClient(config)\n\nquery = \"query vcn resources\"\ndetails = StructuredSearchDetails(query=query)\n\nresp = client.search_resources(details)\n\nfor item in resp.data.items:\n    # item fields vary by resource type; display_name is commonly present\n    print(item.display_name, item.identifier, item.compartment_id)\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\">\n<li>Run:<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">python3 search_vcn.py\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; Prints VCN display names and OCIDs, including <code>vcn-search-lab<\/code>.<\/p>\n\n\n\n<blockquote>\n<p>If imports fail, check the current OCI Python SDK docs and Search API model names. SDK packages evolve\u2014<strong>verify in official SDK docs<\/strong>.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Validation<\/h3>\n\n\n\n<p>Use this checklist:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>VCN exists<\/strong> and has tags:\n   &#8211; Console \u2192 Networking \u2192 VCNs \u2192 <code>vcn-search-lab<\/code><\/li>\n<li><strong>Console Search finds it<\/strong>:\n   &#8211; Search results include <code>vcn-search-lab<\/code><\/li>\n<li><strong>CLI Search finds it<\/strong>:\n   &#8211; <code>oci search resource structured-search --query-text \"query vcn resources\"<\/code> returns it<\/li>\n<li><strong>IAM constraints behave as expected<\/strong>:\n   &#8211; If you remove access to the compartment (in a test environment), it should no longer appear<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Troubleshooting<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">Problem: \u201cNotAuthorizedOrNotFound\u201d or empty results<\/h4>\n\n\n\n<p>Likely causes:\n&#8211; You don\u2019t have permission to read the target compartment\/resources.\n&#8211; You are searching in a region where the resource doesn\u2019t exist (for regional resources).\n&#8211; The resource was created recently and is not yet indexed.<\/p>\n\n\n\n<p>Fixes:\n&#8211; Confirm IAM policies for your group.\n&#8211; Confirm the Console\/CLI region setting.\n&#8211; Wait a few minutes and retry (indexing delay), then verify in official docs whether indexing is near-real-time.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Problem: Query syntax errors<\/h4>\n\n\n\n<p>Likely causes:\n&#8211; Incorrect field names or quoting.\n&#8211; Using a tag field format not supported in your tenancy\/CLI version.<\/p>\n\n\n\n<p>Fixes:\n&#8211; Start with a minimal query: <code>query vcn resources<\/code>\n&#8211; Then add one filter at a time.\n&#8211; Use official query language references (Search docs):<br\/>\n  https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Search\/Concepts\/overview.htm<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Problem: CLI <code>--query<\/code> JMESPath errors<\/h4>\n\n\n\n<p>Likely causes:\n&#8211; Output field names differ from what you assumed.<\/p>\n\n\n\n<p>Fix:\n&#8211; Run the command without <code>--query<\/code>, inspect the JSON fields, then adjust.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Problem: You can find the resource in the service page but not via Search<\/h4>\n\n\n\n<p>Possible causes:\n&#8211; Index lag\n&#8211; Region mismatch\n&#8211; Resource type not indexed the way you expect (rare but possible)<\/p>\n\n\n\n<p>Fix:\n&#8211; Verify indexing behavior and supported resource types in official docs.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Cleanup<\/h3>\n\n\n\n<p>To avoid clutter (and potential costs in broader labs), clean up what you created.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p>Delete the VCN:\n   &#8211; Console \u2192 Networking \u2192 Virtual Cloud Networks\n   &#8211; Select <code>vcn-search-lab<\/code> \u2192 <strong>Terminate<\/strong> \/ <strong>Delete<\/strong> (Console wording varies)\n   &#8211; If deletion fails due to dependencies, delete dependent resources first (subnets, gateways, route tables, etc.), or use the VCN delete workflow that removes dependencies.<\/p>\n<\/li>\n<li>\n<p>Delete the defined tag key\/namespace (optional):\n   &#8211; Governance &amp; Administration \u2192 Tag Namespaces\n   &#8211; Remove tag keys, then the namespace<br\/>\n   &#8211; Some organizations restrict tag deletion; follow your governance process.<\/p>\n<\/li>\n<li>\n<p>Delete the compartment (optional, if created):\n   &#8211; Identity \u2192 Compartments \u2192 <code>lab-search<\/code> \u2192 <strong>Delete<\/strong>\n   &#8211; Note: compartment deletion in OCI typically requires all resources inside to be deleted first and may take time.