admingit
/
Deploiement_Server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e0ba6bc584'
${ noResults }
Deploiement_Server/deployment-apps/DA-ITSI-CP-microsoft-exchange/itsi/services/da-itsi-cp-microsoft-exchan...

2644 lines
164 KiB
Raw Blame History

{
"algorithms": {
"GradientBoostingRegressor": {
"RMSE": 0,
"modelId": "",
"rSquared": 0,
"recommended": false
},
"LinearRegression": {
"RMSE": 0,
"modelId": "",
"rSquared": 0,
"recommended": false
},
"LogisticRegression": {
"accuracy": 0,
"f1_score": 0,
"modelId": "",
"precision": 0,
"recall": 0,
"recommended": false
},
"RandomForestRegressor": {
"RMSE": 0,
"modelId": "",
"rSquared": 0,
"recommended": false
}
},
"description": "NTDS consists of KPI's that provide statistics about the activity of the Active Directory directory service.",
"enabled": true,
"entity_rules": [],
"key": "da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds",
"kpis": [
{
"adaptive_thresholding_training_window": "-7d",
"adaptive_thresholds_is_enabled": false,
"aggregate_eval": "",
"aggregate_statop": "avg",
"aggregate_threshold_alert_enabled": false,
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": [
{
"dynamic_param": null,
"severity_color": "#B50101",
"severity_color_light": "#E5A6A6",
"severity_label": "critical",
"severity_label_localized": null,
"severity_value": 6.0,
"threshold_value": 0.0
},
{
"dynamic_param": null,
"severity_color": "#F26A35",
"severity_color_light": "#FBCBB9",
"severity_label": "high",
"severity_label_localized": null,
"severity_value": 5.0,
"threshold_value": 20.0
},
{
"dynamic_param": null,
"severity_color": "#FCB64E",
"severity_color_light": "#FEE6C1",
"severity_label": "medium",
"severity_label_localized": null,
"severity_value": 4.0,
"threshold_value": 40.0
},
{
"dynamic_param": null,
"severity_color": "#FFE98C",
"severity_color_light": "#FFF4C5",
"severity_label": "low",
"severity_label_localized": null,
"severity_value": 3.0,
"threshold_value": 60.0
},
{
"dynamic_param": null,
"severity_color": "#99D18B",
"severity_color_light": "#DCEFD7",
"severity_label": "normal",
"severity_label_localized": null,
"severity_value": 2.0,
"threshold_value": 80.0
}
]
},
"aggregate_thresholds_alert_enabled": false,
"aggregate_thresholds_custom_alert_enabled": false,
"aggregate_thresholds_custom_alert_rules": [],
"alert_eval": "",
"alert_lag": "30",
"alert_on": "both",
"alert_period": "1",
"anomaly_detection_alerting_enabled": false,
"anomaly_detection_is_enabled": false,
"anomaly_detection_sensitivity": 0.999,
"anomaly_detection_training_window": "-7d",
"backfill_earliest_time": "-7d",
"backfill_enabled": false,
"base_search": "`get_full_itsi_summary_service_health_events(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds)`",
"base_search_id": null,
"base_search_metric": null,
"cohesive_ad": {
"sensitivity": 8
},
"cohesive_anomaly_detection_is_enabled": false,
"datamodel": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"datamodel_filter": [],
"datamodel_filter_clauses": null,
"description": "",
"enabled": false,
"entity_filter_field": "",
"entity_split_field": "",
"entity_statop": "avg",
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": [
{
"dynamic_param": null,
"severity_color": "#B50101",
"severity_color_light": "#E5A6A6",
"severity_label": "critical",
"severity_label_localized": null,
"severity_value": 6.0,
"threshold_value": 0.0
},
{
"dynamic_param": null,
"severity_color": "#F26A35",
"severity_color_light": "#FBCBB9",
"severity_label": "high",
"severity_label_localized": null,
"severity_value": 5.0,
"threshold_value": 20.0
},
{
"dynamic_param": null,
"severity_color": "#FCB64E",
"severity_color_light": "#FEE6C1",
"severity_label": "medium",
"severity_label_localized": null,
"severity_value": 4.0,
"threshold_value": 40.0
},
{
"dynamic_param": null,
"severity_color": "#FFE98C",
"severity_color_light": "#FFF4C5",
"severity_label": "low",
"severity_label_localized": null,
"severity_value": 3.0,
"threshold_value": 60.0
},
{
"dynamic_param": null,
"severity_color": "#99D18B",
"severity_color_light": "#DCEFD7",
"severity_label": "normal",
"severity_label_localized": null,
"severity_value": 2.0,
"threshold_value": 80.0
}
]
},
"fill_gaps": "null_value",
"gap_custom_alert_value": 0.0,
"gap_severity": "unknown",
"gap_severity_color": "#CCCCCC",
"gap_severity_color_light": "#EEEEEE",
"gap_severity_value": "-1",
"is_filter_entities_to_service": false,
"is_split_by_entity": false,
"key": "SHKPI-da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds",
"kpi_base_search": "",
"kpi_template_kpi_id": "",
"kpi_threshold_template_id": "",
"metric_qualifier": null,
"metric_search_spec": {
"metric_index": "",
"metric_name": ""
},
"search": "`get_full_itsi_summary_service_health_events(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds)` | stats latest(health_score) AS aggregate",
"search_aggregate": "`get_full_itsi_summary_service_health_events(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds)` | stats latest(health_score) AS aggregate",
"search_alert": "",
"search_alert_earliest": "15",
"search_alert_entities": "",
"search_buckets": "",
"search_entities": null,
"search_occurrences": 1.0,
"search_time_compare": "`get_full_itsi_summary_service_health_events(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds)` [| stats count | addinfo | eval search= \"earliest=\" + tostring(info_min_time-(info_max_time-info_min_time))+ \" latest=\" + tostring(info_max_time) |fields search] | addinfo | eval bucket=if(_time<info_max_time-((info_max_time-info_min_time)/2), \"last_window\", \"current_window\") | stats avg(health_score) AS aggregate BY bucket | reverse | delta aggregate AS window_delta | search bucket=current_window | eval window_direction=if(window_delta >0, \"increase\", if(window_delta < 0, \"decrease\", \"none\"))",
"search_time_series": "`get_full_itsi_summary_service_health_events(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds)` | timechart avg(health_score) AS aggregate",
"search_time_series_aggregate": "`get_full_itsi_summary_service_health_events(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds)` | timechart avg(health_score) AS aggregate",
"search_time_series_entities": "",
"search_type": "adhoc",
"service_title": "MSExchange_BaseMetrics_NTDS",
"threshold_eval": "",
"threshold_field": "aggregate",
"time_policies": {
"policies": {
"default_policy": {
"aggregate_thresholds": {
"base_severity_color": "#AED3E5",
"base_severity_color_light": "#E3F0F6",
"base_severity_label": "info",
"base_severity_value": 1.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"entity_thresholds": {
"base_severity_color": "#AED3E5",
"base_severity_color_light": "#E3F0F6",
"base_severity_label": "info",
"base_severity_value": 1.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"policy_type": "static",
"time_blocks": [],
"title": "Default"
}
}
},
"title": "ServiceHealthScore",
"trending_ad": {
"sensitivity": 8
},
"type": "service_health",
"tz_offset": null,
"unit": "",
"urgency": 11.0,
"use_time_policies": false
},
{
"adaptive_thresholding_training_window": "-7d",
"adaptive_thresholds_is_enabled": false,
"aggregate_eval": "",
"aggregate_statop": "max",
"aggregate_threshold_alert_enabled": false,
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"aggregate_thresholds_alert_enabled": false,
"aggregate_thresholds_custom_alert_enabled": false,
"aggregate_thresholds_custom_alert_rules": [],
"alert_eval": "",
"alert_lag": "30",
"alert_on": "both",
"alert_period": "5",
"anomaly_detection_alerting_enabled": false,
"anomaly_detection_is_enabled": false,
"anomaly_detection_sensitivity": null,
"anomaly_detection_training_window": null,
"backfill_earliest_time": "-7d",
"backfill_enabled": false,
"base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"Base searches/sec\"",
"base_search_id": null,
"base_search_metric": null,
"cohesive_ad": {
"sensitivity": 8
},
"cohesive_anomaly_detection_is_enabled": false,
"datamodel": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"datamodel_filter": [],
"datamodel_filter_clauses": null,
"description": "Percentage of directory reads coming from Knowledge Consistency Checker (KCC), an Active Directory component that is responsible for the generating the replication topology between domain controllers.",
"enabled": true,
"entity_filter_field": "host",
"entity_split_field": "host",
"entity_statop": "max",
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"fill_gaps": "null_value",
"gap_custom_alert_value": 0.0,
"gap_severity": "unknown",
"gap_severity_color": "#CCCCCC",
"gap_severity_color_light": "#EEEEEE",
"gap_severity_value": "-1",
"is_filter_entities_to_service": false,
"is_split_by_entity": true,
"key": "da-itsi-cp-microsoft-exchange-81e931a2b3ebda23cc011d20",
"kpi_base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"Base searches/sec\"",
"kpi_template_kpi_id": "",
"kpi_threshold_template_id": "",
"metric_qualifier": null,
"metric_search_spec": {
"metric_index": "",
"metric_name": ""
