admingit
/
Deployment_Server_OLD2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '03b92d21ff'
${ noResults }
Deployment_Server_OLD2/deployment-apps/DA-ITSI-CP-vmware-dashboards/default/macros.conf

87 lines
4.0 KiB
Raw Blame History

[SetHandleInfoMaxTimeNow]
definition = addinfo | eval info_max_time=if(info_max_time="+Infinity",now(),info_max_time) | eval _time=info_max_time
[tstats]
definition = tstats prestats=true local=false `summariesonly`
[summariesonly]
definition = summariesonly=true allow_old_summaries=true
[process_inventory]
definition = stats \
values("Inventory.filename") AS filename \
values("Inventory.fileattributes") AS fileattributes \
values("Inventory.Snapshots") AS Snapshots \
values("Inventory.type") AS type by _time, host, "Inventory.moid" \
| mvexpand fileattributes \
| eval fields=split(fileattributes,",") \
| eval filename=mvindex(fields,0) \
| addinfo \
| fields - _span\
| rename "Inventory.moid" as moid\
| mvexpand Snapshots \
| multilevelsnapshots Snapshots filename\
| eval filename=mvindex(fields,0) \
| eval filetype=mvindex(fields,1) \
| eval filesize=mvindex(fields,2) \
| rename filename as filename_merged, snapshot_name as ssname, snapshot_descr as ssdescr, snapshot_time as sstime, snapshot_state as ssstate, snapshot_depth as ssdepth\
| rex field=filename_merged "\[(?<filedatastore>.*)\] (?<filename>.*)"\
| table _time, moid, type, host, filesize, filetype, filename, ssname, ssdescr, sstime, ssstate, ssdepth, info_max_time, filedatastore\
| sort 0 -_time\
| eval ssdepth=if(ssdepth==0, null(), ssdepth)\
| eval ssname=if(ssname=="N/A", null(), ssname)\
| eval ssdescr=if(ssdescr=="N/A", null(), ssdescr)\
| eval sstime=if(sstime=="N/A", null(), sstime)\
| eval ssstate=if(ssstate=="N/A", null(), ssstate)\
| stats first(ssname) AS snapshotName, first(ssdescr) AS snapshotDescr, first(sstime) AS snapshotTime, first(ssstate) AS snapshotState, first(ssdepth) AS snapshotDepth, first(filedatastore) AS filedatastore, first(filesize) AS filesize, first(filetype) AS filetype, max(info_max_time) AS info_max_time by _time, filename, host, moid \
| search filename="*.vmsn" OR filename="*.vmsd" OR filename="*.vmdk" \
| lookup FullHierarchy host, moid OUTPUT parent as hs, rp\
| lookup FullHierarchy host, moid as hs OUTPUT parent, parentType\
| eval ccr=if(parentType=="ClusterComputeResource", parent, "N/A")\
| fields - parent, parentType, info_max_time
iseval = 0
[format_bytes(1)]
args =bytes
definition =if($bytes$>1073741824, tostring(round($bytes$/1073741824,2))+" GB", if($bytes$>1048576, tostring(round($bytes$/1048576,2))+" MB", if($bytes$>1024, tostring(round($bytes$/1024))+" KB", tostring($bytes$)+" Bytes")))
[BytesToGigaBytes(1)]
args = bytes
definition = tostring(round(($bytes$)/(1024*1024*1024), 2))
[VcLogSourcetypes]
definition = `vmwarevclog-index` (sourcetype=vmware:vclog* OR sourcetype=vmware:vclicense)
[nonroutableIP]
definition = (ipAddress=10.0.0.0/8 OR ipAddress=172.16.0.0/16 OR ipAddress=192.168.0.0/24 OR ipAddress=127.0.0.1)
[vmwareperf-metrics-index]
definition = index=idx_m-tic_esxi
[vmwareinv-index]
definition = index=idx_m-tic_esxi
[vmwaretaskevent-index]
definition = index=idx_m-tic_esxi
[vmwarevclog-index]
definition = index=idx_m-tic_esxi
[vmwareesxilog-index]
definition = index=idx_m-tic_esxi
[ontap-index]
definition = index=idx_m-tic_esxi
[HandleNavTimerange]
definition = addinfo | eval info_max_time=if(info_max_time="+Infinity",now()+315569260,info_max_time) | where ((info_min_time > startTime) AND (info_min_time < endTime)) OR ((info_max_time > startTime) AND (info_max_time < endTime)) OR ((info_min_time < startTime) AND (info_max_time > startTime)) OR ((info_min_time < endTime) AND (info_max_time > endTime)) OR (((now() - 60) < info_max_time) AND (current == "true"))
[HandleInfoMaxTime]
definition = addinfo | eval info_max_time=if(info_max_time="+Infinity",now()+315569260,info_max_time)
[HandleInfoMaxTimeNow]
definition = addinfo | eval info_max_time=if(info_max_time="+Infinity",now(),info_max_time)
[HandleFourHourWindowEndConditional]
definition = [| stats count | `HandleInfoMaxTimeNow` | eval starttimeu=if(info_max_time-info_min_time < 14400, info_max_time-14400, info_min_time) | eval endtimeu=info_max_time | eval search=("latest=" + endtimeu + " earliest=" + starttimeu) | fields search]
Reference in new issue View Git Blame Copy Permalink