<\/p>\n<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">11. Best Practices<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Architecture best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Treat Search as your <strong>inventory front door<\/strong>, but keep authoritative configuration checks with service-specific APIs or policy tooling.<\/li>\n<li>For multi-region inventories, design a <strong>region iteration loop<\/strong> and merge results.<\/li>\n<li>Store inventory snapshots with timestamps for trend analysis and audit evidence.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">IAM\/security best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use <strong>least privilege<\/strong>:<\/li>\n<li>Grant read access only to compartments\/resource families needed.<\/li>\n<li>Avoid tenancy-wide read unless the role truly requires it (platform ops, security).<\/li>\n<li>Prefer <strong>dynamic groups + instance principals<\/strong> for scheduled inventory jobs running on OCI.<\/li>\n<li>Audit who is running broad queries across the tenancy (Audit + internal controls).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cost best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Don\u2019t run inventory too frequently.<\/li>\n<li>Export only the fields you need (reduce downstream processing).<\/li>\n<li>Apply lifecycle policies to inventory exports in Object Storage.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Performance best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use structured queries that narrow results early (resource type + filters).<\/li>\n<li>Implement pagination and backoff in scripts.<\/li>\n<li>Cache results for interactive tools when appropriate (with clear staleness expectations).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Reliability best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Treat Search as a dependency: handle API errors and timeouts gracefully.<\/li>\n<li>Implement retries with exponential backoff.<\/li>\n<li>For scheduled jobs, track last successful run and alert on failures.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operations best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Log every inventory run:<\/li>\n<li>query text (or a hashed identifier if sensitive)<\/li>\n<li>region<\/li>\n<li>result count<\/li>\n<li>duration<\/li>\n<li>errors<\/li>\n<li>Version-control your query set (queries-as-code).<\/li>\n<li>Use consistent naming\/tagging standards so queries remain stable.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Governance\/tagging\/naming best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Standardize defined tag namespaces (Owner, CostCenter, Environment, DataClassification).<\/li>\n<li>Require tags via policy\/guidance and monitor compliance via Search queries.<\/li>\n<li>Use consistent resource naming conventions; even basic prefixing makes free-text discovery easier.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">12. Security Considerations<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Identity and access model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Search uses <strong>OCI IAM<\/strong> for authentication and authorization.<\/li>\n<li>Users\/scripts can only see resources they are allowed to read\/inspect.<\/li>\n<li>Broad inventory access can be sensitive; treat it like a privileged capability.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Encryption<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Search is a managed control-plane service; transport security is via HTTPS to OCI endpoints.<\/li>\n<li>For any exported inventory data you store (Object Storage, DB), enable encryption (default encryption is typical in OCI storage services; verify settings and requirements).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network exposure<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Search API endpoints are typically accessed over OCI public endpoints.<\/li>\n<li>If you have strict network controls:<\/li>\n<li>Run automation within OCI and restrict outbound access.<\/li>\n<li>Review OCI guidance for private access patterns and verify Search endpoint support in your region.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secrets handling<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Avoid embedding API keys in code repositories.<\/li>\n<li>Use instance principals\/dynamic groups where possible for OCI-native automation.