},
"search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"Base searches/sec\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-81e931a2b3ebda23cc011d20, true, true, true)` | eval kpi=\"Base searches/sec\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"Base searches/sec\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-81e931a2b3ebda23cc011d20)`",
"search_alert": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"Base searches/sec\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-81e931a2b3ebda23cc011d20, true, true, true)` | eval kpi=\"Base searches/sec\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_alert_earliest": "5",
"search_alert_entities": "",
"search_buckets": "",
"search_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"Base searches/sec\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-81e931a2b3ebda23cc011d20)`",
"search_occurrences": 1.0,
"search_time_compare": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"Base searches/sec\" | `aggregate_raw_and_compare(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-81e931a2b3ebda23cc011d20)`",
"search_time_series": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"Base searches/sec\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-81e931a2b3ebda23cc011d20)`",
"search_time_series_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"Base searches/sec\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-81e931a2b3ebda23cc011d20)`",
"search_time_series_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"Base searches/sec\" | `aggregate_raw_into_limited_entity_time_series(max, Value, \"host\", 5)`",
"search_type": "adhoc",
"service_title": "MSExchange_BaseMetrics_NTDS",
"threshold_eval": "",
"threshold_field": "Value",
"time_policies": {
"policies": {
"default_policy": {
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"policy_type": "static",
"time_blocks": [],
"title": "Default"
}
}
},
"title": "Base searches/sec",
"trending_ad": {
"sensitivity": 8
},
"type": "kpis_primary",
"tz_offset": null,
"unit": "/sec",
"urgency": 5.0,
"use_time_policies": false
},
{
"adaptive_thresholding_training_window": "-7d",
"adaptive_thresholds_is_enabled": false,
"aggregate_eval": "",
"aggregate_statop": "max",
"aggregate_threshold_alert_enabled": false,
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"aggregate_thresholds_alert_enabled": false,
"aggregate_thresholds_custom_alert_enabled": false,
"aggregate_thresholds_custom_alert_rules": [],
"alert_eval": "",
"alert_lag": "30",
"alert_on": "both",
"alert_period": "5",
"anomaly_detection_alerting_enabled": false,
"anomaly_detection_is_enabled": false,
"anomaly_detection_sensitivity": null,
"anomaly_detection_training_window": null,
"backfill_earliest_time": "-7d",
"backfill_enabled": false,
"base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"Database modifys/sec\"",
"base_search_id": null,
"base_search_metric": null,
"cohesive_ad": {
"sensitivity": 8
},
"cohesive_anomaly_detection_is_enabled": false,
"datamodel": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"datamodel_filter": [],
"datamodel_filter_clauses": null,
"description": "Shows the number of directory modifys per second.",
"enabled": true,
"entity_filter_field": "host",
"entity_split_field": "host",
"entity_statop": "max",
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"fill_gaps": "null_value",
"gap_custom_alert_value": 0.0,
"gap_severity": "unknown",
"gap_severity_color": "#CCCCCC",
"gap_severity_color_light": "#EEEEEE",
"gap_severity_value": "-1",
"is_filter_entities_to_service": false,
"is_split_by_entity": true,
"key": "da-itsi-cp-microsoft-exchange-2b6ce96398874863559d8bd3",
"kpi_base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"Database modifys/sec\"",
"kpi_template_kpi_id": "",
"kpi_threshold_template_id": "",
"metric_qualifier": null,
"metric_search_spec": {
"metric_index": "",
"metric_name": ""
},
"search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"Database modifys/sec\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-2b6ce96398874863559d8bd3, true, true, true)` | eval kpi=\"Database modifys/sec\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"Database modifys/sec\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-2b6ce96398874863559d8bd3)`",
"search_alert": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"Database modifys/sec\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-2b6ce96398874863559d8bd3, true, true, true)` | eval kpi=\"Database modifys/sec\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_alert_earliest": "5",
"search_alert_entities": "",
"search_buckets": "",
"search_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"Database modifys/sec\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-2b6ce96398874863559d8bd3)`",
"search_occurrences": 1.0,
"search_time_compare": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"Database modifys/sec\" | `aggregate_raw_and_compare(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-2b6ce96398874863559d8bd3)`",
"search_time_series": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"Database modifys/sec\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-2b6ce96398874863559d8bd3)`",
"search_time_series_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"Database modifys/sec\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-2b6ce96398874863559d8bd3)`",
"search_time_series_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"Database modifys/sec\" | `aggregate_raw_into_limited_entity_time_series(max, Value, \"host\", 5)`",
"search_type": "adhoc",
"service_title": "MSExchange_BaseMetrics_NTDS",
"threshold_eval": "",
"threshold_field": "Value",
"time_policies": {
"policies": {
"default_policy": {
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"policy_type": "static",
"time_blocks": [],
"title": "Default"
}
}
},
"title": "Database modifys/sec",
"trending_ad": {
"sensitivity": 8
},
"type": "kpis_primary",
"tz_offset": null,
"unit": "/sec",
"urgency": 5.0,
"use_time_policies": false
},
{
"adaptive_thresholding_training_window": "-7d",
"adaptive_thresholds_is_enabled": false,
"aggregate_eval": "",
"aggregate_statop": "max",
"aggregate_threshold_alert_enabled": false,
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"aggregate_thresholds_alert_enabled": false,
"aggregate_thresholds_custom_alert_enabled": false,
"aggregate_thresholds_custom_alert_rules": [],
"alert_eval": "",
"alert_lag": "30",
"alert_on": "both",
"alert_period": "5",
"anomaly_detection_alerting_enabled": false,
"anomaly_detection_is_enabled": false,
"anomaly_detection_sensitivity": null,
"anomaly_detection_training_window": null,
"backfill_earliest_time": "-7d",
"backfill_enabled": false,
"base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from KCC\"",
"base_search_id": null,
"base_search_metric": null,
"cohesive_ad": {
"sensitivity": 8
},
"cohesive_anomaly_detection_is_enabled": false,
"datamodel": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"datamodel_filter": [],
"datamodel_filter_clauses": null,
"description": "Percentage of directory reads coming from Knowledge Consistency Checker (KCC), an Active Directory component that is responsible for the generating the replication topology between domain controllers.",
"enabled": true,
"entity_filter_field": "host",
"entity_split_field": "host",
"entity_statop": "max",
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"fill_gaps": "null_value",
"gap_custom_alert_value": 0.0,
"gap_severity": "unknown",
"gap_severity_color": "#CCCCCC",
"gap_severity_color_light": "#EEEEEE",
"gap_severity_value": "-1",
"is_filter_entities_to_service": false,
"is_split_by_entity": true,
"key": "da-itsi-cp-microsoft-exchange-d9ed877dcc0410f9ee0c9c9e",
"kpi_base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from KCC\"",
"kpi_template_kpi_id": "",
"kpi_threshold_template_id": "",
"metric_qualifier": null,
"metric_search_spec": {
"metric_index": "",
"metric_name": ""
},
"search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from KCC\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-d9ed877dcc0410f9ee0c9c9e, true, true, true)` | eval kpi=\"DS % Reads from KCC\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from KCC\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-d9ed877dcc0410f9ee0c9c9e)`",
"search_alert": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from KCC\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-d9ed877dcc0410f9ee0c9c9e, true, true, true)` | eval kpi=\"DS % Reads from KCC\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_alert_earliest": "5",
"search_alert_entities": "",
"search_buckets": "",
"search_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from KCC\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-d9ed877dcc0410f9ee0c9c9e)`",
"search_occurrences": 1.0,
"search_time_compare": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from KCC\" | `aggregate_raw_and_compare(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-d9ed877dcc0410f9ee0c9c9e)`",
