[generic] title = Generic Default Template _key = generic data_source = generic mapping_fields = [ \ { \ "name": "src", \ "display_name": "Source", \ "type": "source_field", \ "required": true, \ "default_value": "generic" \ }, \ { \ "name": "signature", \ "display_name": "Signature", \ "type": "notable_event_field", \ "required": true, \ "default_value": "default_generic_signature" \ }, \ { \ "name": "vendor_severity", \ "display_name": "Vendor Severity", \ "type": "notable_event_field", \ "required": true, \ "default_value": "OK" \ }, \ { \ "name": "severity_id", \ "display_name": "Severity ID", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "case", \ "required": true, \ "default_value": "1", \ "values": [ \ { \ "condition": "IF", \ "clauses": [ \ { \ "field": "vendor_severity", \ "operator": "==", \ "value": "critical", \ "case_sensitive": false \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "6" \ } \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "vendor_severity", \ "operator": "==", \ "value": "high", \ "case_sensitive": false \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "5" \ } \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "vendor_severity", \ "operator": "==", \ "value": "medium", \ "case_sensitive": false \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "4" \ } \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "vendor_severity", \ "operator": "==", \ "value": "low", \ "case_sensitive": false \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "3" \ } \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "vendor_severity", \ "operator": "==", \ "value": "normal", \ "case_sensitive": false \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "2" \ } \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "vendor_severity", \ "operator": "==", \ "value": "info", \ "case_sensitive": false \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "1" \ } \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "vendor_severity", \ "operator": "==", \ "value": "warning", \ "case_sensitive": false \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "3" \ } \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "vendor_severity", \ "operator": "==", \ "value": "ok", \ "case_sensitive": false \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "2" \ } \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "vendor_severity", \ "operator": "==", \ "value": "down", \ "case_sensitive": false \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "6" \ } \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "vendor_severity", \ "operator": "==", \ "value": "up", \ "case_sensitive": false \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "2" \ } \ ] \ }, \ { \ "condition": "ELSE", \ "outcomes": [ \ { \ "type": "conf", \ "value": "1" \ } \ ] \ } \ ] \ }, \ { \ "name": "title", \ "display_name": "Title", \ "type": "notable_event_field", \ "required": true, \ "default_value": "default_title" \ }, \ { \ "name": "owner", \ "display_name": "Owner", \ "type": "notable_event_field", \ "required": true, \ "input_type": "conf", \ "default_selected_key": "unassigned", \ "default_value": "unassigned" \ }, \ { \ "name": "status", \ "display_name": "Status", \ "type": "notable_event_field", \ "required": true, \ "input_type": "conf", \ "default_selected_key": "1", \ "default_value": "1" \ }, \ { \ "name": "subcomponent", \ "display_name": "Subcomponent", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": true, \ "values": ["{subcomponent}", ["-"]] \ }, \ { \ "name": "description", \ "display_name": "Description", \ "type": "notable_event_field", \ "required": false \ }, \ { \ "name": "app", \ "display_name": "App", \ "type": "notable_event_field", \ "required": false \ }, \ { \ "name": "itsiDrilldownSearchName", \ "display_name": "ITSI Drilldown Search Name", \ "type": "notable_event_field", \ "required": false \ }, \ { \ "name": "itsiDrilldownSearch", \ "display_name": "ITSI Drilldown Search", \ "type": "notable_event_field", \ "input_type": "composition", \ "required": false, \ "default_selected_field": "itsiDrilldownSearch" \ }, \ { \ "name": "itsiDrilldownEarliestOffset", \ "display_name": "ITSI Drilldown earliest offset", \ "type": "notable_event_field", \ "default_value": "-900", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownEarliestOffset}", ["-900"]] \ }, \ { \ "name": "itsiDrilldownLatestOffset", \ "display_name": "ITSI Drilldown latest offset", \ "type": "notable_event_field", \ "default_value": "900", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownLatestOffset}", ["900"]] \ }, \ { \ "name": "itsiDrilldownWebName", \ "display_name": "ITSI Drilldown Website Name", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "case", \ "required": false, \ "values": [ \ { \ "condition": "IF", \ "clauses": [ \ { \ "field": "itsiDrilldownWebName", \ "operator": "is not null" \ } \ ], \ "outcomes": [ \ "{itsiDrilldownWebName}" \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "itsiDrilldownWebURL", \ "operator": "is not null" \ } \ ], \ "outcomes": [ \ "{title}" \ ] \ }, \ { \ "condition": "ELSE", \ "outcomes": [ \ "Sorry, no external drilldown available" \ ] \ } \ ] \ }, \ { \ "name": "itsiDrilldownWebURL", \ "display_name": "ITSI Drilldown Website URL", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownWebURL}", ["https://splunk.com"]] \ }, \ { \ "name": "itsi_instruction", \ "display_name": "ITSI Instruction", \ "type": "notable_event_field", \ "required": false \ } \ ] throttling_group_by_fields = ["signature", "src", "subcomponent"] mapping_field_options = [] status_id_mapping = [nagios] title = Nagios Default Template _key = nagios data_source = nagios mapping_fields = [ \ { \ "name": "src", \ "display_name": "Source", \ "type": "source_field", \ "default_value": "nagios", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": true, \ "values": ["{src}", "{src_host}", "{host}", ["nagios"]] \ }, \ { \ "name": "signature", \ "display_name": "Signature", \ "type": "notable_event_field", \ "required": true, \ "default_value": "default_nagios_signature", \ "input_type": "composition", \ "default_selected_field": "eventname" \ }, \ { \ "name": "vendor_severity", \ "display_name": "Vendor Severity", \ "type": "notable_event_field", \ "required": true, \ "default_value": "OK", \ "input_type": "composition", \ "default_selected_field": "status_code" \ }, \ { \ "name": "severity_id", \ "display_name": "Severity ID", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "case", \ "required": true, \ "default_value": "1", \ "values": [ \ { \ "condition": "IF", \ "clauses": [ \ { \ "field": "vendor_severity", \ "operator": "==", \ "value": "critical", \ "case_sensitive": false \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "6" \ } \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "vendor_severity", \ "operator": "==", \ "value": "warning", \ "case_sensitive": false \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "3" \ } \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "vendor_severity", \ "operator": "==", \ "value": "ok", \ "case_sensitive": false \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "2" \ } \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "vendor_severity", \ "operator": "==", \ "value": "down", \ "case_sensitive": false \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "6" \ } \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "vendor_severity", \ "operator": "==", \ "value": "up", \ "case_sensitive": false \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "2" \ } \ ] \ }, \ { \ "condition": "ELSE", \ "outcomes": [ \ { \ "type": "conf", \ "value": "1" \ } \ ] \ } \ ] \ }, \ { \ "name": "title", \ "display_name": "Title", \ "type": "notable_event_field", \ "required": true, \ "default_value": "default_title" \ }, \ { \ "name": "owner", \ "display_name": "Owner", \ "type": "notable_event_field", \ "required": true, \ "input_type": "conf", \ "default_selected_key": "unassigned", \ "default_value": "unassigned" \ }, \ { \ "name": "status", \ "display_name": "Status", \ "type": "notable_event_field", \ "required": true, \ "input_type": "conf", \ "default_selected_key": "1", \ "default_value": "1" \ }, \ { \ "name": "subcomponent", \ "display_name": "Subcomponent", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": true, \ "values": ["{subcomponent}", ["-"]] \ }, \ { \ "name": "description", \ "display_name": "Description", \ "type": "notable_event_field", \ "required": false, \ "input_type": "composition", \ "default_selected_field": "body" \ }, \ { \ "name": "app", \ "display_name": "App", \ "type": "notable_event_field", \ "required": false, \ "input_type": "composition", \ "default_selected_field": "app" \ }, \ { \ "name": "itsiDrilldownSearchName", \ "display_name": "ITSI Drilldown Search Name", \ "type": "notable_event_field", \ "required": false \ }, \ { \ "name": "itsiDrilldownSearch", \ "display_name": "ITSI Drilldown Search", \ "type": "notable_event_field", \ "input_type": "composition", \ "required": false, \ "default_selected_field": "itsiDrilldownSearch" \ }, \ { \ "name": "itsiDrilldownEarliestOffset", \ "display_name": "ITSI Drilldown