admingit
/
SH-Deployer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '63dd9ca911'
${ noResults }
SH-Deployer/apps/SA-ITOA/lib/itsi/searches/itsi_metric_search.py

57 lines
3.0 KiB
Raw Blame History

# Copyright (C) 2005-2024 Splunk Inc. All Rights Reserved.
"""
Contains the main methods and base class used for generating a metric search
"""
import ITOA.itoa_common as utils
from ITOA.storage import itoa_storage
#Uses the same logger as ItsiKpiSearches
logger = utils.get_itoa_logger('itsi.object.searches')
class ItsiMetricSearch(utils.ItoaBase):
#Defined out here because of annoying kpi delete construction
search_prefix = 'Indicator - Metric - '
entity_magic = "%ENTITY_FILTER%"
def __init__(self, session_key, kpi):
'''
Initializes the metric search
@param session_key: The splunkd session key
@param kpi: The metric based KPI data
'''
super(ItsiMetricSearch, self).__init__(session_key)
self.kpi = kpi
self.backend = itoa_storage.ITOAStorage().get_backend(session_key)
def generate_search_string(self, search_clauses):
'''
Used for generating search string for metric based KPI
'''
metric = self.kpi.get('metric')
if self.kpi.get('is_entity_breakdown') is True:
base_search = '| mstats {entity_statop}(_value) as alert_value ' \
'WHERE index={metric_index} metric_name="{metric_name}" '.format(metric_index=metric.get('metric_index'),
metric_name=metric.get('metric_name'),
**self.kpi)
base_search += ' by {entity_breakdown_id_fields}'.format(**self.kpi)
if (self.kpi.get("is_service_entity_filter", False) and search_clauses is not None):
if self.kpi.get("entity_id_fields", '') != self.kpi.get("entity_breakdown_id_fields",''):
base_search += ', {entity_id_fields} '.format(**self.kpi)
base_search += ' | search ' + search_clauses['search']
else:
base_search = '| mstats {aggregate_statop}(_value) as alert_value ' \
'WHERE index={metric_index} metric_name="{metric_name}" '.format(metric_index=metric.get('metric_index'),
metric_name=metric.get('metric_name'),
**self.kpi)
if (self.kpi.get("is_service_entity_filter", False) and search_clauses is not None):
base_search = '| mstats prestats=t {aggregate_statop}(_value) ' \
'WHERE index={metric_index} metric_name="{metric_name}" '.format(metric_index=metric.get('metric_index'),
metric_name=metric.get('metric_name'),
**self.kpi)
base_search += ' by {entity_id_fields} '.format(**self.kpi)
base_search += '| search ' + search_clauses['search']
return base_search
Reference in new issue View Git Blame Copy Permalink