admingit
/
SH-Deployer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
SH-Deployer/apps/itsi/default/props.conf

59 lines
2.4 KiB
Raw Permalink Blame History

[source::service_health_monitor]
FIELDALIAS-kpiid = itsi_kpi_id as kpiid
FIELDALIAS-serviceid = itsi_service_id as serviceid
FIELDALIAS-gs_kpiid = itsi_kpi_id as gs_kpi_id
FIELDALIAS-gs_serviceid = itsi_service_id as gs_service_id
EVAL-alert_color = coalesce(alert_color, color)
EVAL-alert_value = coalesce(alert_value, health_score)
# Handle field extraction for JSON formatted stash events
KV_MODE = auto
[source::service_health_score_backfill]
FIELDALIAS-kpiid = itsi_kpi_id as kpiid
FIELDALIAS-serviceid = itsi_service_id as serviceid
FIELDALIAS-gs_kpiid = itsi_kpi_id as gs_kpi_id
FIELDALIAS-gs_serviceid = itsi_service_id as gs_service_id
EVAL-alert_color = coalesce(alert_color, color)
EVAL-alert_value = coalesce(alert_value, health_score)
# Handle field extraction for JSON formatted stash events
KV_MODE = auto
[source::kpi_backfill]
FIELDALIAS-kpiid = itsi_kpi_id as kpiid
FIELDALIAS-serviceid = itsi_service_id as serviceid
FIELDALIAS-gs_kpiid = itsi_kpi_id as gs_kpi_id
FIELDALIAS-gs_serviceid = itsi_service_id as gs_service_id
EVAL-alert_color = coalesce(alert_color, color)
EVAL-alert_value = coalesce(alert_value, health_score)
# Handle field extraction for JSON formatted stash events
KV_MODE = auto
[source::*splunkd.log]
FIELDALIAS-kpiid = itsi_kpi_id as kpiid
FIELDALIAS-serviceid = itsi_service_id as serviceid
FIELDALIAS-gs_kpiid = itsi_kpi_id as gs_kpi_id
FIELDALIAS-gs_serviceid = itsi_service_id as gs_service_id
EVAL-alert_color = coalesce(alert_color, color)
EVAL-alert_value = coalesce(alert_value, health_score)
# Handle field extraction for JSON formatted stash events
KV_MODE = auto
[source::/opt/splunk/var/log/splunk/search_messages.log]
FIELDALIAS-kpiid = itsi_kpi_id as kpiid
FIELDALIAS-serviceid = itsi_service_id as serviceid
FIELDALIAS-gs_kpiid = itsi_kpi_id as gs_kpi_id
FIELDALIAS-gs_serviceid = itsi_service_id as gs_service_id
EVAL-alert_color = coalesce(alert_color, color)
EVAL-alert_value = coalesce(alert_value, health_score)
# Handle field extraction for JSON formatted stash events
KV_MODE = auto
[source::Indicator*]
FIELDALIAS-kpiid = itsi_kpi_id as kpiid
FIELDALIAS-serviceid = itsi_service_id as serviceid
FIELDALIAS-gs_kpiid = itsi_kpi_id as gs_kpi_id
FIELDALIAS-gs_serviceid = itsi_service_id as gs_service_id
EVAL-alert_color = coalesce(alert_color, color)
EVAL-alert_value = coalesce(alert_value, health_score)
# Handle field extraction for JSON formatted stash events
KV_MODE = auto
Reference in new issue View Git Blame Copy Permalink