"search_time_series": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from KCC\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-d9ed877dcc0410f9ee0c9c9e)`",
"search_time_series_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from KCC\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-d9ed877dcc0410f9ee0c9c9e)`",
"search_time_series_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from KCC\" | `aggregate_raw_into_limited_entity_time_series(max, Value, \"host\", 5)`",
"search_type": "adhoc",
"service_title": "MSExchange_BaseMetrics_NTDS",
"threshold_eval": "",
"threshold_field": "Value",
"time_policies": {
"policies": {
"default_policy": {
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"policy_type": "static",
"time_blocks": [],
"title": "Default"
}
}
},
"title": "DS % Reads from KCC",
"trending_ad": {
"sensitivity": 8
},
"type": "kpis_primary",
"tz_offset": null,
"unit": "%",
"urgency": 5.0,
"use_time_policies": false
},
{
"adaptive_thresholding_training_window": "-7d",
"adaptive_thresholds_is_enabled": false,
"aggregate_eval": "",
"aggregate_statop": "max",
"aggregate_threshold_alert_enabled": false,
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"aggregate_thresholds_alert_enabled": false,
"aggregate_thresholds_custom_alert_enabled": false,
"aggregate_thresholds_custom_alert_rules": [],
"alert_eval": "",
"alert_lag": "30",
"alert_on": "both",
"alert_period": "5",
"anomaly_detection_alerting_enabled": false,
"anomaly_detection_is_enabled": false,
"anomaly_detection_sensitivity": null,
"anomaly_detection_training_window": null,
"backfill_earliest_time": "-7d",
"backfill_enabled": false,
"base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from LSA\"",
"base_search_id": null,
"base_search_metric": null,
"cohesive_ad": {
"sensitivity": 8
},
"cohesive_anomaly_detection_is_enabled": false,
"datamodel": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"datamodel_filter": [],
"datamodel_filter_clauses": null,
"description": "Percentage of directory reads coming from Local Security Authority (LSA), a protected subsystem that maintains the security for the local computer.",
"enabled": true,
"entity_filter_field": "host",
"entity_split_field": "host",
"entity_statop": "max",
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"fill_gaps": "null_value",
"gap_custom_alert_value": 0.0,
"gap_severity": "unknown",
"gap_severity_color": "#CCCCCC",
"gap_severity_color_light": "#EEEEEE",
"gap_severity_value": "-1",
"is_filter_entities_to_service": false,
"is_split_by_entity": true,
"key": "da-itsi-cp-microsoft-exchange-c702be7e31ecced6ca335bb9",
"kpi_base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from LSA\"",
"kpi_template_kpi_id": "",
"kpi_threshold_template_id": "",
"metric_qualifier": null,
"metric_search_spec": {
"metric_index": "",
"metric_name": ""
},
"search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from LSA\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-c702be7e31ecced6ca335bb9, true, true, true)` | eval kpi=\"DS % Reads from LSA\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from LSA\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-c702be7e31ecced6ca335bb9)`",
"search_alert": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from LSA\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-c702be7e31ecced6ca335bb9, true, true, true)` | eval kpi=\"DS % Reads from LSA\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_alert_earliest": "5",
"search_alert_entities": "",
"search_buckets": "",
"search_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from LSA\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-c702be7e31ecced6ca335bb9)`",
"search_occurrences": 1.0,
"search_time_compare": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from LSA\" | `aggregate_raw_and_compare(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-c702be7e31ecced6ca335bb9)`",
"search_time_series": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from LSA\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-c702be7e31ecced6ca335bb9)`",
"search_time_series_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from LSA\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-c702be7e31ecced6ca335bb9)`",
"search_time_series_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from LSA\" | `aggregate_raw_into_limited_entity_time_series(max, Value, \"host\", 5)`",
"search_type": "adhoc",
"service_title": "MSExchange_BaseMetrics_NTDS",
"threshold_eval": "",
"threshold_field": "Value",
"time_policies": {
"policies": {
"default_policy": {
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"policy_type": "static",
"time_blocks": [],
"title": "Default"
}
}
},
"title": "DS % Reads from LSA",
"trending_ad": {
"sensitivity": 8
},
"type": "kpis_primary",
"tz_offset": null,
"unit": "%",
"urgency": 5.0,
"use_time_policies": false
},
{
"adaptive_thresholding_training_window": "-7d",
"adaptive_thresholds_is_enabled": false,
"aggregate_eval": null,
"aggregate_statop": "max",
"aggregate_threshold_alert_enabled": false,
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"aggregate_thresholds_alert_enabled": false,
"aggregate_thresholds_custom_alert_enabled": false,
"aggregate_thresholds_custom_alert_rules": [],
"alert_eval": null,
"alert_lag": "30",
"alert_on": "both",
"alert_period": "5",
"anomaly_detection_alerting_enabled": false,
"anomaly_detection_is_enabled": false,
"anomaly_detection_sensitivity": null,
"anomaly_detection_training_window": null,
"backfill_earliest_time": "-7d",
"backfill_enabled": false,
"base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from SAM\"",
"base_search_id": null,
"base_search_metric": null,
"cohesive_ad": {
"sensitivity": 8
},
"cohesive_anomaly_detection_is_enabled": false,
"datamodel": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"datamodel_filter": [],
"datamodel_filter_clauses": null,
"description": "Percentage of directory reads coming from Security Accounts Manager (SAM) interface, that provides compatibility between Windows 2000 and Windows NT 4.0 domains. The Lightweight Directory Access Protocol (LDAP) interface that provides the API for LDAP clients and exposes the Active Directory Services Interface (ADSI) so additional applications may be written that can talk to the Active Directory.",
"enabled": true,
"entity_filter_field": "host",
"entity_split_field": "host",
"entity_statop": "max",
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"fill_gaps": "null_value",
"gap_custom_alert_value": 0.0,
"gap_severity": "unknown",
"gap_severity_color": "#CCCCCC",
"gap_severity_color_light": "#EEEEEE",
"gap_severity_value": "-1",
"is_filter_entities_to_service": false,
"is_split_by_entity": true,
"key": "da-itsi-cp-microsoft-exchange-31882ca5a3c42c08b3d00ea8",
"kpi_base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from SAM\"",
"kpi_template_kpi_id": "",
"kpi_threshold_template_id": "",
"metric_qualifier": null,
"metric_search_spec": {
"metric_index": "",
"metric_name": ""
},
"search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from SAM\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-31882ca5a3c42c08b3d00ea8, true, true, true)` | eval kpi=\"DS % Reads from SAM\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from SAM\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-31882ca5a3c42c08b3d00ea8)`",
"search_alert": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from SAM\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-31882ca5a3c42c08b3d00ea8, true, true, true)` | eval kpi=\"DS % Reads from SAM\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_alert_earliest": "5",
"search_alert_entities": "",
"search_buckets": "",
"search_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from SAM\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-31882ca5a3c42c08b3d00ea8)`",
"search_occurrences": 1.0,
"search_time_compare": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from SAM\" | `aggregate_raw_and_compare(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-31882ca5a3c42c08b3d00ea8)`",
"search_time_series": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from SAM\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-31882ca5a3c42c08b3d00ea8)`",
"search_time_series_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from SAM\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-31882ca5a3c42c08b3d00ea8)`",
"search_time_series_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Reads from SAM\" | `aggregate_raw_into_limited_entity_time_series(max, Value, \"host\", 5)`",
"search_type": "adhoc",
"service_title": "MSExchange_BaseMetrics_NTDS",
"threshold_eval": null,
"threshold_field": "Value",
"time_policies": {
"policies": {
"default_policy": {
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"policy_type": "static",
"time_blocks": [],
"title": "Default"
}
}
},
"title": "DS % Reads from SAM",