earliest offset", \ "type": "notable_event_field", \ "default_value": "-900", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownEarliestOffset}", ["-900"]] \ }, \ { \ "name": "itsiDrilldownLatestOffset", \ "display_name": "ITSI Drilldown latest offset", \ "type": "notable_event_field", \ "default_value": "900", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownLatestOffset}", ["900"]] \ }, \ { \ "name": "itsiDrilldownWebName", \ "display_name": "ITSI Drilldown Website Name", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "case", \ "required": false, \ "values": [ \ { \ "condition": "IF", \ "clauses": [ \ { \ "field": "itsiDrilldownWebName", \ "operator": "is not null" \ } \ ], \ "outcomes": [ \ "{itsiDrilldownWebName}" \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "itsiDrilldownWebURL", \ "operator": "is not null" \ } \ ], \ "outcomes": [ \ "{title}" \ ] \ }, \ { \ "condition": "ELSE", \ "outcomes": [ \ "Sorry, no external drilldown available" \ ] \ } \ ] \ }, \ { \ "name": "itsiDrilldownWebURL", \ "display_name": "ITSI Drilldown Website URL", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownWebURL}", ["https://splunk.com"]] \ }, \ { \ "name": "itsi_instruction", \ "display_name": "ITSI Instruction", \ "type": "notable_event_field", \ "required": false \ } \ ] throttling_group_by_fields = ["signature", "src", "subcomponent"] mapping_field_options = [] status_id_mapping = [scom] title = Microsoft SCOM Default Template _key = scom data_source = scom mapping_fields = [ \ { \ "name": "src", \ "display_name": "Source", \ "type": "source_field", \ "required": true, \ "default_value": "scom", \ "input_type": "composition", \ "default_selected_field": "host" \ }, \ { \ "name": "signature", \ "display_name": "Signature", \ "type": "notable_event_field", \ "required": true, \ "default_value": "default_scom_signature", \ "input_type": "composition", \ "default_selected_field": "name" \ }, \ { \ "name": "vendor_severity", \ "display_name": "Vendor Severity", \ "type": "notable_event_field", \ "required": true, \ "default_value": "informational", \ "input_type": "composition", \ "default_selected_field": "vendor_severity" \ }, \ { \ "name": "severity_id", \ "display_name": "Severity ID", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "case", \ "required": true, \ "default_value": "1", \ "values": [ \ { \ "condition": "IF", \ "clauses": [ \ { \ "field": "vendor_severity", \ "operator": "==", \ "value": "critical", \ "case_sensitive": false \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "6" \ } \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "vendor_severity", \ "operator": "==", \ "value": "error", \ "case_sensitive": false \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "5" \ } \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "vendor_severity", \ "operator": "==", \ "value": "warning", \ "case_sensitive": false \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "4" \ } \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "vendor_severity", \ "operator": "==", \ "value": "informational", \ "case_sensitive": false \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "1" \ } \ ] \ }, \ { \ "condition": "ELSE", \ "outcomes": [ \ { \ "type": "conf", \ "value": "1" \ } \ ] \ } \ ] \ }, \ { \ "name": "title", \ "display_name": "Title", \ "type": "notable_event_field", \ "required": true, \ "default_value": "default_title" \ }, \ { \ "name": "owner", \ "display_name": "Owner", \ "type": "notable_event_field", \ "required": true, \ "input_type": "conf", \ "default_selected_key": "unassigned", \ "default_value": "unassigned" \ }, \ { \ "name": "status", \ "display_name": "Status", \ "type": "notable_event_field", \ "required": true, \ "input_type": "conf", \ "default_selected_key": "1", \ "default_value": "1" \ }, \ { \ "name": "subcomponent", \ "display_name": "Subcomponent", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": true, \ "values": ["{subcomponent}", ["-"]] \ }, \ { \ "name": "description", \ "display_name": "Description", \ "type": "notable_event_field", \ "required": false, \ "input_type": "composition", \ "default_selected_field": "description" \ }, \ { \ "name": "app", \ "display_name": "App", \ "type": "notable_event_field", \ "required": false \ }, \ { \ "name": "itsiDrilldownSearchName", \ "display_name": "ITSI Drilldown Search Name", \ "type": "notable_event_field", \ "required": false \ }, \ { \ "name": "itsiDrilldownSearch", \ "display_name": "ITSI Drilldown Search", \ "type": "notable_event_field", \ "input_type": "composition", \ "required": false, \ "default_selected_field": "itsiDrilldownSearch" \ }, \ { \ "name": "itsiDrilldownEarliestOffset", \ "display_name": "ITSI Drilldown earliest offset", \ "type": "notable_event_field", \ "default_value": "-900", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownEarliestOffset}", ["-900"]] \ }, \ { \ "name": "itsiDrilldownLatestOffset", \ "display_name": "ITSI Drilldown latest offset", \ "type": "notable_event_field", \ "default_value": "900", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownLatestOffset}", ["900"]] \ }, \ { \ "name": "itsiDrilldownWebName", \ "display_name": "ITSI Drilldown Website Name", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "case", \ "required": false, \ "values": [ \ { \ "condition": "IF", \ "clauses": [ \ { \ "field": "itsiDrilldownWebName", \ "operator": "is not null" \ } \ ], \ "outcomes": [ \ "{itsiDrilldownWebName}" \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "itsiDrilldownWebURL", \ "operator": "is not null" \ } \ ], \ "outcomes": [ \ "{title}" \ ] \ }, \ { \ "condition": "ELSE", \ "outcomes": [ \ "Sorry, no external drilldown available" \ ] \ } \ ] \ }, \ { \ "name": "itsiDrilldownWebURL", \ "display_name": "ITSI Drilldown Website URL", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownWebURL}", ["https://splunk.com"]] \ }, \ { \ "name": "itsi_instruction", \ "display_name": "ITSI Instruction", \ "type": "notable_event_field", \ "required": false \ } \ ] throttling_group_by_fields = ["signature", "src", "subcomponent"] mapping_field_options = [] status_id_mapping = [o11y] title = O11y Default Template _key = o11y data_source = o11y mapping_fields = [ \ { \ "name": "src", \ "display_name": "Source", \ "type": "source_field", \ "required": true, \ "default_value": "o11y", \ "input_type": "composition", \ "default_selected_field": "src" \ }, \ { \ "name": "signature", \ "display_name": "Signature", \ "type": "notable_event_field", \ "required": true, \ "default_value": "default_o11y_signature", \ "input_type": "composition", \ "default_selected_field": "signature" \ }, \ { \ "name": "vendor_severity", \ "display_name": "Vendor Severity", \ "type": "notable_event_field", \ "required": true, \ "default_value": "OK", \ "input_type": "composition", \ "default_selected_field": "vendor_severity" \ }, \ { \ "name": "severity_id", \ "display_name": "Severity ID", \ "type": "notable_event_field", \ "required": true, \ "default_value": "1", \ "input_type": "composition", \ "default_selected_field": "severity_id" \ }, \ { \ "name": "title", \ "display_name": "Title", \ "type": "notable_event_field", \ "required": true, \ "default_value": "default_title", \ "input_type": "composition", \ "default_selected_field": "signature" \ }, \ { \ "name": "owner", \ "display_name": "Owner", \ "type": "notable_event_field", \ "required": true, \ "input_type": "conf", \ "default_selected_key": "unassigned", \ "default_value": "unassigned" \ }, \ { \ "name": "status", \ "display_name": "Status", \ "type": "notable_event_field", \ "required": true, \ "input_type": "conf", \ "default_selected_key": "1", \ "default_value": "1" \ }, \ { \ "name": "subcomponent", \ "display_name": "Subcomponent", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": true, \ "values": ["{subcomponent}", ["-"]] \ }, \ { \ "name": "description", \ "display_name": "Description", \ "type": "notable_event_field", \ "required": false, \ "input_type": "composition", \ "default_selected_field": "description" \ }, \ { \ "name": "app", \ "display_name": "App", \ "type": "notable_event_field", \ "required": false, \ "input_type": "composition", \ "default_selected_field": "app" \ }, \ { \ "name": "itsiDrilldownSearchName", \ "display_name": "ITSI Drilldown Search Name", \ "type": "notable_event_field", \ "required": false \ }, \ { \ "name": "itsiDrilldownSearch", \ "display_name": "ITSI Drilldown Search", \ "type": "notable_event_field", \ "input_type": "composition", \ "required": false, \ "default_selected_field": "itsiDrilldownSearch" \ }, \ { \ "name": "itsiDrilldownEarliestOffset", \ "display_name": "ITSI Drilldown earliest offset", \ "type": "notable_event_field", \ "default_value": "-900", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownEarliestOffset}", ["-900"]] \ }, \ { \ "name": "itsiDrilldownLatestOffset", \ "display_name": "ITSI Drilldown latest offset", \ "type": "notable_event_field", \ "default_value": "900", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownLatestOffset}", ["900"]] \ }, \ { \ "name": "itsiDrilldownWebName", \ "display_name": "ITSI Drilldown Website