<\/li>\n<li>If you must use API keys:<\/li>\n<li>store securely (vault\/secret manager)<\/li>\n<li>rotate keys<\/li>\n<li>restrict user permissions<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Audit\/logging<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use <strong>OCI Audit<\/strong> to track Search API usage (verify Audit coverage for Search actions in your tenancy).<\/li>\n<li>Log inventory job operations to OCI Logging with retention rules.<\/li>\n<li>Keep exported inventories protected; inventories can reveal sensitive topology and asset names.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compliance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Inventory data can be sensitive (asset lists, naming conventions, compartment structure).<\/li>\n<li>Apply access controls and retention policies to exported data.<\/li>\n<li>In regulated environments, treat inventories as part of your security evidence and protect accordingly.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Common security mistakes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Granting tenancy-wide read access to broad groups \u201cfor convenience.\u201d<\/li>\n<li>Exporting inventories to public buckets or unsecured external endpoints.<\/li>\n<li>Storing API keys in plaintext on shared servers.<\/li>\n<li>Treating Search results as complete security posture assessment (it\u2019s discovery, not full posture evaluation).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secure deployment recommendations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use a dedicated automation identity with least privilege.<\/li>\n<li>Segment compartments and restrict who can run tenancy-wide queries.<\/li>\n<li>Store exports in private buckets with strict IAM and audit logging.<\/li>\n<li>Document and review your inventory queries as part of change control.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">13. Limitations and Gotchas<\/h2>\n\n\n\n<p>Because OCI services evolve, confirm current specifics in official docs. Common gotchas include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Indexing delay<\/strong>: New or updated resources might not appear instantly.<\/li>\n<li><strong>Region sensitivity<\/strong>: Some resources are regional; an inventory may require querying multiple regions.<\/li>\n<li><strong>IAM visibility constraints<\/strong>: If you can\u2019t see it, Search won\u2019t return it.<\/li>\n<li><strong>Query language strictness<\/strong>: Field names and quoting must match the query language requirements.<\/li>\n<li><strong>Pagination<\/strong>: Large tenancies require pagination logic; otherwise you will only see a subset.<\/li>\n<li><strong>Resource coverage<\/strong>: Not every attribute of every service is necessarily searchable; Search targets key metadata fields.<\/li>\n<li><strong>Console vs API differences<\/strong>: Console convenience features may not map 1:1 to API parameters.<\/li>\n<li><strong>Unexpected empties<\/strong>: Often caused by compartment scope, region selection, or missing permissions.<\/li>\n<li><strong>Downstream enrichment costs<\/strong>: Using Search to find resources then calling many service APIs can increase runtime and operational overhead.<\/li>\n<li><strong>Tag inconsistencies<\/strong>: Poor tag hygiene makes Search results unreliable for governance.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">14. Comparison with Alternatives<\/h2>\n\n\n\n<p>Search is best compared to other <strong>cloud resource discovery<\/strong> services and to inventory\/CMDB approaches.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Alternatives inside Oracle Cloud<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OCI Resource Manager (Terraform)<\/strong> state as inventory (only what Terraform manages)<\/li>\n<li><strong>OCI Cloud Guard<\/strong> (security posture, detectors, problems; not a generic inventory query engine)<\/li>\n<li><strong>OCI Logging Search<\/strong> (search within logs; different domain)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Alternatives in other clouds<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>AWS Resource Explorer<\/strong> (resource discovery)<\/li>\n<li><strong>Azure Resource Graph<\/strong> (query resources with KQL-like experience)<\/li>\n<li><strong>Google Cloud Asset Inventory<\/strong> (asset metadata inventory and export)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Open-source\/self-managed alternatives<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CMDB + collector scripts (custom)<\/li>\n<li>Terraform state + drift tooling<\/li>\n<li>CloudQuery \/ Steampipe (SQL-style inventory across clouds)<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Comparison table<\/h4>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Option<\/th>\n<th>Best For<\/th>\n<th>Strengths<\/th>\n<th>Weaknesses<\/th>\n<th>When to Choose<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Oracle Cloud Search<\/strong><\/td>\n<td>OCI resource discovery and governance queries<\/td>\n<td>Native, permission-aware, API\/CLI-friendly, integrates with tags\/compartments<\/td>\n<td>Not a content\/log search engine; indexing\/coverage constraints; multi-region inventory may require iteration<\/td>\n<td>You need OCI-native inventory and filtering by metadata\/tags<\/td>\n<\/tr>\n<tr>\n<td>OCI Cloud Guard<\/td>\n<td>Security posture and threat detection<\/td>\n<td>Detectors, security findings, posture focus<\/td>\n<td>Not designed as a general-purpose inventory query tool<\/td>\n<td>You want security findings and remediation workflows, and use Search as a supporting discovery tool<\/td>\n<\/tr>\n<tr>\n<td>OCI Logging Search<\/td>\n<td>Searching log events<\/td>\n<td>Deep log analytics\/search<\/td>\n<td>Not for resource inventory<\/td>\n<td>You need to investigate logs, not list resources<\/td>\n<\/tr>\n<tr>\n<td>AWS Resource Explorer<\/td>\n<td>AWS asset discovery<\/td>\n<td>Centralized resource search across AWS<\/td>\n<td>AWS-only; different query semantics<\/td>\n<td>You are on AWS and need similar inventory<\/td>\n<\/tr>\n<tr>\n<td>Azure Resource Graph<\/td>\n<td>Azure inventory at scale<\/td>\n<td>Powerful query engine for Azure resources<\/td>\n<td>Azure-only; different permissions model<\/td>\n<td>You need fleet inventory across Azure subscriptions<\/td>\n<\/tr>\n<tr>\n<td>GCP Cloud Asset Inventory<\/td>\n<td>GCP asset inventory\/export<\/td>\n<td>Exportable asset snapshots<\/td>\n<td>GCP-only; different query patterns<\/td>\n<td>You need asset inventory and history in GCP<\/td>\n<\/tr>\n<tr>\n<td>Steampipe \/ CloudQuery<\/td>\n<td>Multi-cloud inventory with SQL<\/td>\n<td>Flexible queries, multi-cloud<\/td>\n<td>Requires deployment\/ops; not OCI-native<\/td>\n<td>You need a single inventory layer across multiple providers<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">15. Real-World Example<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Enterprise example: regulated multi-compartment governance and audit readiness<\/h3>\n\n\n\n<p><strong>Problem<\/strong><br\/>\nA financial services company has hundreds of OCI compartments across business units. Auditors require evidence of:\n&#8211; asset inventory completeness\n&#8211; ownership tagging\n&#8211; separation of prod vs non-prod resources<\/p>\n\n\n\n<p><strong>Proposed architecture<\/strong>\n&#8211; Scheduled inventory job runs daily per region:\n  &#8211; Uses dynamic group + instance principal for authentication\n  &#8211; Executes Search structured queries for critical resource types\n  &#8211; Exports results to Object Storage (private bucket)\n  &#8211; Pushes summarized counts to a governance dashboard\n&#8211; Audit and access reviews:\n  &#8211; OCI Audit tracks who runs broad inventory queries\n  &#8211; IAM restricts Search usage to platform\/security roles<\/p>\n\n\n\n<p><strong>Why Search was chosen<\/strong>\n&#8211; Native OCI integration\n&#8211; Query-based inventory across compartments\n&#8211; Tag-based filtering for ownership and classification<\/p>\n\n\n\n<p><strong>Expected outcomes<\/strong>\n&#8211; Repeatable evidence for audits\n&#8211; Early detection of untagged or mis-scoped resources\n&#8211; Reduced manual inventory effort and faster investigations<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Startup\/small-team example: cost cleanup and operational clarity<\/h3>\n\n\n\n<p><strong>Problem<\/strong><br\/>\nA startup iterates quickly and frequently creates temporary environments. Resources are left behind, causing confusion and cost.