ServiceNow - Events

-7d@d now Instance Endpoint * endpoint endpoint `itsi-cp-servicenow-indexes` sourcetype="snow:*" | top limit=20 endpoint -24h@h now *

`itsi-cp-servicenow-indexes` eventtype=snow_em_event endpoint=$Snow_Instance_Endpoint$ | stats dc(sys_id) by resource $time_picker.earliest$ $time_picker.latest$ visible visible linear linear pie gaps 0.01 default shiny all 0 ellipsisMiddle right progressbar `itsi-cp-servicenow-indexes` eventtype=snow_em_event endpoint=$Snow_Instance_Endpoint$ | stats count by sys_id type | top limit=4 type $time_picker.earliest$ $time_picker.latest$ visible visible linear linear bar gaps 0.01 default shiny all 0 ellipsisMiddle right ellipsisNone 0 visible false inherit 50 10 area `itsi-cp-servicenow-indexes` eventtype=snow_em_event endpoint=$Snow_Instance_Endpoint$ | stats count by sys_id severity_name | top limit=20 severity_name $time_picker.earliest$ $time_picker.latest$ visible visible linear linear pie connect 0.01 default shiny all 0 ellipsisMiddle right ellipsisNone 0 visible false inherit 50 10 area `itsi-cp-servicenow-indexes` eventtype=snow_em_event node != "NULL" endpoint=$Snow_Instance_Endpoint$ | timechart dc(sys_id) by node limit=10 $time_picker.earliest$ $time_picker.latest$ collapsed visible linear linear area connect 0.01 default shiny all 0 ellipsisMiddle right ellipsisNone 0 visible 0 inherit 50 10 area none 0 `itsi-cp-servicenow-indexes` eventtype=snow_em_event endpoint=$Snow_Instance_Endpoint$ | dedup sys_id|table description,type, resource, dv_state, sys_created_on|rename dv_state as status|rename sys_created_on as "create time" $time_picker.earliest$ $time_picker.latest$ nonecellprogressbarfalsetrue