admingit
/
Deployement_Server_old
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2c6cc4836c'
${ noResults }
Deployement_Server_old/apps/splunk_rapid_diag/default/savedsearches.conf

60 lines
2.9 KiB
Raw Blame History

[RapidDiag Telemetry: Execution statistics]
search = index=_internal sourcetype="splunk_rapid_diag" splunk_server="local" (component=task OR (component=collector internal=False)) name=* status=* \
| table component, name, status \
| eval name=substr(sha256(name),0,12) \
| stats count AS data.count by component, name, status \
| rename status as data.status, name as data.metricName, component AS data.type \
| makejson data.* output=event
enableSched=1
action.outputtelemetry = 1
action.outputtelemetry.param.anonymous = 1
action.outputtelemetry.param.support = 1
action.outputtelemetry.param.license = 0
action.outputtelemetry.param.optinrequired = 3
action.outputtelemetry.param.component = app.RapidDiag.executionMetrics
action.outputtelemetry.param.input = event
action.outputtelemetry.param.type = aggregate
cron_schedule = 0 3 * * *
dispatch.earliest_time = -1d
[RapidDiag Telemetry: UI access statistics]
search = index=_internal sourcetype="splunkd_ui_access" app/splunk_rapid_diag/task_manager OR app/splunk_rapid_diag/task_template_wizard OR app/splunk_rapid_diag/data_collection OR app/splunk_rapid_diag/reference_guide method=GET splunk_server="local" \
| table user, uri_path, status \
| stats count AS data.count by user, uri_path, status \
| eval [| rest splunk_server=local /servicesNS/nobody/splunk_instrumentation/telemetry \
| table telemetrySalt \
| format \
| rex field=search mode=sed "s/[()]//g"] \
| eval data.user=substr(sha256(telemetrySalt + user),0,12) \
| rename uri_path as data.uri_path, status as data.status \
| makejson data.* output=event
enableSched=1
action.outputtelemetry = 1
action.outputtelemetry.param.anonymous = 1
action.outputtelemetry.param.support = 1
action.outputtelemetry.param.license = 0
action.outputtelemetry.param.optinrequired = 3
action.outputtelemetry.param.component = app.RapidDiag.uiAccessMetrics
action.outputtelemetry.param.input = event
action.outputtelemetry.param.type = aggregate
cron_schedule = 5 3 * * *
dispatch.earliest_time = -1d
[RapidDiag Telemetry: CLI access statistics]
search = index=_internal sourcetype="splunk_rapid_diag" splunk_server="local" component=cli_internal token_auth=False mode=* action=* result=* \
| table mode, action , result \
| stats count AS data.count by mode, action, result \
| rename mode as data.mode, action as data.action , result AS data.result \
| makejson data.* output=event
enableSched=1
action.outputtelemetry = 1
action.outputtelemetry.param.anonymous = 1
action.outputtelemetry.param.support = 1
action.outputtelemetry.param.license = 0
action.outputtelemetry.param.optinrequired = 3
action.outputtelemetry.param.component = app.RapidDiag.cliAccessMetrics
action.outputtelemetry.param.input = event
action.outputtelemetry.param.type = aggregate
cron_schedule = 10 3 * * *
dispatch.earliest_time = -1d
Reference in new issue View Git Blame Copy Permalink