Name", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "case", \ "required": false, \ "values": [ \ { \ "condition": "IF", \ "clauses": [ \ { \ "field": "itsiDrilldownWebName", \ "operator": "is not null" \ } \ ], \ "outcomes": [ \ "{itsiDrilldownWebName}" \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "itsiDrilldownWebURL", \ "operator": "is not null" \ } \ ], \ "outcomes": [ \ "{title}" \ ] \ }, \ { \ "condition": "ELSE", \ "outcomes": [ \ "Sorry, no external drilldown available" \ ] \ } \ ] \ }, \ { \ "name": "itsiDrilldownWebURL", \ "display_name": "ITSI Drilldown Website URL", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownWebURL}", ["https://splunk.com"]] \ }, \ { \ "name": "itsi_instruction", \ "display_name": "ITSI Instruction", \ "type": "notable_event_field", \ "required": false \ } \ ] throttling_group_by_fields = ["signature", "src", "subcomponent"] mapping_field_options = [] status_id_mapping = [appdynamics] title = Splunk AppDynamics Default Template _key = appdynamics data_source = appdynamics mapping_fields = [ \ { \ "name": "src", \ "display_name": "Source", \ "type": "source_field", \ "required": true, \ "default_value": "appdynamics", \ "input_type": "composition", \ "default_selected_field": "src" \ }, \ { \ "name": "signature", \ "display_name": "Signature", \ "type": "notable_event_field", \ "required": true, \ "default_value": "default_appdynamics_signature", \ "input_type": "composition", \ "default_selected_field": "signature" \ }, \ { \ "name": "vendor_severity", \ "display_name": "Vendor Severity", \ "type": "notable_event_field", \ "required": true, \ "default_value": "OK", \ "input_type": "composition", \ "default_selected_field": "vendor_severity" \ }, \ { \ "name": "severity_id", \ "display_name": "Severity ID", \ "type": "notable_event_field", \ "required": true, \ "default_value": "1", \ "input_type": "composition", \ "default_selected_field": "severity_id" \ }, \ { \ "name": "title", \ "display_name": "Title", \ "type": "notable_event_field", \ "required": true, \ "default_value": "default_title", \ "input_type": "composition", \ "default_selected_field": "signature" \ }, \ { \ "name": "owner", \ "display_name": "Owner", \ "type": "notable_event_field", \ "required": true, \ "input_type": "conf", \ "default_selected_key": "unassigned", \ "default_value": "unassigned" \ }, \ { \ "name": "status", \ "display_name": "Status", \ "type": "notable_event_field", \ "required": true, \ "input_type": "conf", \ "default_selected_key": "1", \ "default_value": "1" \ }, \ { \ "name": "subcomponent", \ "display_name": "Subcomponent", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": true, \ "values": ["{subcomponent}", ["-"]] \ }, \ { \ "name": "description", \ "display_name": "Description", \ "type": "notable_event_field", \ "required": false, \ "input_type": "composition", \ "default_selected_field": "description" \ }, \ { \ "name": "app", \ "display_name": "App", \ "type": "notable_event_field", \ "required": false, \ "input_type": "composition", \ "default_selected_field": "app" \ }, \ { \ "name": "itsiDrilldownSearchName", \ "display_name": "ITSI Drilldown Search Name", \ "type": "notable_event_field", \ "required": false \ }, \ { \ "name": "itsiDrilldownSearch", \ "display_name": "ITSI Drilldown Search", \ "type": "notable_event_field", \ "input_type": "composition", \ "required": false, \ "default_selected_field": "itsiDrilldownSearch" \ }, \ { \ "name": "itsiDrilldownEarliestOffset", \ "display_name": "ITSI Drilldown earliest offset", \ "type": "notable_event_field", \ "default_value": "-900", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownEarliestOffset}", ["-900"]] \ }, \ { \ "name": "itsiDrilldownLatestOffset", \ "display_name": "ITSI Drilldown latest offset", \ "type": "notable_event_field", \ "default_value": "900", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownLatestOffset}", ["900"]] \ }, \ { \ "name": "itsiDrilldownWebName", \ "display_name": "ITSI Drilldown Website Name", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "case", \ "required": false, \ "values": [ \ { \ "condition": "IF", \ "clauses": [ \ { \ "field": "itsiDrilldownWebName", \ "operator": "is not null" \ } \ ], \ "outcomes": [ \ "{itsiDrilldownWebName}" \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "itsiDrilldownWebURL", \ "operator": "is not null" \ } \ ], \ "outcomes": [ \ "{title}" \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "itsiDrilldownURI", \ "operator": "is not null" \ } \ ], \ "outcomes": [ \ "{title}" \ ] \ }, \ { \ "condition": "ELSE", \ "outcomes": [ \ "Sorry, no external drilldown