{ "description": "", "entity_rules": [ { "rule_condition": "AND", "rule_items": [ { "field": "itsi_policy_title", "field_type": "alias", "rule_type": "matchesblank", "value": "" } ] } ], "key": "da-itsi-cp-monitoring-alerting-itsi-episode-analytics-template", "kpis": [ { "adaptive_thresholding_training_window": "-7d", "adaptive_thresholds_is_enabled": true, "aggregate_eval": "", "aggregate_statop": "sum", "aggregate_threshold_alert_enabled": false, "aggregate_thresholds": { "base_severity_color": "#99D18B", "base_severity_color_light": "#DCEFD7", "base_severity_label": "normal", "base_severity_value": 2.0, "gauge_max": 100, "gauge_min": 0, "is_max_static": false, "is_min_static": true, "metric_field": "count", "render_boundary_max": 100.0, "render_boundary_min": 0.0, "threshold_levels": [] }, "aggregate_thresholds_alert_enabled": false, "aggregate_thresholds_custom_alert_enabled": false, "aggregate_thresholds_custom_alert_rules": [], "alert_eval": "", "alert_lag": "30", "alert_on": "both", "alert_period": "1", "anomaly_detection_alerting_enabled": false, "anomaly_detection_is_enabled": false, "anomaly_detection_sensitivity": null, "anomaly_detection_training_window": null, "backfill_earliest_time": "-7d", "backfill_enabled": false, "base_search": "| tstats values(itsi_group_title) as itsi_group_title where `itsi_event_management_group_index` itsi_is_first_event=true by _time itsi_group_id itsi_policy_id span=1s\n| `itsi_notable_group_lookup`\n| eval severity_label=`itsi_get_severity_description(severity)`", "base_search_id": "da-itsi-cp-monitoring-alerting-ea-new-episodes-by-severity", "base_search_metric": "new-episode-count", "cohesive_ad": {}, "cohesive_anomaly_detection_is_enabled": false, "datamodel": null, "datamodel_filter": [], "datamodel_filter_clauses": null, "description": "", "enabled": false, "entity_filter_field": "itsi_policy_id", "entity_split_field": "severity_label", "entity_statop": "count", "entity_thresholds": { "base_severity_color": "#99D18B", "base_severity_color_light": "#DCEFD7", "base_severity_label": "normal", "base_severity_value": 2.0, "gauge_max": 100, "gauge_min": 0, "is_max_static": false, "is_min_static": true, "metric_field": "count", "render_boundary_max": 100.0, "render_boundary_min": 0.0, "threshold_levels": [] }, "fill_gaps": "custom_value", "gap_custom_alert_value": 0.0, "gap_severity": "unknown", "gap_severity_color": "#CCCCCC", "gap_severity_color_light": "#EEEEEE", "gap_severity_value": "-1", "is_filter_entities_to_service": true, "is_split_by_entity": true, "key": "d4bc89c5-0c46-404b-b1a5-04d0d3238e55", "kpi_base_search": null, "kpi_template_kpi_id": null, "kpi_threshold_template_id": "da-itsi-cp-monitoring-alerting-ea-storm-detection-stddev", "metric_qualifier": "", "metric_search_spec": { "metric_index": "", "metric_name": "" }, "search": null, "search_aggregate": null, "search_alert": null, "search_alert_earliest": "15", "search_alert_entities": null, "search_buckets": "", "search_entities": null, "search_occurrences": 1.0, "search_time_compare": null, "search_time_series": null, "search_time_series_aggregate": null, "search_time_series_entities": null, "search_type": "shared_base", "service_title": "ITSI Episode Analytics", "threshold_eval": "", "threshold_field": "itsi_group_id", "time_policies": { "policies": { "default_policy": { "aggregate_thresholds": { "base_severity_color": "#99D18B", "base_severity_color_light": "#DCEFD7", "base_severity_label": "normal", "base_severity_value": 2.0, "gauge_max": 96, "gauge_min": 0, "is_max_static": false, "is_min_static": true, "metric_field": "count", "render_boundary_max": 100.0, "render_boundary_min": 0.0, "threshold_levels": [ { "dynamic_param": 