{ "description": "", "earliest_time": "-4h", "focus_id": "da-itsi-cp-soar-splunk-app-for-soar-os-metrics", "is_named": true, "key": "da-itsi-cp-soar-splunk-app-for-soar-os-metrics", "lane_settings": [ { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "#333333", "graph_series": "SHKPI-da-itsi-cp-soar-splunk-app-for-soar-os-metrics", "graph_type": "line", "hide_graph": "no", "key": "lane-31524", "kpi_add_to_summary": "yes", "kpi_id": "SHKPI-da-itsi-cp-soar-splunk-app-for-soar-os-metrics", "kpi_service_id": "da-itsi-cp-soar-splunk-app-for-soar-os-metrics", "kpi_service_title": "Splunk app for SOAR - OS Metrics", "kpi_title": "ServiceHealthScore", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "kpi", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`get_full_itsi_summary_service_health_events(da-itsi-cp-soar-splunk-app-for-soar-os-metrics)` | timechart avg(health_score) AS aggregate", "search_source": "kpi", "subtitle": "Splunk app for SOAR - OS Metrics", "threshold_indication_enabled": "enabled", "threshold_indication_type": "stateIndication", "title": "ServiceHealthScore", "vertical_axis_boundary_type": "staticValue", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ 0, 100 ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "#333333", "graph_series": "da-itsi-cp-soar-726d93f19d4fdf862badc769", "graph_type": "line", "hide_graph": "no", "key": "lane-30684", "kpi_add_to_summary": "yes", "kpi_id": "da-itsi-cp-soar-726d93f19d4fdf862badc769", "kpi_service_id": "da-itsi-cp-soar-splunk-app-for-soar-os-metrics", "kpi_service_title": "Splunk app for SOAR - OS Metrics", "kpi_title": "CPU % Idle", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "yes", "metric": null, "overlay_type": "entity", "search": "`get_full_itsi_summary_kpi(da-itsi-cp-soar-726d93f19d4fdf862badc769)` indexed_is_service_aggregate::0 [search `get_full_itsi_summary_kpi(da-itsi-cp-soar-726d93f19d4fdf862badc769)` indexed_is_service_aggregate::0 | `escape_entity_key` | stats avg(alert_level) AS alert_level by entity_title, entity_key | sort 0 -alert_level | head 3 | fields + entity_title]| `escape_entity_key` | timechart avg(alert_value) as alert_value first(entity_id) as _entity_id by entity_title", "selected_entities": [ "5.3.0-cluster-HA", "5.3.0-cluster-N1", "5.3.0-cluster-N2" ], "selection_mode": "dynamic" }, "lane_size": "medium", "lane_type": "kpi", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`itsi-cp-soar-indexes` source=cpu CPU=all | search [ | rest splunk_server=local report_as=text service_id=da-itsi-cp-soar-splunk-app-for-soar-os-metrics kpi_id=da-itsi-cp-soar-726d93f19d4fdf862badc769 entity_id_fields=host entity_alias_filtering_fields=host search_type= search_type=adhoc \"/servicesNS/nobody/SA-ITOA/itoa_interface/generate_entity_filter\" | return $value ] | `aggregate_raw_into_entity_time_series(latest, pctIdle, \"host\", 5)` | `aggregate_entity_into_service_time_series(min, 5)` | `assess_severity(da-itsi-cp-soar-splunk-app-for-soar-os-metrics, da-itsi-cp-soar-726d93f19d4fdf862badc769)`", "search_source": "kpi", "subtitle": "Splunk app for SOAR - OS Metrics", "threshold_indication_enabled": "enabled", "threshold_indication_type": "stateIndication", "title": "CPU % Idle", "vertical_axis_boundary_type": "staticValue", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ 0, 100 ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "#333333", "graph_series": "da-itsi-cp-soar-6378a249677b9404537a86db", "graph_type": "line", "hide_graph": "no", "key": "lane-34084", "kpi_add_to_summary": "yes", "kpi_id": "da-itsi-cp-soar-6378a249677b9404537a86db", "kpi_service_id": "da-itsi-cp-soar-splunk-app-for-soar-os-metrics", "kpi_service_title": "Splunk