available" \ ] \ } \ ] \ }, \ { \ "name": "itsiDrilldownWebURL", \ "display_name": "ITSI Drilldown Website URL", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownURI}", "{itsiDrilldownWebURL}", ["https://splunk.com"]] \ }, \ { \ "name": "itsi_instruction", \ "display_name": "ITSI Instruction", \ "type": "notable_event_field", \ "required": false \ } \ ] throttling_group_by_fields = ["signature", "src", "subcomponent"] mapping_field_options = [] status_id_mapping = [cloudtrail] title = CloudTrail Default Template _key = cloudtrail data_source = cloudtrail mapping_fields = [ \ { \ "name": "src", \ "display_name": "Source", \ "type": "source_field", \ "required": true, \ "default_value": "cloudtrail", \ "input_type": "composition", \ "default_selected_field": "eventSource" \ }, \ { \ "name": "signature", \ "display_name": "Signature", \ "type": "notable_event_field", \ "required": true, \ "default_value": "default_cloudtrail_signature", \ "input_type": "composition", \ "default_selected_field": "eventName" \ }, \ { \ "name": "vendor_severity", \ "display_name": "Vendor Severity", \ "type": "notable_event_field", \ "required": true, \ "default_value": "OK", \ "input_type": "composition", \ "default_selected_field": "errorCode" \ }, \ { \ "name": "severity_id", \ "display_name": "Severity ID", \ "type": "notable_event_field", \ "required": true, \ "default_value": "1", \ "input_type": "mapping_rule", \ "rule_type": "case", \ "values": [ \ { \ "condition": "IF", \ "clauses": [ \ { \ "field": "errorCode", \ "operator": "!=", \ "value": "Success" \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "6" \ } \ ] \ }, \ { \ "condition": "ELSE", \ "outcomes": [ \ { \ "type": "conf", \ "value": "1" \ } \ ] \ } \ ] \ }, \ { \ "name": "title", \ "display_name": "Title", \ "type": "notable_event_field", \ "required": true, \ "default_value": "default_title", \ "input_type": "composition", \ "default_selected_field": "eventID" \ }, \ { \ "name": "owner", \ "display_name": "Owner", \ "type": "notable_event_field", \ "required": true, \ "input_type": "conf", \ "default_selected_key": "unassigned", \ "default_value": "unassigned" \ }, \ { \ "name": "status", \ "display_name": "Status", \ "type": "notable_event_field", \ "required": true, \ "input_type": "conf", \ "default_selected_key": "1", \ "default_value": "1" \ }, \ { \ "name": "subcomponent", \ "display_name": "Subcomponent", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": true, \ "values": ["{subcomponent}", ["-"]] \ }, \ { \ "name": "description", \ "display_name": "Description", \ "type": "notable_event_field", \ "required": false, \ "input_type": "composition", \ "default_selected_field": "errorMessage" \ }, \ { \ "name": "app", \ "display_name": "App", \ "type": "notable_event_field", \ "required": false, \ "input_type": "composition", \ "default_selected_field": "app" \ }, \ { \ "name": "itsiDrilldownSearchName", \ "display_name": "ITSI Drilldown Search Name", \ "type": "notable_event_field", \ "required": false \ }, \ { \ "name": "itsiDrilldownSearch", \ "display_name": "ITSI Drilldown Search", \ "type": "notable_event_field", \ "input_type": "composition", \ "required": false, \ "default_selected_field": "itsiDrilldownSearch" \ }, \ { \ "name": "itsiDrilldownEarliestOffset", \ "display_name": "ITSI Drilldown earliest offset", \ "type": "notable_event_field", \ "default_value": "-900", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownEarliestOffset}", ["-900"]] \ }, \ { \ "name": "itsiDrilldownLatestOffset", \ "display_name": "ITSI Drilldown latest offset", \ "type": "notable_event_field", \ "default_value": "900", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownLatestOffset}", ["900"]] \ }, \ { \ "name": "itsiDrilldownWebName", \ "display_name": "ITSI Drilldown Website Name", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "case", \ "required": false, \ "values": [ \ { \ "condition": "IF", \ "clauses": [ \ { \ "field": "itsiDrilldownWebName", \ "operator": "is not null" \ } \ ], \ "outcomes": [ \ "{itsiDrilldownWebName}" \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "itsiDrilldownWebURL", \ "operator": "is not null" \ } \ ], \ "outcomes": [ \ "{title}" \ ] \ }, \ { \ "condition": "ELSE", \ "outcomes": [ \ "Sorry, no external drilldown available" \ ] \ } \ ] \ }, \ { \ "name": "itsiDrilldownWebURL", \ "display_name": "ITSI Drilldown Website URL", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownWebURL}", ["https://splunk.com"]] \ }, \ { \ "name": "itsi_instruction", \ "display_name": "ITSI Instruction", \ "type": "notable_event_field", \ "required": false \ } \ ] throttling_group_by_fields = ["signature", "src", "subcomponent"] mapping_field_options = [] status_id_mapping = [solarwinds] title = Solarwinds Default Template _key = solarwinds data_source = solarwinds mapping_fields = [ \ { \ "name": "src", \ "display_name": "Source", \ "type": "source_field", \ "required": true, \ "default_value": "solarwinds", \ "input_type": "regex", \ "regex": ".