"trending_ad": {
"sensitivity": 8
},
"type": "kpis_primary",
"tz_offset": null,
"unit": "%",
"urgency": 5.0,
"use_time_policies": false
},
{
"adaptive_thresholding_training_window": "-7d",
"adaptive_thresholds_is_enabled": false,
"aggregate_eval": null,
"aggregate_statop": "max",
"aggregate_threshold_alert_enabled": false,
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"aggregate_thresholds_alert_enabled": false,
"aggregate_thresholds_custom_alert_enabled": false,
"aggregate_thresholds_custom_alert_rules": [],
"alert_eval": null,
"alert_lag": "30",
"alert_on": "both",
"alert_period": "5",
"anomaly_detection_alerting_enabled": false,
"anomaly_detection_is_enabled": false,
"anomaly_detection_sensitivity": null,
"anomaly_detection_training_window": null,
"backfill_earliest_time": "-7d",
"backfill_enabled": false,
"base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from KCC\"",
"base_search_id": null,
"base_search_metric": null,
"cohesive_ad": {
"sensitivity": 8
},
"cohesive_anomaly_detection_is_enabled": false,
"datamodel": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"datamodel_filter": [],
"datamodel_filter_clauses": null,
"description": "Percentage of directory searches coming from Knowledge Consistency Checker (KCC), an Active Directory component that is responsible for the generating the replication topology between domain controllers.",
"enabled": true,
"entity_filter_field": "host",
"entity_split_field": "host",
"entity_statop": "max",
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"fill_gaps": "null_value",
"gap_custom_alert_value": 0.0,
"gap_severity": "unknown",
"gap_severity_color": "#CCCCCC",
"gap_severity_color_light": "#EEEEEE",
"gap_severity_value": "-1",
"is_filter_entities_to_service": false,
"is_split_by_entity": true,
"key": "da-itsi-cp-microsoft-exchange-e2d4d682fc06d7ac9c354c82",
"kpi_base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from KCC\"",
"kpi_template_kpi_id": "",
"kpi_threshold_template_id": "",
"metric_qualifier": null,
"metric_search_spec": {
"metric_index": "",
"metric_name": ""
},
"search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from KCC\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-e2d4d682fc06d7ac9c354c82, true, true, true)` | eval kpi=\"DS % Searches from KCC\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from KCC\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-e2d4d682fc06d7ac9c354c82)`",
"search_alert": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from KCC\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-e2d4d682fc06d7ac9c354c82, true, true, true)` | eval kpi=\"DS % Searches from KCC\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_alert_earliest": "5",
"search_alert_entities": "",
"search_buckets": "",
"search_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from KCC\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-e2d4d682fc06d7ac9c354c82)`",
"search_occurrences": 1.0,
"search_time_compare": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from KCC\" | `aggregate_raw_and_compare(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-e2d4d682fc06d7ac9c354c82)`",
"search_time_series": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from KCC\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-e2d4d682fc06d7ac9c354c82)`",
"search_time_series_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from KCC\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-e2d4d682fc06d7ac9c354c82)`",
"search_time_series_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from KCC\" | `aggregate_raw_into_limited_entity_time_series(max, Value, \"host\", 5)`",
"search_type": "adhoc",
"service_title": "MSExchange_BaseMetrics_NTDS",
"threshold_eval": null,
"threshold_field": "Value",
"time_policies": {
"policies": {
"default_policy": {
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"policy_type": "static",
"time_blocks": [],
"title": "Default"
}
}
},
"title": "DS % Searches from KCC",
"trending_ad": {
"sensitivity": 8
},
"type": "kpis_primary",
"tz_offset": null,
"unit": "%",
"urgency": 5.0,
"use_time_policies": false
},
{
"adaptive_thresholding_training_window": "-7d",
"adaptive_thresholds_is_enabled": false,
"aggregate_eval": "",
"aggregate_statop": "max",
"aggregate_threshold_alert_enabled": false,
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"aggregate_thresholds_alert_enabled": false,
"aggregate_thresholds_custom_alert_enabled": false,
"aggregate_thresholds_custom_alert_rules": [],
"alert_eval": "",
"alert_lag": "30",
"alert_on": "both",
"alert_period": "5",
"anomaly_detection_alerting_enabled": false,
"anomaly_detection_is_enabled": false,
"anomaly_detection_sensitivity": null,
"anomaly_detection_training_window": null,
"backfill_earliest_time": "-7d",
"backfill_enabled": false,
"base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from LDAP\"",
"base_search_id": null,
"base_search_metric": null,
"cohesive_ad": {
"sensitivity": 8
},
"cohesive_anomaly_detection_is_enabled": false,
"datamodel": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"datamodel_filter": [],
"datamodel_filter_clauses": null,
"description": "Percentage of directory searches coming from Lightweight Directory Access Protocol (LDAP) interface that provides the API for LDAP clients and exposes the Active Directory Services Interface (ADSI) so additional applications may be written that can talk to the Active Directory.",
"enabled": true,
"entity_filter_field": "host",
"entity_split_field": "host",
"entity_statop": "max",
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"fill_gaps": "null_value",
"gap_custom_alert_value": 0.0,
"gap_severity": "unknown",
"gap_severity_color": "#CCCCCC",
"gap_severity_color_light": "#EEEEEE",
"gap_severity_value": "-1",
"is_filter_entities_to_service": false,
"is_split_by_entity": true,
"key": "da-itsi-cp-microsoft-exchange-637389fdbebffd6375e0ef9d",
"kpi_base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from LDAP\"",
"kpi_template_kpi_id": "",
"kpi_threshold_template_id": "",
"metric_qualifier": null,
"metric_search_spec": {
"metric_index": "",
"metric_name": ""
},
"search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from LDAP\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-637389fdbebffd6375e0ef9d, true, true, true)` | eval kpi=\"DS % Searches from LDAP\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from LDAP\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-637389fdbebffd6375e0ef9d)`",
"search_alert": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from LDAP\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-637389fdbebffd6375e0ef9d, true, true, true)` | eval kpi=\"DS % Searches from LDAP\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_alert_earliest": "5",
"search_alert_entities": "",
"search_buckets": "",
"search_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from LDAP\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-637389fdbebffd6375e0ef9d)`",
"search_occurrences": 1.0,
"search_time_compare": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from LDAP\" | `aggregate_raw_and_compare(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-637389fdbebffd6375e0ef9d)`",
"search_time_series": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from LDAP\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-637389fdbebffd6375e0ef9d)`",
"search_time_series_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from LDAP\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-637389fdbebffd6375e0ef9d)`",
"search_time_series_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from LDAP\" | `aggregate_raw_into_limited_entity_time_series(max, Value, \"host\", 5)`",
"search_type": "adhoc",
"service_title": "MSExchange_BaseMetrics_NTDS",
"threshold_eval": "",
"threshold_field": "Value",
"time_policies": {
"policies": {
"default_policy": {
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"policy_type": "static",
"time_blocks": [],
"title": "Default"
}
}
},
"title": "DS % Searches from LDAP",
"trending_ad": {
"sensitivity": 8
},
"type": "kpis_primary",
"tz_offset": null,
"unit": "%",
"urgency": 5.0,
"use_time_policies": false
},
{
"adaptive_thresholding_training_window": "-7d",
"adaptive_thresholds_is_enabled": false,
"aggregate_eval": null,
"aggregate_statop": "max",
"aggregate_threshold_alert_enabled": false,
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"aggregate_thresholds_alert_enabled": false,
"aggregate_thresholds_custom_alert_enabled": false,
"aggregate_thresholds_custom_alert_rules": [],
"alert_eval": null,
"alert_lag": "30",
"alert_on": "both",
"alert_period": "5",
"anomaly_detection_alerting_enabled": false,
"anomaly_detection_is_enabled": false,
"anomaly_detection_sensitivity": null,
"anomaly_detection_training_window": null,
"backfill_earliest_time": "-7d",
"backfill_enabled": false,
"base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from LSA\"",
"base_search_id": null,
"base_search_metric": null,