2.0, "severity_color": "#FCB64E", "severity_color_light": "#FEE6C1", "severity_label": "medium", "severity_label_localized": "Medium", "severity_value": 4.0, "threshold_value": 17.260858121465123 }, { "dynamic_param": 2.5, "severity_color": "#F26A35", "severity_color_light": "#FBCBB9", "severity_label": "high", "severity_label_localized": "High", "severity_value": 5.0, "threshold_value": 19.310668323813182 }, { "dynamic_param": 3.0, "severity_color": "#B50101", "severity_color_light": "#E5A6A6", "severity_label": "critical", "severity_label_localized": "Critical", "severity_value": 6.0, "threshold_value": 21.360478526161238 } ] }, "entity_thresholds": { "base_severity_color": "#AED3E5", "base_severity_color_light": "#E3F0F6", "base_severity_label": "info", "base_severity_value": 1.0, "gauge_max": 100, "gauge_min": 0, "is_max_static": false, "is_min_static": true, "metric_field": "count", "render_boundary_max": 100.0, "render_boundary_min": 0.0, "threshold_levels": [] }, "policy_type": "stdev", "time_blocks": [], "title": "Default" } } }, "title": "Episode Storm Detection", "trending_ad": {}, "type": "kpis_primary", "tz_offset": null, "unit": "", "urgency": 11.0, "use_time_policies": true }, { "adaptive_thresholding_training_window": "-7d", "adaptive_thresholds_is_enabled": false, "aggregate_eval": "", "aggregate_statop": "sum", "aggregate_threshold_alert_enabled": false, "aggregate_thresholds": { "base_severity_color": "#AED3E5", "base_severity_color_light": "#E3F0F6", "base_severity_label": "info", "base_severity_value": 1.0, "gauge_max": 100, "gauge_min": 0, "is_max_static": false, "is_min_static": true, "metric_field": "count", "render_boundary_max": 100.0, "render_boundary_min": 0.0, "threshold_levels": [] }, "aggregate_thresholds_alert_enabled": false, "aggregate_thresholds_custom_alert_enabled": false, "aggregate_thresholds_custom_alert_rules": [], "alert_eval": "", "alert_lag": "30", "alert_on": "both", "alert_period": "1", "anomaly_detection_alerting_enabled": false, "anomaly_detection_is_enabled": false, "anomaly_detection_sensitivity": null, "anomaly_detection_training_window": null, "backfill_earliest_time": "-7d", "backfill_enabled": false, "base_search": "| tstats values(itsi_group_title) as itsi_group_title where `itsi_event_management_group_index` itsi_is_first_event=true by _time itsi_group_id itsi_policy_id span=1s\n\n| join itsi_policy_id [| rest report_as=text splunk_server=local /servicesNS/nobody/SA-ITOA/event_management_interface/notable_event_aggregation_policy\n| eval value = spath(value, \"{}\")\n| mvexpand value\n| eval itsi_policy_id = spath(value, \"_key\"), itsi_policy_title = spath(value, \"title\")\n| table itsi_policy_id itsi_policy_title ]", "base_search_id": "da-itsi-cp-monitoring-alerting-ea-new-episodes-by-policy", "base_search_metric": "new-episode-count", "cohesive_ad": {}, "cohesive_anomaly_detection_is_enabled": false, "datamodel": null, "datamodel_filter": [], "datamodel_filter_clauses": null, "description": "", "enabled": false, "entity_filter_field": "itsi_policy_id", "entity_split_field": "itsi_policy_title", "entity_statop": "count", "entity_thresholds": { "base_severity_color": "#AED3E5", "base_severity_color_light": "#E3F0F6", "base_severity_label": "info", "base_severity_value": 1.0, "gauge_max": 100, "gauge_min": 0, "is_max_static": false, "is_min_static": true, "metric_field": "count", "render_boundary_max": 7.6, "render_boundary_min": 0.0, "threshold_levels": [] }, "fill_gaps": "custom_value", "gap_custom_alert_value": 