<\/p>\n\n\n\n<p><strong>Proposed architecture<\/strong>\n&#8211; Simple nightly script:\n  &#8211; Runs <code>structured-search<\/code> for resources tagged <code>env=dev<\/code> or <code>owner=team-x<\/code>\n  &#8211; Flags resources older than a threshold (where metadata supports age checks; otherwise use external tracking)\n  &#8211; Posts a summary to Slack\/ChatOps\n&#8211; Optional: weekly cleanup approval workflow<\/p>\n\n\n\n<p><strong>Why Search was chosen<\/strong>\n&#8211; Low operational overhead (no inventory database required initially)\n&#8211; Works well with consistent tags and naming\n&#8211; Easy to integrate into scripts via CLI<\/p>\n\n\n\n<p><strong>Expected outcomes<\/strong>\n&#8211; Lower cloud spend from fewer orphaned resources\n&#8211; Faster environment troubleshooting\n&#8211; Better hygiene (tagging discipline improves because it\u2019s measured)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">16. FAQ<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1) Is Oracle Cloud Search the same as searching logs?<\/h3>\n\n\n\n<p>No. <strong>Search<\/strong> (Resource Search) is for <strong>resource metadata discovery<\/strong> (instances, VCNs, buckets, etc.). Log searching is typically done with <strong>OCI Logging<\/strong> search features.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2) Does Search return resources across my whole tenancy?<\/h3>\n\n\n\n<p>It can, but only within the scope of your <strong>IAM permissions<\/strong>, and behavior can be region-influenced for regional resources. For full inventories, many teams query <strong>each region<\/strong> and merge results.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3) Do I need to enable or provision Search?<\/h3>\n\n\n\n<p>Typically, no separate provisioning is required; it\u2019s available in the Console and via API\/CLI. Confirm in your tenancy and region.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">4) Can Search find resources in compartments I can\u2019t access?<\/h3>\n\n\n\n<p>No. Search is <strong>permission-aware<\/strong> and does not bypass IAM.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">5) How accurate is Search?<\/h3>\n\n\n\n<p>It is generally reliable for discovery, but expect possible <strong>indexing delays<\/strong> and verify edge cases for specific services\/resource types.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">6) Can I search by tags?<\/h3>\n\n\n\n<p>Yes, tag-based discovery is a primary use. Exact query syntax depends on the Search query language and your tagging structure\u2014verify in official docs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">7) Can I use Search to find misconfigured resources (like public buckets)?<\/h3>\n\n\n\n<p>Search can help <strong>discover candidates<\/strong> (by resource type and metadata fields that are indexed), but you may need <strong>service-specific APIs<\/strong> to confirm configuration details.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">8) Is Search free?<\/h3>\n\n\n\n<p>Oracle does not commonly publish Search as a separately priced service. Treat it as generally \u201cincluded,\u201d but <strong>verify using official pricing resources<\/strong> for your account\/region.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">9) What\u2019s the difference between structured search and free-text search?<\/h3>\n\n\n\n<p>Structured search uses a query language with explicit fields and filters. Free-text search is keyword-based and generally less precise.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">10) How do I export Search results?<\/h3>\n\n\n\n<p>Use CLI\/SDK\/REST to retrieve results as JSON, then store them (Object Storage, database, etc.). Implement pagination for large inventories.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">11) Why do my CLI results differ from the Console?<\/h3>\n\n\n\n<p>Common causes:\n&#8211; Different region selection\n&#8211; Different identity\/profile used by CLI\n&#8211; Query syntax differences (Console helpers vs raw CLI)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">12) How do I run Search from an OCI instance without API keys?<\/h3>\n\n\n\n<p>Use <strong>instance principals<\/strong> (dynamic groups + policies) where possible. Verify the required setup in official IAM documentation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">13) Does Search provide historical inventory?<\/h3>\n\n\n\n<p>Search is primarily for current discovery. For history, you must <strong>store snapshots<\/strong> externally (Object Storage\/DB) or use additional governance tooling.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">14) Are all OCI resource types supported?<\/h3>\n\n\n\n<p>Coverage is broad, but not necessarily universal for every attribute and service. Check official docs and test queries for your required services.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">15) What\u2019s the best way to build a multi-region inventory?