"cohesive_ad": {
"sensitivity": 8
},
"cohesive_anomaly_detection_is_enabled": false,
"datamodel": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"datamodel_filter": [],
"datamodel_filter_clauses": null,
"description": "Percentage of directory searches coming from Local Security Authority (LSA), a protected subsystem that maintains the security for the local computer.",
"enabled": true,
"entity_filter_field": "host",
"entity_split_field": "host",
"entity_statop": "max",
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"fill_gaps": "null_value",
"gap_custom_alert_value": 0.0,
"gap_severity": "unknown",
"gap_severity_color": "#CCCCCC",
"gap_severity_color_light": "#EEEEEE",
"gap_severity_value": "-1",
"is_filter_entities_to_service": false,
"is_split_by_entity": true,
"key": "da-itsi-cp-microsoft-exchange-58651c7723d27e915b6ad1d3",
"kpi_base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from LSA\"",
"kpi_template_kpi_id": "",
"kpi_threshold_template_id": "",
"metric_qualifier": null,
"metric_search_spec": {
"metric_index": "",
"metric_name": ""
},
"search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from LSA\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-58651c7723d27e915b6ad1d3, true, true, true)` | eval kpi=\"DS % Searches from LSA\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from LSA\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-58651c7723d27e915b6ad1d3)`",
"search_alert": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from LSA\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-58651c7723d27e915b6ad1d3, true, true, true)` | eval kpi=\"DS % Searches from LSA\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_alert_earliest": "5",
"search_alert_entities": "",
"search_buckets": "",
"search_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from LSA\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-58651c7723d27e915b6ad1d3)`",
"search_occurrences": 1.0,
"search_time_compare": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from LSA\" | `aggregate_raw_and_compare(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-58651c7723d27e915b6ad1d3)`",
"search_time_series": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from LSA\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-58651c7723d27e915b6ad1d3)`",
"search_time_series_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from LSA\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-58651c7723d27e915b6ad1d3)`",
"search_time_series_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from LSA\" | `aggregate_raw_into_limited_entity_time_series(max, Value, \"host\", 5)`",
"search_type": "adhoc",
"service_title": "MSExchange_BaseMetrics_NTDS",
"threshold_eval": null,
"threshold_field": "Value",
"time_policies": {
"policies": {
"default_policy": {
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"policy_type": "static",
"time_blocks": [],
"title": "Default"
}
}
},
"title": "DS % Searches from LSA",
"trending_ad": {
"sensitivity": 8
},
"type": "kpis_primary",
"tz_offset": null,
"unit": "%",
"urgency": 5.0,
"use_time_policies": false
},
{
"adaptive_thresholding_training_window": "-7d",
"adaptive_thresholds_is_enabled": false,
"aggregate_eval": null,
"aggregate_statop": "max",
"aggregate_threshold_alert_enabled": false,
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"aggregate_thresholds_alert_enabled": false,
"aggregate_thresholds_custom_alert_enabled": false,
"aggregate_thresholds_custom_alert_rules": [],
"alert_eval": null,
"alert_lag": "30",
"alert_on": "both",
"alert_period": "5",
"anomaly_detection_alerting_enabled": false,
"anomaly_detection_is_enabled": false,
"anomaly_detection_sensitivity": null,
"anomaly_detection_training_window": null,
"backfill_earliest_time": "-7d",
"backfill_enabled": false,
"base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from NTDSAPI\"",
"base_search_id": null,
"base_search_metric": null,
"cohesive_ad": {
"sensitivity": 8
},
"cohesive_anomaly_detection_is_enabled": false,
"datamodel": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"datamodel_filter": [],
"datamodel_filter_clauses": null,
"description": "Percentage of directory searches coming from Active Directory Domain Services API.",
"enabled": true,
"entity_filter_field": "host",
"entity_split_field": "host",
"entity_statop": "max",
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"fill_gaps": "null_value",
"gap_custom_alert_value": 0.0,
"gap_severity": "unknown",
"gap_severity_color": "#CCCCCC",
"gap_severity_color_light": "#EEEEEE",
"gap_severity_value": "-1",
"is_filter_entities_to_service": false,
"is_split_by_entity": true,
"key": "da-itsi-cp-microsoft-exchange-ee24b0a03bb3db3f9e5c48ed",
"kpi_base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from NTDSAPI\"",
"kpi_template_kpi_id": "",
"kpi_threshold_template_id": "",
"metric_qualifier": null,
"metric_search_spec": {
"metric_index": "",
"metric_name": ""
},
"search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from NTDSAPI\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-ee24b0a03bb3db3f9e5c48ed, true, true, true)` | eval kpi=\"DS % Searches from NTDSAPI\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from NTDSAPI\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-ee24b0a03bb3db3f9e5c48ed)`",
"search_alert": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from NTDSAPI\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-ee24b0a03bb3db3f9e5c48ed, true, true, true)` | eval kpi=\"DS % Searches from NTDSAPI\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_alert_earliest": "5",
"search_alert_entities": "",
"search_buckets": "",
"search_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from NTDSAPI\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-ee24b0a03bb3db3f9e5c48ed)`",
"search_occurrences": 1.0,
"search_time_compare": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from NTDSAPI\" | `aggregate_raw_and_compare(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-ee24b0a03bb3db3f9e5c48ed)`",
"search_time_series": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from NTDSAPI\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-ee24b0a03bb3db3f9e5c48ed)`",
"search_time_series_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from NTDSAPI\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-ee24b0a03bb3db3f9e5c48ed)`",
"search_time_series_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from NTDSAPI\" | `aggregate_raw_into_limited_entity_time_series(max, Value, \"host\", 5)`",
"search_type": "adhoc",
"service_title": "MSExchange_BaseMetrics_NTDS",
"threshold_eval": null,
"threshold_field": "Value",
"time_policies": {
"policies": {
"default_policy": {
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"policy_type": "static",
"time_blocks": [],
"title": "Default"
}
}
},
"title": "DS % Searches from NTDSAPI",
"trending_ad": {
"sensitivity": 8
},
"type": "kpis_primary",
"tz_offset": null,
"unit": "%",
"urgency": 5.0,
"use_time_policies": false
},
{
"adaptive_thresholding_training_window": "-7d",
"adaptive_thresholds_is_enabled": false,
"aggregate_eval": null,
"aggregate_statop": "max",
"aggregate_threshold_alert_enabled": false,
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"aggregate_thresholds_alert_enabled": false,
"aggregate_thresholds_custom_alert_enabled": false,
"aggregate_thresholds_custom_alert_rules": [],
"alert_eval": null,
"alert_lag": "30",
"alert_on": "both",
"alert_period": "5",
"anomaly_detection_alerting_enabled": false,
"anomaly_detection_is_enabled": false,
"anomaly_detection_sensitivity": null,
"anomaly_detection_training_window": null,
"backfill_earliest_time": "-7d",
"backfill_enabled": false,
"base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from SAM\"",
"base_search_id": null,
"base_search_metric": null,
"cohesive_ad": {
"sensitivity": 8
},
"cohesive_anomaly_detection_is_enabled": false,
"datamodel": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"datamodel_filter": [],
"datamodel_filter_clauses": null,
"description": "Percentage of directory searches coming from Security Accounts Manager (SAM) interface, that provides compatibility between Windows 2000 and Windows NT 4.0 domains.",
"enabled": true,
"entity_filter_field": "host",
"entity_split_field": "host",
"entity_statop": "max",
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"fill_gaps": "null_value",
"gap_custom_alert_value": 0.0,
"gap_severity": "unknown",
"gap_severity_color": "#CCCCCC",
"gap_severity_color_light": "#EEEEEE",
"gap_severity_value": "-1",
"is_filter_entities_to_service": false,
"is_split_by_entity": true,
"key": "da-itsi-cp-microsoft-exchange-d8c6cf4019a6bd6b06e9d22b",
"kpi_base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from SAM\"",
"kpi_template_kpi_id": "",
"kpi_threshold_template_id": "",
"metric_qualifier": null,
"metric_search_spec": {
"metric_index": "",
"metric_name": ""
},