app for SOAR - OS Metrics", "kpi_title": "Disk Latency (ms)", "kpi_unit": "ms", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "yes", "metric": null, "overlay_type": "entity", "search": "`get_full_itsi_summary_kpi(da-itsi-cp-soar-6378a249677b9404537a86db)` indexed_is_service_aggregate::0 [search `get_full_itsi_summary_kpi(da-itsi-cp-soar-6378a249677b9404537a86db)` indexed_is_service_aggregate::0 | `escape_entity_key` | stats avg(alert_level) AS alert_level by entity_title, entity_key | sort 0 -alert_level | head 3 | fields + entity_title]| `escape_entity_key` | timechart avg(alert_value) as alert_value first(entity_id) as _entity_id by entity_title", "selected_entities": [ "5.3.0-cluster-HA", "5.3.0-cluster-N1", "5.3.0-cluster-N2" ], "selection_mode": "dynamic" }, "lane_size": "medium", "lane_type": "kpi", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`itsi-cp-soar-indexes` sourcetype=iostat | eval hostdev=host.\":\".Device | search [ | rest splunk_server=local report_as=text service_id=da-itsi-cp-soar-splunk-app-for-soar-os-metrics kpi_id=da-itsi-cp-soar-6378a249677b9404537a86db entity_id_fields=host entity_alias_filtering_fields=host search_type= search_type=adhoc \"/servicesNS/nobody/SA-ITOA/itoa_interface/generate_entity_filter\" | return $value ] | `aggregate_raw_into_entity_time_series(latest, avgWaitMillis, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-soar-splunk-app-for-soar-os-metrics, da-itsi-cp-soar-6378a249677b9404537a86db)`", "search_source": "kpi", "subtitle": "Splunk app for SOAR - OS Metrics", "threshold_indication_enabled": "enabled", "threshold_indication_type": "stateIndication", "title": "Disk Latency (ms)", "vertical_axis_boundary_type": "staticValue", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ 0, 150 ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "#333333", "graph_series": "da-itsi-cp-soar-42cf1b995abf38abcd7e8fa4", "graph_type": "line", "hide_graph": "no", "key": "lane-33202", "kpi_add_to_summary": "yes", "kpi_id": "da-itsi-cp-soar-42cf1b995abf38abcd7e8fa4", "kpi_service_id": "da-itsi-cp-soar-splunk-app-for-soar-os-metrics", "kpi_service_title": "Splunk app for SOAR - OS Metrics", "kpi_title": "Free Disk MB /", "kpi_unit": "MB", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "yes", "metric": null, "overlay_type": "entity", "search": "`get_full_itsi_summary_kpi(da-itsi-cp-soar-42cf1b995abf38abcd7e8fa4)` indexed_is_service_aggregate::0 [search `get_full_itsi_summary_kpi(da-itsi-cp-soar-42cf1b995abf38abcd7e8fa4)` indexed_is_service_aggregate::0 | `escape_entity_key` | stats avg(alert_level) AS alert_level by entity_title, entity_key | sort 0 -alert_level | head 3 | fields + entity_title]| `escape_entity_key` | timechart avg(alert_value) as alert_value first(entity_id) as _entity_id by entity_title", "selected_entities": [ "5.3.0-cluster-HA", "5.3.0-cluster-N1", "5.3.0-cluster-N2" ], "selection_mode": "dynamic" }, "lane_size": "medium", "lane_type": "kpi", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`itsi-cp-soar-indexes` source=df | eval FreePct-{MountedOn}=PercentFreeSpace | eval FreeMB-{MountedOn}=FreeMBytes | eval FreeMB-Other=if(in(MountedOn,\"/\",\"/opt\",\"/boot\"),null(), FreeMBytes) | eval FreePct-Other=if(in(MountedOn,\"/\",\"/opt\",\"/boot\"),null(), PercentFreeSpace) | search [ | rest splunk_server=local report_as=text service_id=da-itsi-cp-soar-splunk-app-for-soar-os-metrics