admingit
/
Deploiement_Server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b21d9775ea'
${ noResults }
Deploiement_Server/deployment-apps/Splunk_ML_Toolkit/default/savedsearches.conf

67 lines
3.5 KiB
Raw Blame History

[Splunk_ML_Toolkit - ML-SPL - Telemetry Gen]
action.email.sendresults = 0
action.outputtelemetry = 1
action.outputtelemetry.param.anonymous = 1
action.outputtelemetry.param.support = 0
action.outputtelemetry.param.license = 0
action.outputtelemetry.param.optinrequired = 3
action.outputtelemetry.param.component = app.Splunk_ML_Toolkit.mlspl
action.outputtelemetry.param.input = data
action.outputtelemetry.param.type = aggregate
alert.track = false
counttype = number of events
relation = greater than
quantity = 0
cron_schedule = 33 3 * * *
description = Sends anonymous ML operational data
disabled = False
dispatch.earliest_time = -1d@d
dispatch.latest_time = @d
enableSched = 1
is_visible = false
schedule_window = auto
search = index="_internal" source="*mlspl.log*" \
| rex field=_raw "PID (?<PID>\d+)" \
| stats values(*) as *, max(columns) as maxColumns, sum(rows) as numRows by PID \
| where isnotnull(command) and (isnotnull(algo_name) or isnotnull(scoringName)) \
| sort _time \
| stats values(*) as *, max(columns) as maxColumns, sum(rows) as numRows by PID, UUID \
| fields PID UUID algo_name app_context apply_time command csv_parse_time csv_read_time csv_render_time \
example_name experiment_id fit_time handle_time maxColumns modelId num_fields num_fields_PC num_fields_RS num_fields_SS \
num_fields_fs num_fields_prefixed num_fields_tfidf numRows params partialFit pipeline_stage scoringName scoringTimeSec \
onnx_model_validate_and_upload_time onnx_model_size_on_disk_mb col_dimension onnx_input_shape dataframe_shape metrics_type \
| head 1000 \
| makejson output=data \
| table data
[Splunk_ML_Toolkit - ML-SPL - Sourcetype Inference]
action.email.sendresults = 0
action.outputtelemetry = 1
action.outputtelemetry.param.anonymous = 1
action.outputtelemetry.param.support = 0
action.outputtelemetry.param.license = 0
action.outputtelemetry.param.optinrequired = 3
action.outputtelemetry.param.component = app.Splunk_ML_Toolkit.sourcetype
action.outputtelemetry.param.input = data
action.outputtelemetry.param.type = aggregate
alert.track = false
counttype = number of events
relation = greater than
quantity = 0
cron_schedule = 22 2 * * *
description = Sends information required for sourcetype infererence
disabled = False
dispatch.earliest_time = -1d@d
dispatch.latest_time = @d
enableSched = 1
is_visible = false
schedule_window = auto
search = index="_internal" source="*mlspl.log*" \
| rex field=_raw "Sourcetype inference: Punct (?<full_punct>[^ ]+) has sourcetype (?<orig_sourcetype>.*)" \
| search full_punct=* AND orig_sourcetype=* \
| stats count by orig_sourcetype, full_punct \
| sample 1000 \
| makejson output=data \
| table data
Reference in new issue View Git Blame Copy Permalink