"search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from SAM\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-d8c6cf4019a6bd6b06e9d22b, true, true, true)` | eval kpi=\"DS % Searches from SAM\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from SAM\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-d8c6cf4019a6bd6b06e9d22b)`",
"search_alert": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from SAM\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-d8c6cf4019a6bd6b06e9d22b, true, true, true)` | eval kpi=\"DS % Searches from SAM\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_alert_earliest": "5",
"search_alert_entities": "",
"search_buckets": "",
"search_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from SAM\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-d8c6cf4019a6bd6b06e9d22b)`",
"search_occurrences": 1.0,
"search_time_compare": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from SAM\" | `aggregate_raw_and_compare(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-d8c6cf4019a6bd6b06e9d22b)`",
"search_time_series": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from SAM\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-d8c6cf4019a6bd6b06e9d22b)`",
"search_time_series_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from SAM\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-d8c6cf4019a6bd6b06e9d22b)`",
"search_time_series_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Searches from SAM\" | `aggregate_raw_into_limited_entity_time_series(max, Value, \"host\", 5)`",
"search_type": "adhoc",
"service_title": "MSExchange_BaseMetrics_NTDS",
"threshold_eval": null,
"threshold_field": "Value",
"time_policies": {
"policies": {
"default_policy": {
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"policy_type": "static",
"time_blocks": [],
"title": "Default"
}
}
},
"title": "DS % Searches from SAM",
"trending_ad": {
"sensitivity": 8
},
"type": "kpis_primary",
"tz_offset": null,
"unit": "%",
"urgency": 5.0,
"use_time_policies": false
},
{
"adaptive_thresholding_training_window": "-7d",
"adaptive_thresholds_is_enabled": false,
"aggregate_eval": null,
"aggregate_statop": "max",
"aggregate_threshold_alert_enabled": false,
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"aggregate_thresholds_alert_enabled": false,
"aggregate_thresholds_custom_alert_enabled": false,
"aggregate_thresholds_custom_alert_rules": [],
"alert_eval": null,
"alert_lag": "30",
"alert_on": "both",
"alert_period": "5",
"anomaly_detection_alerting_enabled": false,
"anomaly_detection_is_enabled": false,
"anomaly_detection_sensitivity": null,
"anomaly_detection_training_window": null,
"backfill_earliest_time": "-7d",
"backfill_enabled": false,
"base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from LDAP\"",
"base_search_id": null,
"base_search_metric": null,
"cohesive_ad": {
"sensitivity": 8
},
"cohesive_anomaly_detection_is_enabled": false,
"datamodel": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"datamodel_filter": [],
"datamodel_filter_clauses": null,
"description": "Percentage of directory writes coming from Lightweight Directory Access Protocol (LDAP) interface that provides the API for LDAP clients and exposes the Active Directory Services Interface (ADSI) so additional applications may be written that can talk to the Active Directory.",
"enabled": true,
"entity_filter_field": "host",
"entity_split_field": "host",
"entity_statop": "max",
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"fill_gaps": "null_value",
"gap_custom_alert_value": 0.0,
"gap_severity": "unknown",
"gap_severity_color": "#CCCCCC",
"gap_severity_color_light": "#EEEEEE",
"gap_severity_value": "-1",
"is_filter_entities_to_service": false,
"is_split_by_entity": true,
"key": "da-itsi-cp-microsoft-exchange-ad56161c608cbeab423466ca",
"kpi_base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from LDAP\"",
"kpi_template_kpi_id": "",
"kpi_threshold_template_id": "",
"metric_qualifier": null,
"metric_search_spec": {
"metric_index": "",
"metric_name": ""
},
"search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from LDAP\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-ad56161c608cbeab423466ca, true, true, true)` | eval kpi=\"DS % Writes from LDAP\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from LDAP\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-ad56161c608cbeab423466ca)`",
"search_alert": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from LDAP\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-ad56161c608cbeab423466ca, true, true, true)` | eval kpi=\"DS % Writes from LDAP\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_alert_earliest": "5",
"search_alert_entities": "",
"search_buckets": "",
"search_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from LDAP\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-ad56161c608cbeab423466ca)`",
"search_occurrences": 1.0,
"search_time_compare": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from LDAP\" | `aggregate_raw_and_compare(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-ad56161c608cbeab423466ca)`",
"search_time_series": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from LDAP\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-ad56161c608cbeab423466ca)`",
"search_time_series_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from LDAP\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-ad56161c608cbeab423466ca)`",
"search_time_series_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from LDAP\" | `aggregate_raw_into_limited_entity_time_series(max, Value, \"host\", 5)`",
"search_type": "adhoc",
"service_title": "MSExchange_BaseMetrics_NTDS",
"threshold_eval": null,
"threshold_field": "Value",
"time_policies": {
"policies": {
"default_policy": {
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"policy_type": "static",
"time_blocks": [],
"title": "Default"
}
}
},
"title": "DS % Writes from LDAP",
"trending_ad": {
"sensitivity": 8
},
"type": "kpis_primary",
"tz_offset": null,
"unit": "%",
"urgency": 5.0,
"use_time_policies": false
},
{
"adaptive_thresholding_training_window": "-7d",
"adaptive_thresholds_is_enabled": false,
"aggregate_eval": null,
"aggregate_statop": "max",
"aggregate_threshold_alert_enabled": false,
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"aggregate_thresholds_alert_enabled": false,
"aggregate_thresholds_custom_alert_enabled": false,
"aggregate_thresholds_custom_alert_rules": [],
"alert_eval": null,
"alert_lag": "30",
"alert_on": "both",
"alert_period": "5",
"anomaly_detection_alerting_enabled": false,
"anomaly_detection_is_enabled": false,
"anomaly_detection_sensitivity": null,
"anomaly_detection_training_window": null,
"backfill_earliest_time": "-7d",
"backfill_enabled": false,
"base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from NTDSAPI\"",
"base_search_id": null,
"base_search_metric": null,
"cohesive_ad": {
"sensitivity": 8
},
"cohesive_anomaly_detection_is_enabled": false,
"datamodel": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"datamodel_filter": [],
"datamodel_filter_clauses": null,
"description": "Percentage of directory writes coming from Active Directory Domain Services API.",
"enabled": true,
"entity_filter_field": "host",
"entity_split_field": "host",
"entity_statop": "max",
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"fill_gaps": "null_value",
"gap_custom_alert_value": 0.0,
"gap_severity": "unknown",
"gap_severity_color": "#CCCCCC",
"gap_severity_color_light": "#EEEEEE",
"gap_severity_value": "-1",
"is_filter_entities_to_service": false,
"is_split_by_entity": true,
"key": "da-itsi-cp-microsoft-exchange-3667936b42c34552377eacf7",
"kpi_base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from NTDSAPI\"",
"kpi_template_kpi_id": "",
"kpi_threshold_template_id": "",
"metric_qualifier": null,
"metric_search_spec": {
"metric_index": "",
"metric_name": ""
},
"search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from NTDSAPI\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-3667936b42c34552377eacf7, true, true, true)` | eval kpi=\"DS % Writes from NTDSAPI\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from NTDSAPI\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-3667936b42c34552377eacf7)`",
"search_alert": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from NTDSAPI\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-3667936b42c34552377eacf7, true, true, true)` | eval kpi=\"DS % Writes from NTDSAPI\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_alert_earliest": "5",
"search_alert_entities": "",
"search_buckets": "",
"search_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from NTDSAPI\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-3667936b42c34552377eacf7)`",
"search_occurrences": 1.0,
"search_time_compare": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from NTDSAPI\" | `aggregate_raw_and_compare(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-3667936b42c34552377eacf7)`",