0.0, "gap_severity": "unknown", "gap_severity_color": "#CCCCCC", "gap_severity_color_light": "#EEEEEE", "gap_severity_value": "-1", "is_filter_entities_to_service": true, "is_split_by_entity": true, "key": "2231ff53-57ea-4042-90a1-2c6ff7262dc8", "kpi_base_search": null, "kpi_template_kpi_id": null, "kpi_threshold_template_id": "", "metric_qualifier": "", "metric_search_spec": { "metric_index": "", "metric_name": "" }, "search": null, "search_aggregate": null, "search_alert": null, "search_alert_earliest": "15", "search_alert_entities": null, "search_buckets": "", "search_entities": null, "search_occurrences": 1.0, "search_time_compare": null, "search_time_series": null, "search_time_series_aggregate": null, "search_time_series_entities": null, "search_type": "shared_base", "service_title": "ITSI Episode Analytics", "threshold_eval": "", "threshold_field": "itsi_group_id", "time_policies": { "policies": { "default_policy": { "aggregate_thresholds": { "base_severity_color": "#99D18B", "base_severity_color_light": "#DCEFD7", "base_severity_label": "normal", "base_severity_value": 2.0, "gauge_max": 100, "gauge_min": 0, "is_max_static": false, "is_min_static": true, "metric_field": "count", "render_boundary_max": 100.0, "render_boundary_min": 0.0, "threshold_levels": [] }, "entity_thresholds": { "base_severity_color": "#99D18B", "base_severity_color_light": "#DCEFD7", "base_severity_label": "normal", "base_severity_value": 2.0, "gauge_max": 100, "gauge_min": 0, "is_max_static": false, "is_min_static": true, "metric_field": "count", "render_boundary_max": 100.0, "render_boundary_min": 0.0, "threshold_levels": [] }, "policy_type": "static", "time_blocks": [], "title": "Default" } } }, "title": "New Episodes by Policy", "trending_ad": {}, "type": "kpis_primary", "tz_offset": null, "unit": "", "urgency": 0.0, "use_time_policies": false }, { "adaptive_thresholding_training_window": "-7d", "adaptive_thresholds_is_enabled": false, "aggregate_eval": "", "aggregate_statop": "sum", "aggregate_threshold_alert_enabled": false, "aggregate_thresholds": { "base_severity_color": "#AED3E5", "base_severity_color_light": "#E3F0F6", "base_severity_label": "info", "base_severity_value": 1.0, "gauge_max": 100, "gauge_min": 0, "is_max_static": false, "is_min_static": true, "metric_field": "count", "render_boundary_max": 100.0, "render_boundary_min": 0.0, "threshold_levels": [] }, "aggregate_thresholds_alert_enabled": false, "aggregate_thresholds_custom_alert_enabled": false, "aggregate_thresholds_custom_alert_rules": [], "alert_eval": "", "alert_lag": "30", "alert_on": "both", "alert_period": "1", "anomaly_detection_alerting_enabled": false, "anomaly_detection_is_enabled": false, "anomaly_detection_sensitivity": null, "anomaly_detection_training_window": null, "backfill_earliest_time": "-7d", "backfill_enabled": false, "base_search": "| tstats max(_time) as _time values(itsi_group_title) as itsi_group_title where `itsi_event_management_group_index` earliest=-14d@d by itsi_group_id itsi_policy_id\n| `itsi_notable_group_lookup` \n| eval severity_label = `itsi_get_severity_description(severity)` \n| eval status_label = case(status=1, \"New\", status=2, \"InProgress\", status=3, \"Pending\", status=4, \"Resolved\", status=5, \"Closed\")\n| search status IN (1, 2, 3, 4)", "base_search_id": "da-itsi-cp-monitoring-alerting-ea-open-episodes-by-severity", "base_search_metric": "open-episodes", "cohesive_ad": {}, "cohesive_anomaly_detection_is_enabled": false, "datamodel": null, "datamodel_filter": [], "datamodel_filter_clauses": null, "description": "", "enabled": false, "entity_filter_field": "itsi_policy_id", "entity_split_field": "severity_label", "entity_statop": "dc", "entity_thresholds": { "base_severity_color": "#AED3E5", "base_severity_color_light": "#E3F0F6", "base_severity_label": "info", "base_severity_value": 1.0, "gauge_max": 100, "gauge_min": 