admingit
/
SH-Deployer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '63dd9ca911'
${ noResults }
SH-Deployer/apps/itsi/README/deep_dive_drilldowns.conf.e...

74 lines
2.4 KiB
Raw Blame History

# This is an example deep_dive_drilldowns.conf. Use this file to
# configure custom drilldowns.
#
# To use one or more of these configurations, copy the configuration block
# into deep_dive_drilldowns.conf in $SPLUNK_HOME/etc/apps/itsi/local.
# You must restart Splunk to enable configurations.
#
# To learn more about configuration files (including precedence) please see
# the documentation located at
# http://docs.splunk.com/Documentation/ITSI/latest/Configure/ListofITSIconfigurationfiles
#
# This example alert includes showing raw events at selected time buckets,
# showing raw events from a displayed time range, showing KPI events for
# a host, and showing all events for a host.
[Show raw events at selected time bucket]
type = uri
kpi_lane_enabled = true
entity_level_only = false
uri = /app/itsi/search?q=search $kpi.base_search$&earliest=$bucket_earliest$&latest=$bucket_latest$&display.page.search.mode=smart&dispatch.sample_ratio=1
replace_tokens = false
[Show raw events from displayed time range]
type = uri
kpi_lane_enabled = true
entity_level_only = false
uri = /app/itsi/search?q=search $kpi.base_search$&earliest=$earliest$&latest=$latest$&display.page.search.mode=smart&dispatch.sample_ratio=1
replace_tokens = false
[Show kpi events for this host]
type = uri
kpi_lane_enabled = true
entity_level_only = true
replace_tokens = true
entity_tokens = host
uri = /app/itsi/search?q=search $kpi.base_search$ AND host=$entity.host$&earliest=$earliest$&latest=$latest$&display.page.search.mode=smart&dispatch.sample_ratio=1
entity_activation_rules = [ \
{ \
"rule_condition": "AND", \
"rule_items": [ \
{ \
"field": "host", \
"field_type": "alias", \
"rule_type": "not", \
"value": "" \
} \
] \
} \
]
[Show ALL events for this host]
type = uri
kpi_lane_enabled = true
entity_level_only = true
replace_tokens = true
entity_tokens = host
uri = /app/itsi/search?q=search index=* host=$entity.host$&earliest=$earliest$&latest=$latest$&display.page.search.mode=smart&dispatch.sample_ratio=1
entity_activation_rules = [ \
{ \
"rule_condition": "AND", \
"rule_items": [ \
{ \
"field": "host", \
"field_type": "alias", \
"rule_type": "not", \
"value": "" \
} \
] \
} \
]
Reference in new issue View Git Blame Copy Permalink