"search_time_series": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from NTDSAPI\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-3667936b42c34552377eacf7)`",
"search_time_series_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from NTDSAPI\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-3667936b42c34552377eacf7)`",
"search_time_series_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from NTDSAPI\" | `aggregate_raw_into_limited_entity_time_series(max, Value, \"host\", 5)`",
"search_type": "adhoc",
"service_title": "MSExchange_BaseMetrics_NTDS",
"threshold_eval": null,
"threshold_field": "Value",
"time_policies": {
"policies": {
"default_policy": {
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"policy_type": "static",
"time_blocks": [],
"title": "Default"
}
}
},
"title": "DS % Writes from NTDSAPI",
"trending_ad": {
"sensitivity": 8
},
"type": "kpis_primary",
"tz_offset": null,
"unit": "%",
"urgency": 5.0,
"use_time_policies": false
},
{
"adaptive_thresholding_training_window": "-7d",
"adaptive_thresholds_is_enabled": false,
"aggregate_eval": "",
"aggregate_statop": "max",
"aggregate_threshold_alert_enabled": false,
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"aggregate_thresholds_alert_enabled": false,
"aggregate_thresholds_custom_alert_enabled": false,
"aggregate_thresholds_custom_alert_rules": [],
"alert_eval": "",
"alert_lag": "30",
"alert_on": "both",
"alert_period": "5",
"anomaly_detection_alerting_enabled": false,
"anomaly_detection_is_enabled": false,
"anomaly_detection_sensitivity": null,
"anomaly_detection_training_window": null,
"backfill_earliest_time": "-7d",
"backfill_enabled": false,
"base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from SAM\"",
"base_search_id": null,
"base_search_metric": null,
"cohesive_ad": {
"sensitivity": 8
},
"cohesive_anomaly_detection_is_enabled": false,
"datamodel": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"datamodel_filter": [],
"datamodel_filter_clauses": null,
"description": "Percentage of directory writes coming from Security Accounts Manager (SAM) interface, that provides compatibility between Windows 2000 and Windows NT 4.0 domains.",
"enabled": true,
"entity_filter_field": "host",
"entity_split_field": "host",
"entity_statop": "max",
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"fill_gaps": "null_value",
"gap_custom_alert_value": 0.0,
"gap_severity": "unknown",
"gap_severity_color": "#CCCCCC",
"gap_severity_color_light": "#EEEEEE",
"gap_severity_value": "-1",
"is_filter_entities_to_service": false,
"is_split_by_entity": true,
"key": "da-itsi-cp-microsoft-exchange-ce5ffc8cd6389c165415e3c1",
"kpi_base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from SAM\"",
"kpi_template_kpi_id": "",
"kpi_threshold_template_id": "",
"metric_qualifier": null,
"metric_search_spec": {
"metric_index": "",
"metric_name": ""
},
"search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from SAM\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-ce5ffc8cd6389c165415e3c1, true, true, true)` | eval kpi=\"DS % Writes from SAM\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from SAM\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-ce5ffc8cd6389c165415e3c1)`",
"search_alert": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from SAM\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-ce5ffc8cd6389c165415e3c1, true, true, true)` | eval kpi=\"DS % Writes from SAM\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_alert_earliest": "5",
"search_alert_entities": "",
"search_buckets": "",
"search_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from SAM\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-ce5ffc8cd6389c165415e3c1)`",
"search_occurrences": 1.0,
"search_time_compare": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from SAM\" | `aggregate_raw_and_compare(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-ce5ffc8cd6389c165415e3c1)`",
"search_time_series": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from SAM\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-ce5ffc8cd6389c165415e3c1)`",
"search_time_series_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from SAM\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-ce5ffc8cd6389c165415e3c1)`",
"search_time_series_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS % Writes from SAM\" | `aggregate_raw_into_limited_entity_time_series(max, Value, \"host\", 5)`",
"search_type": "adhoc",
"service_title": "MSExchange_BaseMetrics_NTDS",
"threshold_eval": "",
"threshold_field": "Value",
"time_policies": {
"policies": {
"default_policy": {
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"policy_type": "static",
"time_blocks": [],
"title": "Default"
}
}
},
"title": "DS % Writes from SAM",
"trending_ad": {
"sensitivity": 8
},
"type": "kpis_primary",
"tz_offset": null,
"unit": "%",
"urgency": 5.0,
"use_time_policies": false
},
{
"adaptive_thresholding_training_window": "-7d",
"adaptive_thresholds_is_enabled": false,
"aggregate_eval": null,
"aggregate_statop": "max",
"aggregate_threshold_alert_enabled": false,
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"aggregate_thresholds_alert_enabled": false,
"aggregate_thresholds_custom_alert_enabled": false,
"aggregate_thresholds_custom_alert_rules": [],
"alert_eval": null,
"alert_lag": "30",
"alert_on": "both",
"alert_period": "5",
"anomaly_detection_alerting_enabled": false,
"anomaly_detection_is_enabled": false,
"anomaly_detection_sensitivity": null,
"anomaly_detection_training_window": null,
"backfill_earliest_time": "-7d",
"backfill_enabled": false,
"base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Reads/sec\"",
"base_search_id": null,
"base_search_metric": null,
"cohesive_ad": {
"sensitivity": 8
},
"cohesive_anomaly_detection_is_enabled": false,
"datamodel": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"datamodel_filter": [],
"datamodel_filter_clauses": null,
"description": "Shows the number of directory reads per second.",
"enabled": true,
"entity_filter_field": "host",
"entity_split_field": "host",
"entity_statop": "max",
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"fill_gaps": "null_value",
"gap_custom_alert_value": 0.0,
"gap_severity": "unknown",
"gap_severity_color": "#CCCCCC",
"gap_severity_color_light": "#EEEEEE",
"gap_severity_value": "-1",
"is_filter_entities_to_service": false,
"is_split_by_entity": true,
"key": "da-itsi-cp-microsoft-exchange-804dc1243ba1820c08a85c4c",
"kpi_base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Reads/sec\"",
"kpi_template_kpi_id": "",
"kpi_threshold_template_id": "",
"metric_qualifier": null,
"metric_search_spec": {
"metric_index": "",
"metric_name": ""
},
"search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Reads/sec\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-804dc1243ba1820c08a85c4c, true, true, true)` | eval kpi=\"DS Directory Reads/sec\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Reads/sec\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-804dc1243ba1820c08a85c4c)`",
"search_alert": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Reads/sec\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-804dc1243ba1820c08a85c4c, true, true, true)` | eval kpi=\"DS Directory Reads/sec\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_alert_earliest": "5",
"search_alert_entities": "",
"search_buckets": "",
"search_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Reads/sec\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-804dc1243ba1820c08a85c4c)`",
"search_occurrences": 1.0,
"search_time_compare": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Reads/sec\" | `aggregate_raw_and_compare(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-804dc1243ba1820c08a85c4c)`",
"search_time_series": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Reads/sec\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-804dc1243ba1820c08a85c4c)`",
"search_time_series_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Reads/sec\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-804dc1243ba1820c08a85c4c)`",
"search_time_series_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Reads/sec\" | `aggregate_raw_into_limited_entity_time_series(max, Value, \"host\", 5)`",
"search_type": "adhoc",
"service_title": "MSExchange_BaseMetrics_NTDS",
"threshold_eval": null,
"threshold_field": "Value",
"time_policies": {
"policies": {
"default_policy": {
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"policy_type": "static",
"time_blocks": [],
"title": "Default"
}
}
},
"title": "DS Directory Reads/sec",
"trending_ad": {
"sensitivity": 8
},
"type": "kpis_primary",
"tz_offset": null,
"unit": "/sec",
"urgency": 5.0,
"use_time_policies": false
},
{
"adaptive_thresholding_training_window": "-7d",
"adaptive_thresholds_is_enabled": false,
"aggregate_eval": null,
"aggregate_statop": "max",
"aggregate_threshold_alert_enabled": false,