0, "is_max_static": false, "is_min_static": true, "metric_field": "count", "render_boundary_max": 100.0, "render_boundary_min": 0.0, "threshold_levels": [] }, "fill_gaps": "custom_value", "gap_custom_alert_value": 0.0, "gap_severity": "unknown", "gap_severity_color": "#CCCCCC", "gap_severity_color_light": "#EEEEEE", "gap_severity_value": "-1", "is_filter_entities_to_service": true, "is_split_by_entity": true, "key": "7fabb8c3-1e97-4a9a-8550-4681ed736012", "kpi_base_search": null, "kpi_template_kpi_id": null, "kpi_threshold_template_id": "", "metric_qualifier": "", "metric_search_spec": { "metric_index": "", "metric_name": "" }, "search": null, "search_aggregate": null, "search_alert": null, "search_alert_earliest": "15", "search_alert_entities": null, "search_buckets": "", "search_entities": null, "search_occurrences": 1.0, "search_time_compare": null, "search_time_series": null, "search_time_series_aggregate": null, "search_time_series_entities": null, "search_type": "shared_base", "service_title": "ITSI Episode Analytics", "threshold_eval": "", "threshold_field": "itsi_group_id", "time_policies": { "policies": { "default_policy": { "aggregate_thresholds": { "base_severity_color": "#99D18B", "base_severity_color_light": "#DCEFD7", "base_severity_label": "normal", "base_severity_value": 2.0, "gauge_max": 100, "gauge_min": 0, "is_max_static": false, "is_min_static": true, "metric_field": "count", "render_boundary_max": 100.0, "render_boundary_min": 0.0, "threshold_levels": [] }, "entity_thresholds": { "base_severity_color": "#99D18B", "base_severity_color_light": "#DCEFD7", "base_severity_label": "normal", "base_severity_value": 2.0, "gauge_max": 100, "gauge_min": 0, "is_max_static": false, "is_min_static": true, "metric_field": "count", "render_boundary_max": 100.0, "render_boundary_min": 0.0, "threshold_levels": [] }, "policy_type": "static", "time_blocks": [], "title": "Default" } } }, "title": "Open Episodes by Severity", "trending_ad": {}, "type": "kpis_primary", "tz_offset": null, "unit": "", "urgency": 0.0, "use_time_policies": false }, { "adaptive_thresholding_training_window": "-7d", "adaptive_thresholds_is_enabled": false, "aggregate_eval": "", "aggregate_statop": "sum", "aggregate_threshold_alert_enabled": false, "aggregate_thresholds": { "base_severity_color": "#AED3E5", "base_severity_color_light": "#E3F0F6", "base_severity_label": "info", "base_severity_value": 1.0, "gauge_max": 100, "gauge_min": 0, "is_max_static": false, "is_min_static": true, "metric_field": "count", "render_boundary_max": 100.0, "render_boundary_min": 0.0, "threshold_levels": [] }, "aggregate_thresholds_alert_enabled": false, "aggregate_thresholds_custom_alert_enabled": false, "aggregate_thresholds_custom_alert_rules": [], "alert_eval": "", "alert_lag": "30", "alert_on": "both", "alert_period": "1", "anomaly_detection_alerting_enabled": false, "anomaly_detection_is_enabled": false, "anomaly_detection_sensitivity": null, "anomaly_detection_training_window": null, "backfill_earliest_time": "-7d", "backfill_enabled": false, "base_search": "| tstats max(_time) as _time values(itsi_group_title) as itsi_group_title where `itsi_event_management_group_index` earliest=-14d@d by itsi_group_id itsi_policy_id\n| `itsi_notable_group_lookup` \n| eval severity_label = `itsi_get_severity_description(severity)` \n| eval status_label = case(status=1, \"New\", status=2, \"InProgress\", status=3, \"Pending\", status=4, \"Resolved\", status=5, \"Closed\")\n| search status IN (1, 2, 3, 