*\\\/\\\/(?[^\\\/]*)", \ "regex_source": "Uri" \ }, \ { \ "name": "signature", \ "display_name": "Signature", \ "type": "notable_event_field", \ "required": true, \ "default_value": "default_solarwinds_signature", \ "input_type": "regex", \ "regex": "Component\\s+(?\"[^\"]+\"|[\\w]+)", \ "regex_source": "Message" \ }, \ { \ "name": "vendor_severity", \ "display_name": "Vendor Severity", \ "type": "notable_event_field", \ "required": true, \ "default_value": "OK", \ "input_type": "regex", \ "regex": ".* is (?\\w+)", \ "regex_source": "Message" \ }, \ { \ "name": "severity_id", \ "display_name": "Severity ID", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "case", \ "required": true, \ "default_value": "1", \ "values": [ \ { \ "condition": "IF", \ "clauses": [ \ { \ "field": "vendor_severity", \ "operator": "==", \ "value": "down", \ "case_sensitive": false \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "6" \ } \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "vendor_severity", \ "operator": "==", \ "value": "up", \ "case_sensitive": false \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "2" \ } \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "vendor_severity", \ "operator": "==", \ "value": "critical", \ "case_sensitive": false \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "6" \ } \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "vendor_severity", \ "operator": "==", \ "value": "warning", \ "case_sensitive": false \ } \ ], \ "outcomes": [ \ { \ "type": "conf", \ "value": "3" \ } \ ] \ }, \ { \ "condition": "ELSE", \ "outcomes": [ \ { \ "type": "conf", \ "value": "1" \ } \ ] \ } \ ] \ }, \ { \ "name": "title", \ "display_name": "Title", \ "type": "notable_event_field", \ "required": true, \ "default_value": "default_title" \ }, \ { \ "name": "owner", \ "display_name": "Owner", \ "type": "notable_event_field", \ "required": true, \ "input_type": "conf", \ "default_selected_key": "unassigned", \ "default_value": "unassigned" \ }, \ { \ "name": "status", \ "display_name": "Status", \ "type": "notable_event_field", \ "required": true, \ "input_type": "conf", \ "default_selected_key": "1", \ "default_value": "1" \ }, \ { \ "name": "subcomponent", \ "display_name": "Subcomponent", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": true, \ "values": ["{subcomponent}", ["-"]] \ }, \ { \ "name": "description", \ "display_name": "Description", \ "type": "notable_event_field", \ "required": false, \ "input_type": "composition", \ "default_selected_key": "description" \ }, \ { \ "name": "app", \ "display_name": "App", \ "type": "notable_event_field", \ "required": false \ }, \ { \ "name": "itsiDrilldownSearchName", \ "display_name": "ITSI Drilldown Search Name", \ "type": "notable_event_field", \ "required": false \ }, \ { \ "name": "itsiDrilldownSearch", \ "display_name": "ITSI Drilldown Search", \ "type": "notable_event_field", \ "input_type": "composition", \ "required": false, \ "default_selected_field": "itsiDrilldownSearch" \ }, \ { \ "name": "itsiDrilldownEarliestOffset", \ "display_name": "ITSI Drilldown earliest offset", \ "type": "notable_event_field", \ "default_value": "-900", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownEarliestOffset}", ["-900"]] \ }, \ { \ "name": "itsiDrilldownLatestOffset", \ "display_name": "ITSI Drilldown latest offset", \ "type": "notable_event_field", \ "default_value": "900", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownLatestOffset}", ["900"]] \ }, \ { \ "name": "itsiDrilldownWebName", \ "display_name": "ITSI Drilldown Website Name", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "case", \ "required": false, \ "values": [ \ { \ "condition": "IF", \ "clauses": [ \ { \ "field": "itsiDrilldownWebName", \ "operator": "is not null" \ } \ ], \ "outcomes": [ \ "{itsiDrilldownWebName}" \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "itsiDrilldownWebURL", \ "operator": "is not null" \ } \ ], \ "outcomes": [ \ "{title}" \ ] \ }, \ { \ "condition": "ELSE", \ "outcomes": [ \ "Sorry, no external drilldown available" \ ] \ } \ ] \ }, \ { \ "name": "itsiDrilldownWebURL", \ "display_name": "ITSI Drilldown Website