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"aggregate_thresholds_alert_enabled": false,
"aggregate_thresholds_custom_alert_enabled": false,
"aggregate_thresholds_custom_alert_rules": [],
"alert_eval": null,
"alert_lag": "30",
"alert_on": "both",
"alert_period": "5",
"anomaly_detection_alerting_enabled": false,
"anomaly_detection_is_enabled": false,
"anomaly_detection_sensitivity": null,
"anomaly_detection_training_window": null,
"backfill_earliest_time": "-7d",
"backfill_enabled": false,
"base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Searches/sec\"",
"base_search_id": null,
"base_search_metric": null,
"cohesive_ad": {
"sensitivity": 8
},
"cohesive_anomaly_detection_is_enabled": false,
"datamodel": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"datamodel_filter": [],
"datamodel_filter_clauses": null,
"description": "Shows the number of directory searches per second.",
"enabled": true,
"entity_filter_field": "host",
"entity_split_field": "host",
"entity_statop": "max",
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"fill_gaps": "null_value",
"gap_custom_alert_value": 0.0,
"gap_severity": "unknown",
"gap_severity_color": "#CCCCCC",
"gap_severity_color_light": "#EEEEEE",
"gap_severity_value": "-1",
"is_filter_entities_to_service": false,
"is_split_by_entity": true,
"key": "da-itsi-cp-microsoft-exchange-e2a81444ee5f93fd46af0301",
"kpi_base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Searches/sec\"",
"kpi_template_kpi_id": "",
"kpi_threshold_template_id": "",
"metric_qualifier": null,
"metric_search_spec": {
"metric_index": "",
"metric_name": ""
},
"search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Searches/sec\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-e2a81444ee5f93fd46af0301, true, true, true)` | eval kpi=\"DS Directory Searches/sec\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Searches/sec\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-e2a81444ee5f93fd46af0301)`",
"search_alert": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Searches/sec\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-e2a81444ee5f93fd46af0301, true, true, true)` | eval kpi=\"DS Directory Searches/sec\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_alert_earliest": "5",
"search_alert_entities": "",
"search_buckets": "",
"search_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Searches/sec\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-e2a81444ee5f93fd46af0301)`",
"search_occurrences": 1.0,
"search_time_compare": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Searches/sec\" | `aggregate_raw_and_compare(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-e2a81444ee5f93fd46af0301)`",
"search_time_series": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Searches/sec\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-e2a81444ee5f93fd46af0301)`",
"search_time_series_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Searches/sec\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-e2a81444ee5f93fd46af0301)`",
"search_time_series_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Searches/sec\" | `aggregate_raw_into_limited_entity_time_series(max, Value, \"host\", 5)`",
"search_type": "adhoc",
"service_title": "MSExchange_BaseMetrics_NTDS",
"threshold_eval": null,
"threshold_field": "Value",
"time_policies": {
"policies": {
"default_policy": {
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"policy_type": "static",
"time_blocks": [],
"title": "Default"
}
}
},
"title": "DS Directory Searches/sec",
"trending_ad": {
"sensitivity": 8
},
"type": "kpis_primary",
"tz_offset": null,
"unit": "/sec",
"urgency": 5.0,
"use_time_policies": false
},
{
"adaptive_thresholding_training_window": "-7d",
"adaptive_thresholds_is_enabled": false,
"aggregate_eval": null,
"aggregate_statop": "max",
"aggregate_threshold_alert_enabled": false,
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"aggregate_thresholds_alert_enabled": false,
"aggregate_thresholds_custom_alert_enabled": false,
"aggregate_thresholds_custom_alert_rules": [],
"alert_eval": null,
"alert_lag": "30",
"alert_on": "both",
"alert_period": "5",
"anomaly_detection_alerting_enabled": false,
"anomaly_detection_is_enabled": false,
"anomaly_detection_sensitivity": null,
"anomaly_detection_training_window": null,
"backfill_earliest_time": "-7d",
"backfill_enabled": false,
"base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Writes/sec\"",
"base_search_id": null,
"base_search_metric": null,
"cohesive_ad": {
"sensitivity": 8
},
"cohesive_anomaly_detection_is_enabled": false,
"datamodel": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"datamodel_filter": [],
"datamodel_filter_clauses": null,
"description": "Shows the number of directory writes per second.",
"enabled": true,
"entity_filter_field": "host",
"entity_split_field": "host",
"entity_statop": "max",
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"fill_gaps": "null_value",
"gap_custom_alert_value": 0.0,
"gap_severity": "unknown",
"gap_severity_color": "#CCCCCC",
"gap_severity_color_light": "#EEEEEE",
"gap_severity_value": "-1",
"is_filter_entities_to_service": false,
"is_split_by_entity": true,
"key": "da-itsi-cp-microsoft-exchange-bab540df27f7ec5286ade7e3",
"kpi_base_search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Writes/sec\"",
"kpi_template_kpi_id": "",
"kpi_threshold_template_id": "",
"metric_qualifier": null,
"metric_search_spec": {
"metric_index": "",
"metric_name": ""
},
"search": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Writes/sec\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-bab540df27f7ec5286ade7e3, true, true, true)` | eval kpi=\"DS Directory Writes/sec\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Writes/sec\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-bab540df27f7ec5286ade7e3)`",
"search_alert": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Writes/sec\" | `aggregate_raw_into_entity(max, Value, \"host\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(host, sec_grp)` | eval serviceid = \"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `aggregate_entity_into_service(max)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-bab540df27f7ec5286ade7e3, true, true, true)` | eval kpi=\"DS Directory Writes/sec\", urgency=\"5\", alert_period=\"5\", serviceid=\"da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds\" | `assess_urgency` | `gettime`",
"search_alert_earliest": "5",
"search_alert_entities": "",
"search_buckets": "",
"search_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Writes/sec\" | `aggregate_raw_into_single_value(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-bab540df27f7ec5286ade7e3)`",
"search_occurrences": 1.0,
"search_time_compare": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Writes/sec\" | `aggregate_raw_and_compare(max, max, Value, \"host\", 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-bab540df27f7ec5286ade7e3)`",
"search_time_series": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Writes/sec\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-bab540df27f7ec5286ade7e3)`",
"search_time_series_aggregate": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Writes/sec\" | `aggregate_raw_into_entity_time_series(max, Value, \"host\", 5)` | `aggregate_entity_into_service_time_series(max, 5)` | `assess_severity(da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds, da-itsi-cp-microsoft-exchange-bab540df27f7ec5286ade7e3)`",
"search_time_series_entities": "eventtype=msperfmon-index ms_exchange_host=\"true\" eventtype=msexchange-perfmon counter=\"DS Directory Writes/sec\" | `aggregate_raw_into_limited_entity_time_series(max, Value, \"host\", 5)`",
"search_type": "adhoc",
"service_title": "MSExchange_BaseMetrics_NTDS",
"threshold_eval": null,
"threshold_field": "Value",
"time_policies": {
"policies": {
"default_policy": {
"aggregate_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"entity_thresholds": {
"base_severity_color": "#99D18B",
"base_severity_color_light": "#DCEFD7",
"base_severity_label": "normal",
"base_severity_value": 2.0,
"gauge_max": 100,
"gauge_min": 0,
"is_max_static": false,
"is_min_static": true,
"metric_field": "count",
"render_boundary_max": 100.0,
"render_boundary_min": 0.0,
"threshold_levels": []
},
"policy_type": "static",
"time_blocks": [],
"title": "Default"
}
}
},
"title": "DS Directory Writes/sec",
"trending_ad": {
"sensitivity": 8
},
"type": "kpis_primary",
"tz_offset": null,
"unit": "/sec",
"urgency": 5.0,
"use_time_policies": false
}
],
"service_tags": {
"tags": [],
"template_tags": []
},
"service_template_id": "",
"services_depending_on_me": [
{
"kpis_depending_on": [
"SHKPI-da-itsi-cp-microsoft-exchange-msexchange-basemetrics-ntds"
],
"service_id": "da-itsi-cp-microsoft-exchange-msexchange-basemetrics"
}
],
"services_depends_on": [],
"team_id": "default_itsi_security_group",
"title": "MSExchange_BaseMetrics_NTDS",
"version": "0.0.33"
}
Reference in new issue View Git Blame Copy Permalink