admingit
/
Deploiement_Server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2b6dc8f4d8'
${ noResults }
Deploiement_Server/deployment-apps/DA-ITSI-CP-m365/default/macros.conf

97 lines
4.0 KiB
Raw Blame History

[default]
[SharePoint_ObjectSite]
definition = rex field=ObjectId "\/sites\/(?<ObjectSite>[^\/]+)"\
[m365_default_index]
iseval = 0
definition = index=*
[m365_teams_caller]
iseval = 0
definition = spath "sessions{}" output="sessions"\
| spath "sessions{}.segments{}" output="segments"\
| eval call_startDateTime = startDateTime, call_endDateTime = endDateTime\
| eval number_of_sessions = mvcount(sessions), number_of_segments = mvcount(segments), call_id = id \
| fields _time call_startDateTime call_endDateTime call_id sessions number_of_sessions number_of_segments\
| mvexpand sessions\
| spath input=sessions path=id output=session_id\
| spath input=sessions path=segments{} output=segments\
| spath input=segments path=id output=segment_id\
| fields _time call_startDateTime call_endDateTime call_id session_id segment_id segments number_of_sessions number_of_segments\
| eval zip = mvzip(mvzip(session_id,segment_id,"########"),segments,"########")\
| fields _time call_startDateTime call_endDateTime call_id zip number_of_sessions number_of_segments\
| mvexpand zip\
| eval zip = split(zip,"########"), session_id = mvindex(zip,0), segment_id = mvindex(zip,1), segments = mvindex(zip,-1)\
| fields - zip\
| mvexpand segments\
| spath input=segments path=endDateTime output=segment_endDateTime\
| spath input=segments path=startDateTime output=segment_startDateTime\
| spath input=segments path=caller output=caller\
| spath input=segments path=media{} output=media\
| eval number_of_media = mvcount(media)\
| fields - segments\
| mvexpand media\
| spath input=media path=label output=media_label\
| spath input=media path="callerDevice" \
| spath input=media path="callerNetwork"\
| spath input=callerDevice\
| spath input=callerNetwork\
| spath input=caller\
| fields - media callerDevice callerNetwork caller\
| foreach * \
[ eval <<FIELD>> = if('<<FIELD>>'="null",null(),'<<FIELD>>')]
[m365_teams_indexes]
iseval = 0
definition = (index=main)
[m365_teams_qos]
iseval = 0
definition = eval call_startDateTime = startDateTime, call_endDateTime = endDateTime\
| spath "sessions{}" output="sessions" \
| eval number_of_sessions = mvcount('sessions{}.id'), number_of_segments = mvcount('sessions{}.segments{}.id'), call_id = id \
| fields _time call_startDateTime call_endDateTime call_id sessions number_of_sessions number_of_segments \
| mvexpand sessions \
| spath input=sessions path=id output=session_id \
| spath input=sessions path=segments{} output=segments \
| spath input=segments path=id output=segment_id \
| fields _time call_startDateTime call_endDateTime call_id session_id segment_id segments number_of_sessions number_of_segments \
| eval zip = mvzip(mvzip(session_id,segment_id,"########"),segments,"########") \
| fields _time call_startDateTime call_endDateTime call_id zip number_of_sessions number_of_segments \
| mvexpand zip \
| eval zip = split(zip,"########"), session_id = mvindex(zip,0), segment_id = mvindex(zip,1), segments = mvindex(zip,-1) \
| fields - zip \
| mvexpand segments \
| spath input=segments path=endDateTime output=segment_endDateTime\
| spath input=segments path=startDateTime output=segment_startDateTime\
| spath input=segments path=media{} output=media \
| eval number_of_media = mvcount(media) \
| fields - segments \
| mvexpand media \
| spath input=media path=label output=media_label \
| spath input=media path=streams{} output=streams \
| eval number_of_streams = mvcount(streams) \
| fields - media \
| mvexpand streams \
| spath input=streams \
| fields - streams \
| foreach "*Jitter" averageRoundTripTime maxRoundTripTime \
[ eval <<FIELD>> = tonumber(replace('<<FIELD>>',"PT(.*)S","\1"))]
[message_trace_index]
iseval = 0
definition = index=*
[o365_sourcetypes]
iseval = 0
definition = sourcetype="o365:management:activity"
[m365_cp_default_index]
definition = index=*
iseval = 0
[m365-availability-kpi(2)]
args = service, status
definition = `m365_cp_default_index` sourcetype="o365:service:healthIssue" service="$service$" status="$status$" | eval ServiceFeatureDisplayName=service.": ".feature
Reference in new issue View Git Blame Copy Permalink