kpi_id=da-itsi-cp-soar-42cf1b995abf38abcd7e8fa4 entity_id_fields=host entity_alias_filtering_fields=host search_type= search_type=adhoc \"/servicesNS/nobody/SA-ITOA/itoa_interface/generate_entity_filter\" | return $value ] | `aggregate_raw_into_entity_time_series(latest, FreeMB-/, \"host\", 5)` | `aggregate_entity_into_service_time_series(min, 5)` | `assess_severity(da-itsi-cp-soar-splunk-app-for-soar-os-metrics, da-itsi-cp-soar-42cf1b995abf38abcd7e8fa4)`", "search_source": "kpi", "subtitle": "Splunk app for SOAR - OS Metrics", "threshold_indication_enabled": "enabled", "threshold_indication_type": "stateIndication", "title": "Free Disk MB /", "vertical_axis_boundary_type": "zeroValue", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ 0, 36864 ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "#333333", "graph_series": "da-itsi-cp-soar-d7692817ec155c74374c38ae", "graph_type": "line", "hide_graph": "no", "key": "lane-32363", "kpi_add_to_summary": "yes", "kpi_id": "da-itsi-cp-soar-d7692817ec155c74374c38ae", "kpi_service_id": "da-itsi-cp-soar-splunk-app-for-soar-os-metrics", "kpi_service_title": "Splunk app for SOAR - OS Metrics", "kpi_title": "Free Disk MB /boot", "kpi_unit": "MB", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "yes", "metric": null, "overlay_type": "entity", "search": "`get_full_itsi_summary_kpi(da-itsi-cp-soar-d7692817ec155c74374c38ae)` indexed_is_service_aggregate::0 [search `get_full_itsi_summary_kpi(da-itsi-cp-soar-d7692817ec155c74374c38ae)` indexed_is_service_aggregate::0 | `escape_entity_key` | stats avg(alert_level) AS alert_level by entity_title, entity_key | sort 0 -alert_level | head 3 | fields + entity_title]| `escape_entity_key` | timechart avg(alert_value) as alert_value first(entity_id) as _entity_id by entity_title", "selected_entities": [ "5.3.0-cluster-HA", "5.3.0-cluster-N1", "5.3.0-cluster-N2" ], "selection_mode": "dynamic" }, "lane_size": "medium", "lane_type": "kpi", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`itsi-cp-soar-indexes` source=df | eval FreePct-{MountedOn}=PercentFreeSpace | eval FreeMB-{MountedOn}=FreeMBytes | eval FreeMB-Other=if(in(MountedOn,\"/\",\"/opt\",\"/boot\"),null(), FreeMBytes) | eval FreePct-Other=if(in(MountedOn,\"/\",\"/opt\",\"/boot\"),null(), PercentFreeSpace) | search [ | rest splunk_server=local report_as=text service_id=da-itsi-cp-soar-splunk-app-for-soar-os-metrics kpi_id=da-itsi-cp-soar-d7692817ec155c74374c38ae entity_id_fields=host entity_alias_filtering_fields=host search_type= search_type=adhoc \"/servicesNS/nobody/SA-ITOA/itoa_interface/generate_entity_filter\" | return $value ] | `aggregate_raw_into_entity_time_series(latest, FreeMB-/boot, \"host\", 5)` | `aggregate_entity_into_service_time_series(min, 5)` | `assess_severity(da-itsi-cp-soar-splunk-app-for-soar-os-metrics, da-itsi-cp-soar-d7692817ec155c74374c38ae)`", "search_source": "kpi", "subtitle": "Splunk app for SOAR - OS Metrics", "threshold_indication_enabled": "enabled", "threshold_indication_type": "stateIndication", "title": "Free Disk MB /boot", "vertical_axis_boundary_type": "zeroValue", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ 0, 852 ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "#333333", "graph_series": "da-itsi-cp-soar-019712037b657be24815987d", "graph_type": "line", "hide_graph": "no", "key": "lane-35058", "kpi_add_to_summary": "yes", "kpi_id": "da-itsi-cp-soar-019712037b657be24815987d", "kpi_service_id": "da-itsi-cp-soar-splunk-app-for-soar-os-metrics", "kpi_service_title": "Splunk