Deployement_Server_old/apps/splunk_rapid_diag/default/savedsearches.conf

[RapidDiag Telemetry: Execution statistics]
search = index=_internal sourcetype="splunk_rapid_diag" splunk_server="local" (component=task OR (component=collector internal=False)) name=* status=* \
| table component, name, status \
| eval name=substr(sha256(name),0,12) \
| stats count AS data.count by component, name, status \
| rename status as data.status, name as data.metricName, component AS data.type \
| makejson data.* output=event
enableSched=1
action.outputtelemetry                     = 1
action.outputtelemetry.param.anonymous     = 1
action.outputtelemetry.param.support       = 1
action.outputtelemetry.param.license       = 0
action.outputtelemetry.param.optinrequired = 3
action.outputtelemetry.param.component     = app.RapidDiag.executionMetrics
action.outputtelemetry.param.input         = event
action.outputtelemetry.param.type          = aggregate
cron_schedule = 0 3 * * *
dispatch.earliest_time = -1d

[RapidDiag Telemetry: UI access statistics]
search = index=_internal sourcetype="splunkd_ui_access" app/splunk_rapid_diag/task_manager OR app/splunk_rapid_diag/task_template_wizard OR app/splunk_rapid_diag/data_collection OR app/splunk_rapid_diag/reference_guide method=GET splunk_server="local" \
| table user, uri_path, status \
| stats count AS data.count by user, uri_path, status \
| eval [| rest splunk_server=local /servicesNS/nobody/splunk_instrumentation/telemetry \
| table telemetrySalt \
| format \
| rex field=search mode=sed "s/[()]//g"] \
| eval data.user=substr(sha256(telemetrySalt + user),0,12) \
| rename uri_path as data.uri_path, status as data.status \
| makejson data.* output=event
enableSched=1
action.outputtelemetry                     = 1
action.outputtelemetry.param.anonymous     = 1
action.outputtelemetry.param.support       = 1
action.outputtelemetry.param.license       = 0
action.outputtelemetry.param.optinrequired = 3
action.outputtelemetry.param.component     = app.RapidDiag.uiAccessMetrics
action.outputtelemetry.param.input         = event
action.outputtelemetry.param.type          = aggregate
cron_schedule = 5 3 * * *
dispatch.earliest_time = -1d

[RapidDiag Telemetry: CLI access statistics]
search = index=_internal sourcetype="splunk_rapid_diag" splunk_server="local" component=cli_internal token_auth=False mode=* action=* result=* \
| table mode, action , result \
| stats count AS data.count by mode, action, result \
| rename mode as data.mode, action as data.action , result AS data.result \
| makejson data.* output=event
enableSched=1
action.outputtelemetry                     = 1
action.outputtelemetry.param.anonymous     = 1
action.outputtelemetry.param.support       = 1
action.outputtelemetry.param.license       = 0
action.outputtelemetry.param.optinrequired = 3
action.outputtelemetry.param.component     = app.RapidDiag.cliAccessMetrics
action.outputtelemetry.param.input         = event
action.outputtelemetry.param.type          = aggregate
cron_schedule = 10 3 * * *
dispatch.earliest_time = -1d