<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Maintain a region list<\/li>\n<li>Run the same query set per region<\/li>\n<li>Normalize results (resource type, OCID, compartment, tags)<\/li>\n<li>Store snapshots with timestamps<\/li>\n<li>Add retry\/backoff and pagination<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">16) How do I avoid returning too many results?<\/h3>\n\n\n\n<p>Start with:\n&#8211; A specific resource type (rather than \u201call resources\u201d)\n&#8211; Compartment filters (if supported)\n&#8211; Tag filters<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">17) Can I use Search as a CMDB?<\/h3>\n\n\n\n<p>Search is not a CMDB by itself, but it can <strong>feed<\/strong> a CMDB with periodic exports.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">17. Top Online Resources to Learn Search<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Resource Type<\/th>\n<th>Name<\/th>\n<th>Why It Is Useful<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Official documentation<\/td>\n<td>OCI Search overview<\/td>\n<td>Canonical description of what Search is and how it behaves: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Search\/Concepts\/overview.htm<\/td>\n<\/tr>\n<tr>\n<td>Official API reference<\/td>\n<td>OCI Search API (REST)<\/td>\n<td>Endpoint details, request\/response models, pagination: https:\/\/docs.oracle.com\/en-us\/iaas\/api\/#\/en\/search\/<\/td>\n<\/tr>\n<tr>\n<td>Official CLI documentation<\/td>\n<td>OCI CLI installation<\/td>\n<td>Install and configure CLI for labs and automation: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/SDKDocs\/cliinstall.htm<\/td>\n<\/tr>\n<tr>\n<td>Official CLI command reference<\/td>\n<td>OCI CLI <code>search<\/code> commands<\/td>\n<td>How to run structured\/free-text search via CLI (verify current command syntax): https:\/\/docs.oracle.com\/en-us\/iaas\/tools\/oci-cli\/latest\/<\/td>\n<\/tr>\n<tr>\n<td>Official pricing<\/td>\n<td>Oracle Cloud Pricing<\/td>\n<td>Confirm whether Search has direct pricing and understand indirect costs: https:\/\/www.oracle.com\/cloud\/pricing\/<\/td>\n<\/tr>\n<tr>\n<td>Official cost estimation<\/td>\n<td>OCI Cost Estimator<\/td>\n<td>Estimate costs for automation runtimes, storage exports, and logging: https:\/\/www.oracle.com\/cloud\/costestimator.html<\/td>\n<\/tr>\n<tr>\n<td>Always Free<\/td>\n<td>Oracle Cloud Free Tier<\/td>\n<td>Understand eligibility and free services (verify current program): https:\/\/www.oracle.com\/cloud\/free\/<\/td>\n<\/tr>\n<tr>\n<td>IAM fundamentals<\/td>\n<td>OCI IAM docs<\/td>\n<td>Required for permissions, dynamic groups, least privilege (entry point): https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/home.htm<\/td>\n<\/tr>\n<tr>\n<td>Service limits<\/td>\n<td>OCI Service Limits<\/td>\n<td>Plan for quotas\/rate limits\/pagination constraints: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/General\/Concepts\/servicelimits.htm<\/td>\n<\/tr>\n<tr>\n<td>Architecture patterns<\/td>\n<td>Oracle Architecture Center<\/td>\n<td>Reference architectures for governance\/ops patterns (browse and adapt): https:\/\/www.oracle.com\/cloud\/architecture-center\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">18. Training and Certification Providers<\/h2>\n\n\n\n<p>The following institutes are listed as training providers\/resources. Verify current course offerings, delivery modes, and syllabi on their websites.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Institute<\/th>\n<th>Suitable Audience<\/th>\n<th>Likely Learning Focus<\/th>\n<th>Mode<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>DevOps engineers, SREs, platform teams<\/td>\n<td>OCI operations, DevOps practices, automation fundamentals<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>ScmGalaxy.com<\/td>\n<td>Beginners to intermediate DevOps learners<\/td>\n<td>SCM\/DevOps foundations, cloud operations concepts<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.scmgalaxy.com\/<\/td>\n<\/tr>\n<tr>\n<td>CLoudOpsNow.in<\/td>\n<td>Cloud engineers and operations teams<\/td>\n<td>Cloud ops, monitoring\/observability, operational readiness<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.cloudopsnow.in\/<\/td>\n<\/tr>\n<tr>\n<td>SreSchool.com<\/td>\n<td>SREs and reliability-focused engineers<\/td>\n<td>SRE practices, incident response, observability patterns<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.sreschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>AiOpsSchool.com<\/td>\n<td>Ops teams exploring AIOps<\/td>\n<td>AIOps concepts, automation, event correlation<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.aiopsschool.com\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">19. Top Trainers<\/h2>\n\n\n\n<p>These trainer-related sites can be used as learning resources. Verify current OCI\/Search-specific coverage on each site.