URL", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownWebURL}", ["https://splunk.com"]] \ }, \ { \ "name": "itsi_instruction", \ "display_name": "ITSI Instruction", \ "type": "notable_event_field", \ "required": false \ } \ ] throttling_group_by_fields = ["signature", "src", "subcomponent"] mapping_field_options = [] status_id_mapping = [thousandeyes] title = Cisco ThousandEyes Default Template _key = thousandeyes data_source = thousandeyes mapping_fields = [ \ { \ "name": "src", \ "display_name": "Source", \ "type": "source_field", \ "required": true, \ "default_value": "thousandeyes", \ "input_type": "composition", \ "default_selected_field": "src" \ }, \ { \ "name": "signature", \ "display_name": "Signature", \ "type": "notable_event_field", \ "required": true, \ "default_value": "default_thousandeyes_signature", \ "input_type": "composition", \ "default_selected_field": "signature" \ }, \ { \ "name": "vendor_severity", \ "display_name": "Vendor Severity", \ "type": "notable_event_field", \ "required": true, \ "default_value": "OK", \ "input_type": "composition", \ "default_selected_field": "vendor_severity" \ }, \ { \ "name": "severity_id", \ "display_name": "Severity ID", \ "type": "notable_event_field", \ "required": true, \ "default_value": "1", \ "input_type": "composition", \ "default_selected_field": "severity_id" \ }, \ { \ "name": "title", \ "display_name": "Title", \ "type": "notable_event_field", \ "required": true, \ "default_value": "default_title", \ "input_type": "composition", \ "default_selected_field": "signature" \ }, \ { \ "name": "owner", \ "display_name": "Owner", \ "type": "notable_event_field", \ "required": true, \ "input_type": "conf", \ "default_selected_key": "unassigned", \ "default_value": "unassigned" \ }, \ { \ "name": "status", \ "display_name": "Status", \ "type": "notable_event_field", \ "required": true, \ "input_type": "conf", \ "default_selected_key": "1", \ "default_value": "1" \ }, \ { \ "name": "subcomponent", \ "display_name": "Subcomponent", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": true, \ "values": ["{subcomponent}", ["-"]] \ }, \ { \ "name": "description", \ "display_name": "Description", \ "type": "notable_event_field", \ "required": false, \ "input_type": "composition", \ "default_selected_field": "description" \ }, \ { \ "name": "app", \ "display_name": "App", \ "type": "notable_event_field", \ "required": false, \ "input_type": "composition", \ "default_selected_field": "app" \ }, \ { \ "name": "itsiDrilldownSearchName", \ "display_name": "ITSI Drilldown Search Name", \ "type": "notable_event_field", \ "required": false \ }, \ { \ "name": "itsiDrilldownSearch", \ "display_name": "ITSI Drilldown Search", \ "type": "notable_event_field", \ "input_type": "composition", \ "required": false, \ "default_selected_field": "itsiDrilldownSearch" \ }, \ { \ "name": "itsiDrilldownEarliestOffset", \ "display_name": "ITSI Drilldown earliest offset", \ "type": "notable_event_field", \ "default_value": "-900", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownEarliestOffset}", ["-900"]] \ }, \ { \ "name": "itsiDrilldownLatestOffset", \ "display_name": "ITSI Drilldown latest offset", \ "type": "notable_event_field", \ "default_value": "900", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownLatestOffset}", ["900"]] \ }, \ { \ "name": "itsiDrilldownWebName", \ "display_name": "ITSI Drilldown Website Name", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "case", \ "required": false, \ "values": [ \ { \ "condition": "IF", \ "clauses": [ \ { \ "field": "itsiDrilldownWebName", \ "operator": "is not null" \ } \ ], \ "outcomes": [ \ "{itsiDrilldownWebName}" \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "itsiDrilldownWebURL", \ "operator": "is not null" \ } \ ], \ "outcomes": [ \ "{title}" \ ] \ }, \ { \ "condition": "ELSE_IF", \ "clauses": [ \ { \ "field": "itsiDrilldownURI", \ "operator": "is not null" \ } \ ], \ "outcomes": [ \ "{title}" \ ] \ }, \ { \ "condition": "ELSE", \ "outcomes": [ \ "Sorry, no external drilldown available" \ ] \ } \ ] \ }, \ { \ "name": "itsiDrilldownWebURL", \ "display_name": "ITSI Drilldown Website URL", \ "type": "notable_event_field", \ "input_type": "mapping_rule", \ "rule_type": "coalesce", \ "required": false, \ "values": ["{itsiDrilldownURI}", "{itsiDrilldownWebURL}", ["https://splunk.com"]] \ }, \ { \ "name": "itsi_instruction", \ "display_name": "ITSI Instruction", \ "type": "notable_event_field", \ "required": false \ } \ ] throttling_group_by_fields = ["signature", "src", "subcomponent"] mapping_field_options = [] status_id_mapping =