app for SOAR - OS Metrics", "kpi_title": "Memory % Free", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "yes", "metric": null, "overlay_type": "entity", "search": "`get_full_itsi_summary_kpi(da-itsi-cp-soar-019712037b657be24815987d)` indexed_is_service_aggregate::0 [search `get_full_itsi_summary_kpi(da-itsi-cp-soar-019712037b657be24815987d)` indexed_is_service_aggregate::0 | `escape_entity_key` | stats avg(alert_level) AS alert_level by entity_title, entity_key | sort 0 -alert_level | head 3 | fields + entity_title]| `escape_entity_key` | timechart avg(alert_value) as alert_value first(entity_id) as _entity_id by entity_title", "selected_entities": [ "5.3.0-cluster-HA", "5.3.0-cluster-N1", "5.3.0-cluster-N2" ], "selection_mode": "dynamic" }, "lane_size": "medium", "lane_type": "kpi", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`itsi-cp-soar-indexes` source=vmstat | search [ | rest splunk_server=local report_as=text service_id=da-itsi-cp-soar-splunk-app-for-soar-os-metrics kpi_id=da-itsi-cp-soar-019712037b657be24815987d entity_id_fields=host entity_alias_filtering_fields=host search_type= search_type=adhoc \"/servicesNS/nobody/SA-ITOA/itoa_interface/generate_entity_filter\" | return $value ] | `aggregate_raw_into_entity_time_series(latest, memFreePct, \"host\", 5)` | `aggregate_entity_into_service_time_series(min, 5)` | `assess_severity(da-itsi-cp-soar-splunk-app-for-soar-os-metrics, da-itsi-cp-soar-019712037b657be24815987d)`", "search_source": "kpi", "subtitle": "Splunk app for SOAR - OS Metrics", "threshold_indication_enabled": "enabled", "threshold_indication_type": "stateIndication", "title": "Memory % Free", "vertical_axis_boundary_type": "staticValue", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ 0, 100 ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "#333333", "graph_series": "da-itsi-cp-soar-66c35e8e527644f1ed11dd03", "graph_type": "line", "hide_graph": "no", "key": "lane-36785", "kpi_add_to_summary": "yes", "kpi_id": "da-itsi-cp-soar-66c35e8e527644f1ed11dd03", "kpi_service_id": "da-itsi-cp-soar-splunk-app-for-soar-os-metrics", "kpi_service_title": "Splunk app for SOAR - OS Metrics", "kpi_title": "Min Free Disk, Other", "kpi_unit": "MB", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "yes", "metric": null, "overlay_type": "entity", "search": "`get_full_itsi_summary_kpi(da-itsi-cp-soar-66c35e8e527644f1ed11dd03)` indexed_is_service_aggregate::0 [search `get_full_itsi_summary_kpi(da-itsi-cp-soar-66c35e8e527644f1ed11dd03)` indexed_is_service_aggregate::0 | `escape_entity_key` | stats avg(alert_level) AS alert_level by entity_title, entity_key | sort 0 -alert_level | head 3 | fields + entity_title]| `escape_entity_key` | timechart avg(alert_value) as alert_value first(entity_id) as _entity_id by entity_title", "selected_entities": [ "5.3.0-cluster-HA", "5.3.0-cluster-N1", "5.3.0-cluster-N2" ], "selection_mode": "dynamic" }, "lane_size": "medium", "lane_type": "kpi", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`itsi-cp-soar-indexes` source=df | eval FreePct-{MountedOn}=PercentFreeSpace | eval FreeMB-{MountedOn}=FreeMBytes | eval FreeMB-Other=if(in(MountedOn,\"/\",\"/opt\",\"/boot\"),null(), FreeMBytes) | eval FreePct-Other=if(in(MountedOn,\"/\",\"/opt\",\"/boot\"),null(), PercentFreeSpace) | search [ | rest splunk_server=local report_as=text service_id=da-itsi-cp-soar-splunk-app-for-soar-os-metrics kpi_id=da-itsi-cp-soar-66c35e8e527644f1ed11dd03 entity_id_fields=host entity_alias_filtering_fields=host search_type= search_type=adhoc \"/servicesNS/nobody/SA-ITOA/itoa_interface/generate_entity_filter\" | return $value ] | `aggregate_raw_into_entity_time_series(min, FreeMB-Other, \"host\", 5)` | `aggregate_entity_into_service_time_series(min, 5)` | `assess_severity(da-itsi-cp-soar-splunk-app-for-soar-os-metrics, da-itsi-cp-soar-66c35e8e527644f1ed11dd03)`", "search_source": "kpi", "subtitle": "Splunk app for SOAR - OS Metrics", "threshold_indication_enabled": "enabled", "threshold_indication_type": "stateIndication", "title": "Min Free Disk, Other", "vertical_axis_boundary_type": "zeroValue", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ 0, 982 ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "#333333", "graph_series": "da-itsi-cp-soar-09440a3db6517c5a9d3ececd", "graph_type": "line", "hide_graph": "no", "key": "lane-35946", "kpi_add_to_summary": "yes", "kpi_id": "da-itsi-cp-soar-09440a3db6517c5a9d3ececd", "kpi_service_id": "da-itsi-cp-soar-splunk-app-for-soar-os-metrics", "kpi_service_title": "Splunk app for SOAR - OS Metrics", "kpi_title": "Network RCV KBps", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "yes", "metric": null, "overlay_type": "entity", "search": "`get_full_itsi_summary_kpi(da-itsi-cp-soar-09440a3db6517c5a9d3ececd)` indexed_is_service_aggregate::0 [search `get_full_itsi_summary_kpi(da-itsi-cp-soar-09440a3db6517c5a9d3ececd)` indexed_is_service_aggregate::0 | `escape_entity_key` | stats avg(alert_level) AS alert_level by entity_title, entity_key | sort 0 -alert_level | head 3 | fields + entity_title]| `escape_entity_key` | timechart avg(alert_value) as alert_value first(entity_id) as _entity_id by entity_title", "selected_entities": [ "5.3.0-cluster-HA", "5.3.0-cluster-N1", "5.3.0-cluster-N2" ], "selection_mode": "dynamic" }, "lane_size": "medium", "lane_type": "kpi", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`itsi-cp-soar-indexes` sourcetype=bandwidth | search [ | rest splunk_server=local report_as=text service_id=da-itsi-cp-soar-splunk-app-for-soar-os-metrics kpi_id=da-itsi-cp-soar-09440a3db6517c5a9d3ececd entity_id_fields=host entity_alias_filtering_fields=host search_type= search_type=adhoc \"/servicesNS/nobody/SA-ITOA/itoa_interface/generate_entity_filter\" | return $value ] | `aggregate_raw_into_entity_time_series(latest, rxKB_PS, \"host\", 5)` | `aggregate_entity_into_service_time_series(sum, 5)` | `assess_severity(da-itsi-cp-soar-splunk-app-for-soar-os-metrics, da-itsi-cp-soar-09440a3db6517c5a9d3ececd)`", "search_source": "kpi", "subtitle": "Splunk app for SOAR - OS Metrics", "threshold_indication_enabled": "enabled", "threshold_indication_type": "stateIndication", "title": "Network RCV KBps", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ 0.65, 3369.14 ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "#333333", "graph_series": "da-itsi-cp-soar-bcff695c16507896c1c7ef7e", "graph_type": "line", "hide_graph": "no", "key": "lane-37624", "kpi_add_to_summary": "yes", "kpi_id": "da-itsi-cp-soar-bcff695c16507896c1c7ef7e", "kpi_service_id": "da-itsi-cp-soar-splunk-app-for-soar-os-metrics", "kpi_service_title": "Splunk app for SOAR - OS Metrics", "kpi_title": "Network Txmt KBps", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "yes", "metric": null, "overlay_type": "entity", "search": "`get_full_itsi_summary_kpi(da-itsi-cp-soar-bcff695c16507896c1c7ef7e)` indexed_is_service_aggregate::0 [search `get_full_itsi_summary_kpi(da-itsi-cp-soar-bcff695c16507896c1c7ef7e)` indexed_is_service_aggregate::0 | `escape_entity_key` | stats avg(alert_level) AS alert_level by