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Platform\/Site<\/th>\n<th>Likely Specialization<\/th>\n<th>Suitable Audience<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>RajeshKumar.xyz<\/td>\n<td>DevOps\/cloud training content<\/td>\n<td>Engineers seeking practical training and guidance<\/td>\n<td>https:\/\/rajeshkumar.xyz\/<\/td>\n<\/tr>\n<tr>\n<td>devopstrainer.in<\/td>\n<td>DevOps tools and cloud training<\/td>\n<td>Beginners to intermediate DevOps practitioners<\/td>\n<td>https:\/\/www.devopstrainer.in\/<\/td>\n<\/tr>\n<tr>\n<td>devopsfreelancer.com<\/td>\n<td>Freelance DevOps consulting\/training<\/td>\n<td>Teams needing hands-on support and coaching<\/td>\n<td>https:\/\/www.devopsfreelancer.com\/<\/td>\n<\/tr>\n<tr>\n<td>devopssupport.in<\/td>\n<td>DevOps support and mentoring<\/td>\n<td>Ops teams needing troubleshooting-oriented learning<\/td>\n<td>https:\/\/www.devopssupport.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">20. Top Consulting Companies<\/h2>\n\n\n\n<p>These organizations may provide consulting services. Validate exact service catalogs, references, and engagement models directly with the providers.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Company<\/th>\n<th>Likely Service Area<\/th>\n<th>Where They May Help<\/th>\n<th>Consulting Use Case Examples<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>cotocus.com<\/td>\n<td>Cloud\/DevOps engineering services<\/td>\n<td>Cloud adoption, ops automation, platform reliability<\/td>\n<td>Build inventory automation using OCI Search; implement tagging governance reports<\/td>\n<td>https:\/\/cotocus.com\/<\/td>\n<\/tr>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>DevOps\/cloud consulting and training<\/td>\n<td>DevOps transformation, CI\/CD, cloud operations<\/td>\n<td>Design an OCI governance model; implement scheduled Search-based inventory and cleanup<\/td>\n<td>https:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>DEVOPSCONSULTING.IN<\/td>\n<td>DevOps and operations consulting<\/td>\n<td>Tooling integration, automation, operational maturity<\/td>\n<td>Integrate OCI Search outputs with CMDB\/ticketing; implement least-privilege IAM for ops automation<\/td>\n<td>https:\/\/www.devopsconsulting.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">21. Career and Learning Roadmap<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn before Search<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI fundamentals:<\/li>\n<li>Tenancy, compartments, regions<\/li>\n<li>OCIDs and resource lifecycle<\/li>\n<li>OCI IAM:<\/li>\n<li>Users, groups, policies<\/li>\n<li>Dynamic groups and principals (for automation)<\/li>\n<li>Tagging strategy:<\/li>\n<li>Defined tags vs freeform tags<\/li>\n<li>Governance and naming conventions<\/li>\n<li>OCI CLI basics:<\/li>\n<li>Authentication config<\/li>\n<li>Output formatting and pagination patterns<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn after Search<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Governance and security:<\/li>\n<li>OCI Cloud Guard concepts<\/li>\n<li>Security Zones (if applicable)<\/li>\n<li>Audit review patterns<\/li>\n<li>Automation patterns:<\/li>\n<li>OCI Functions and Events (event-driven operations)<\/li>\n<li>CI\/CD pipelines for ops scripts<\/li>\n<li>Observability:<\/li>\n<li>OCI Logging, Monitoring, Alarms<\/li>\n<li>Centralized log retention and alerting<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Job roles that use Search<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud Engineer \/ Cloud Operations Engineer<\/li>\n<li>DevOps Engineer<\/li>\n<li>Site Reliability Engineer (SRE)<\/li>\n<li>Cloud Security Engineer<\/li>\n<li>FinOps Analyst \/ Cloud Cost Engineer<\/li>\n<li>Solutions Architect \/ Platform Architect<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Certification path (if available)<\/h3>\n\n\n\n<p>Oracle certifications change over time. Search is typically a skill within broader OCI certs rather than a standalone certification topic. Start here and choose role-based paths:\n&#8211; Oracle Cloud Certifications: https:\/\/education.oracle.com\/oracle-cloud-infrastructure-certification<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Project ideas for practice<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Daily inventory exporter<\/strong>: run Search queries, store JSON snapshots in Object Storage, and generate a summary report.