4)", "base_search_id": "da-itsi-cp-monitoring-alerting-ea-open-episodes-by-status", "base_search_metric": "open-episodes", "cohesive_ad": {}, "cohesive_anomaly_detection_is_enabled": false, "datamodel": null, "datamodel_filter": [], "datamodel_filter_clauses": null, "description": "", "enabled": false, "entity_filter_field": "itsi_policy_id", "entity_split_field": "status_label", "entity_statop": "dc", "entity_thresholds": { "base_severity_color": "#AED3E5", "base_severity_color_light": "#E3F0F6", "base_severity_label": "info", "base_severity_value": 1.0, "gauge_max": 100, "gauge_min": 0, "is_max_static": false, "is_min_static": true, "metric_field": "count", "render_boundary_max": 100.0, "render_boundary_min": 0.0, "threshold_levels": [] }, "fill_gaps": "custom_value", "gap_custom_alert_value": 0.0, "gap_severity": "unknown", "gap_severity_color": "#CCCCCC", "gap_severity_color_light": "#EEEEEE", "gap_severity_value": "-1", "is_filter_entities_to_service": true, "is_split_by_entity": true, "key": "44d9acb0-2943-4231-9479-9ecb2ef53740", "kpi_base_search": null, "kpi_template_kpi_id": null, "kpi_threshold_template_id": "", "metric_qualifier": "", "metric_search_spec": { "metric_index": "", "metric_name": "" }, "search": null, "search_aggregate": null, "search_alert": null, "search_alert_earliest": "15", "search_alert_entities": null, "search_buckets": "", "search_entities": null, "search_occurrences": 1.0, "search_time_compare": null, "search_time_series": null, "search_time_series_aggregate": null, "search_time_series_entities": null, "search_type": "shared_base", "service_title": "ITSI Episode Analytics", "threshold_eval": "", "threshold_field": "itsi_group_id", "time_policies": { "policies": { "default_policy": { "aggregate_thresholds": { "base_severity_color": "#99D18B", "base_severity_color_light": "#DCEFD7", "base_severity_label": "normal", "base_severity_value": 2.0, "gauge_max": 100, "gauge_min": 0, "is_max_static": false, "is_min_static": true, "metric_field": "count", "render_boundary_max": 100.0, "render_boundary_min": 0.0, "threshold_levels": [] }, "entity_thresholds": { "base_severity_color": "#99D18B", "base_severity_color_light": "#DCEFD7", "base_severity_label": "normal", "base_severity_value": 2.0, "gauge_max": 100, "gauge_min": 0, "is_max_static": false, "is_min_static": true, "metric_field": "count", "render_boundary_max": 100.0, "render_boundary_min": 0.0, "threshold_levels": [] }, "policy_type": "static", "time_blocks": [], "title": "Default" } } }, "title": "Open Episodes by Status", "trending_ad": {}, "type": "kpis_primary", "tz_offset": null, "unit": "", "urgency": 0.0, "use_time_policies": false }, { "adaptive_thresholding_training_window": "-7d", "adaptive_thresholds_is_enabled": true, "aggregate_eval": "", "aggregate_statop": "sum", "aggregate_threshold_alert_enabled": false, "aggregate_thresholds": { "base_severity_color": "#99D18B", "base_severity_color_light": "#DCEFD7", "base_severity_label": "normal", "base_severity_value": 2.0, "gauge_max": 100, "gauge_min": 0, "is_max_static": false, "is_min_static": true, "metric_field": "count", "render_boundary_max": 100.0, "render_boundary_min": 0.0, "threshold_levels": [] }, "aggregate_thresholds_alert_enabled": false, "aggregate_thresholds_custom_alert_enabled": false, "aggregate_thresholds_custom_alert_rules": [], "alert_eval": "", "alert_lag": "30", "alert_on": "both", "alert_period": "1", "anomaly_detection_alerting_enabled": false, "anomaly_detection_is_enabled": false, "anomaly_detection_sensitivity": null, "anomaly_detection_training_window": null, "backfill_earliest_time": "-7d", "backfill_enabled": false, "base_search": "| tstats max(_time) as _time values(itsi_group_title) as itsi_group_title where `itsi_event_management_group_index` earliest=-14d@d by itsi_group_id itsi_policy_id\n| `itsi_notable_group_lookup` \n| eval severity_label = `itsi_get_severity_description(severity)` \n| eval status_label = case(status=1, \"New\", status=2, \"InProgress\", status=3, \"Pending\", status=4, \"Resolved\", status=5, \"Closed\")\n| search status IN (1, 2, 3, 4)\n| search severity=6", "base_search_id": "da-itsi-cp-monitoring-alerting-ea-open-crit-episodes-by-status", "base_search_metric": "open-episodes", "cohesive_ad": {}, "cohesive_anomaly_detection_is_enabled": false, "datamodel": null, "datamodel_filter": [], "datamodel_filter_clauses": null, "description": "", "enabled": false, "entity_filter_field": "itsi_policy_id", "entity_split_field": "status_label", "entity_statop": "dc", "entity_thresholds": { "base_severity_color": "#AED3E5", "base_severity_color_light": "#E3F0F6", "base_severity_label": "info", "base_severity_value": 1.0, "gauge_max": 100, "gauge_min": 0, "is_max_static": false, "is_min_static": true, "metric_field": "count", "render_boundary_max": 23.0, "render_boundary_min": 0.0, "threshold_levels": [] }, "fill_gaps": "custom_value", "gap_custom_alert_value": 0.0, "gap_severity": "unknown", "gap_severity_color": "#CCCCCC", "gap_severity_color_light": "#EEEEEE", "gap_severity_value": "-1", "is_filter_entities_to_service": true, "is_split_by_entity": true, "key": "16871ff8-5f67-4e8c-bfe7-b86228ffa183", "kpi_base_search": null, "kpi_template_kpi_id": null, "kpi_threshold_template_id": "", "metric_qualifier": "", "metric_search_spec": { "metric_index": "", "metric_name": "" }, "search": null, "search_aggregate": null, "search_alert": null, "search_alert_earliest": "15", "search_alert_entities": null, "search_buckets": "", "search_entities": null, "search_occurrences": 1.0, "search_time_compare": null, "search_time_series": null, "search_time_series_aggregate": null, "search_time_series_entities": null, "search_type": "shared_base", "service_title": "ITSI Episode Analytics", "threshold_eval": "", "threshold_field": "itsi_group_id", "time_policies": { "policies": { "default_policy": { "aggregate_thresholds": { "base_severity_color": "#99D18B", "base_severity_color_light": "#DCEFD7", "base_severity_label": "normal", "base_severity_value": 2.0, "gauge_max": 204, "gauge_min": 0, "is_max_static": false, "is_min_static": true, "metric_field": "count", "render_boundary_max": 204.39342723004694, "render_boundary_min": 0.0, "threshold_levels": [ { "dynamic_param": 150.0, "severity_color": "#FCB64E", "severity_color_light": "#FEE6C1", "severity_label": "medium", "severity_label_localized": "Medium", "severity_value": 4.0, "threshold_value": 116.13262910798122 }, { "dynamic_param": 200.0, "severity_color": "#F26A35", "severity_color_light": "#FBCBB9", "severity_label": "high", "severity_label_localized": "High", "severity_value": 5.0, "threshold_value": 139.35915492957747 }, { "dynamic_param": 300.0, "severity_color": "#B50101", "severity_color_light": "#E5A6A6", "severity_label": "critical", "severity_label_localized": "Critical", "severity_value": 6.0, "threshold_value": 185.81220657276995 } ] }, "entity_thresholds": { "base_severity_color": "#99D18B", "base_severity_color_light": "#DCEFD7", "base_severity_label": "normal", "base_severity_value": 2.0, "gauge_max": 100, "gauge_min": 0, "is_max_static": false, "is_min_static": true, "metric_field": "count", "render_boundary_max": 100.0, "render_boundary_min": 0.0, "threshold_levels": [] }, "policy_type": "static", "time_blocks": [], "title": "Default" } } }, "title": "Open, Critical Episodes by Status", "trending_ad": {}, "type": "kpis_primary", "tz_offset": null, "unit": "", "urgency": 5.0, "use_time_policies": true } ], "linked_services": [ "da-itsi-cp-monitoring-alerting-itsi-episode-analytics" ], "sync_status": "synced", "team_id": "default_itsi_security_group", "template_tags": [], "title": "ITSI Episode Analytics Template", "version": "0.0.33" }