entity_title, entity_key | sort 0 -alert_level | head 3 | fields + entity_title]| `escape_entity_key` | timechart avg(alert_value) as alert_value first(entity_id) as _entity_id by entity_title", "selected_entities": [ "5.3.0-cluster-HA", "5.3.0-cluster-N1", "5.3.0-cluster-N2" ], "selection_mode": "dynamic" }, "lane_size": "medium", "lane_type": "kpi", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`itsi-cp-soar-indexes` sourcetype=bandwidth | search [ | rest splunk_server=local report_as=text service_id=da-itsi-cp-soar-splunk-app-for-soar-os-metrics kpi_id=da-itsi-cp-soar-bcff695c16507896c1c7ef7e entity_id_fields=host entity_alias_filtering_fields=host search_type= search_type=adhoc \"/servicesNS/nobody/SA-ITOA/itoa_interface/generate_entity_filter\" | return $value ] | `aggregate_raw_into_entity_time_series(latest, txKB_PS, \"host\", 5)` | `aggregate_entity_into_service_time_series(sum, 5)` | `assess_severity(da-itsi-cp-soar-splunk-app-for-soar-os-metrics, da-itsi-cp-soar-bcff695c16507896c1c7ef7e)`", "search_source": "kpi", "subtitle": "Splunk app for SOAR - OS Metrics", "threshold_indication_enabled": "enabled", "threshold_indication_type": "stateIndication", "title": "Network Txmt KBps", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ 0.43000000000000005, 2168.76 ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "#333333", "graph_series": "da-itsi-cp-soar-6251abe13c92438f948e31cb", "graph_type": "line", "hide_graph": "no", "key": "lane-38512", "kpi_add_to_summary": "yes", "kpi_id": "da-itsi-cp-soar-6251abe13c92438f948e31cb", "kpi_service_id": "da-itsi-cp-soar-splunk-app-for-soar-os-metrics", "kpi_service_title": "Splunk app for SOAR - OS Metrics", "kpi_title": "Swap Used (pct)", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "yes", "metric": null, "overlay_type": "entity", "search": "`get_full_itsi_summary_kpi(da-itsi-cp-soar-6251abe13c92438f948e31cb)` indexed_is_service_aggregate::0 [search `get_full_itsi_summary_kpi(da-itsi-cp-soar-6251abe13c92438f948e31cb)` indexed_is_service_aggregate::0 | `escape_entity_key` | stats avg(alert_level) AS alert_level by entity_title, entity_key | sort 0 -alert_level | head 3 | fields + entity_title]| `escape_entity_key` | timechart avg(alert_value) as alert_value first(entity_id) as _entity_id by entity_title", "selected_entities": [ "5.3.0-cluster-HA", "5.3.0-cluster-N1", "5.3.0-cluster-N2" ], "selection_mode": "dynamic" }, "lane_size": "medium", "lane_type": "kpi", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`itsi-cp-soar-indexes` source=vmstat | search [ | rest splunk_server=local report_as=text service_id=da-itsi-cp-soar-splunk-app-for-soar-os-metrics kpi_id=da-itsi-cp-soar-6251abe13c92438f948e31cb entity_id_fields=host entity_alias_filtering_fields=host search_type= search_type=adhoc \"/servicesNS/nobody/SA-ITOA/itoa_interface/generate_entity_filter\" | return $value ] | `aggregate_raw_into_entity_time_series(latest, swapUsedPct, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-soar-splunk-app-for-soar-os-metrics, da-itsi-cp-soar-6251abe13c92438f948e31cb)`", "search_source": "kpi", "subtitle": "Splunk app for SOAR - OS Metrics", "threshold_indication_enabled": "enabled", "threshold_indication_type": "stateIndication", "title": "Swap Used (pct)", "vertical_axis_boundary_type": "staticValue", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ 0, 100 ] } ], "latest_time": "now", "title": "Splunk app for SOAR - OS Metrics", "topology_id": "da-itsi-cp-soar-splunk-app-for-soar-os-metrics", "version": "0.0.33" }