<\/li>\n<li><strong>Tag compliance checker<\/strong>: alert when resources are missing required tags.<\/li>\n<li><strong>Orphaned resource detector<\/strong>: find resources in \u201ctemporary\u201d compartments older than X days.<\/li>\n<li><strong>Multi-region inventory dashboard<\/strong>: merge region results and visualize counts by resource type and compartment.<\/li>\n<li><strong>Incident response helper<\/strong>: a script that takes a compartment OCID and prints all resources and key metadata.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">22. Glossary<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OCI (Oracle Cloud Infrastructure)<\/strong>: Oracle\u2019s public cloud platform.<\/li>\n<li><strong>Search (Resource Search)<\/strong>: OCI service for searching resource metadata across a tenancy.<\/li>\n<li><strong>Resource metadata<\/strong>: Control-plane information about resources (name, OCID, compartment, tags, lifecycle state).<\/li>\n<li><strong>OCID<\/strong>: Oracle Cloud Identifier, a unique identifier for OCI resources.<\/li>\n<li><strong>Compartment<\/strong>: A logical container for organizing and isolating OCI resources for access control and billing.<\/li>\n<li><strong>IAM<\/strong>: Identity and Access Management; controls authentication and authorization in OCI.<\/li>\n<li><strong>Defined tag<\/strong>: A centrally managed tag with a namespace and key; used for governance.<\/li>\n<li><strong>Freeform tag<\/strong>: A simple key\/value tag without a centrally enforced schema.<\/li>\n<li><strong>Structured search<\/strong>: Query-based search using a specific syntax and fields.<\/li>\n<li><strong>Free-text search<\/strong>: Keyword-based search (less strict, where supported).<\/li>\n<li><strong>Indexing delay<\/strong>: Time between resource creation\/update and its appearance in Search results.<\/li>\n<li><strong>Dynamic group<\/strong>: An OCI IAM construct that groups resources (like instances) for granting permissions.<\/li>\n<li><strong>Instance principal<\/strong>: An authentication method allowing an OCI compute instance to call OCI APIs without user API keys.<\/li>\n<li><strong>Pagination<\/strong>: Retrieving large API result sets across multiple requests using page tokens.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">23. Summary<\/h2>\n\n\n\n<p>Oracle Cloud <strong>Search<\/strong> (Resource Search) is a practical, operations-focused service in the <strong>Observability and Management<\/strong> domain that helps you <strong>discover and inventory OCI resources<\/strong> using structured queries across compartments (bounded by IAM permissions). It matters because real OCI environments grow quickly, and Search provides a centralized way to answer \u201cwhat do we have?\u201d without manually inspecting every service.<\/p>\n\n\n\n<p>From a cost perspective, Search is typically not a separately metered resource, but your <strong>automation runtime, logging, and data exports<\/strong> can drive indirect costs\u2014optimize cadence, retention, and downstream enrichment calls. From a security perspective, Search is powerful because it can expose broad inventories; apply <strong>least privilege<\/strong>, protect exported inventories, and review usage via <strong>Audit<\/strong>.<\/p>\n\n\n\n<p>Use Search when you need resource discovery, tag compliance checks, governance reporting, incident response inventory, or cleanup automation. Next step: build a small \u201cinventory-as-code\u201d script using OCI CLI\/SDK, store snapshots, and integrate with your operational dashboards and governance processes.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Observability and Management<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[75,62],"tags":[],"class_list":["post-968","post","type-post","status-publish","format-standard","hentry","category-observability-and-management","category-oracle-cloud"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/968","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=968"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/968\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=968"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=968"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=968"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}