SH-Deployer/apps/SA-ITOA/lib/ITOA/event_management/constants.py

# Copyright (C) 2005-2024 Splunk Inc. All Rights Reserved.

EXPORT_CSV_MAX_BATCH_SIZE = 5000
EXPORT_CSV_MAX_WORKERS = 10
EXPORT_CSV_MAX_RESULT_COUNT = 50000

# Event Onboarding (EA Data Integration) constants
EA_DATA_INTEGRATION_METHOD_TYPES = ['INDEXED_DATA']
EA_DATA_INTEGRATION_INPUT_TYPE = ['regex', 'composition']
EA_DATA_INTEGRATION_VALID_STATUS = ['active', 'inactive']
# Title prefix for correlation search created for data integration connection
EA_DATA_INTEGRATION_CS_TITLE_PREFIX = 'DATA_INTEGRATION_CS-'
EA_DATA_INT_DEDUP_SEARCH_FOR_RAW_ALERT = ('| eval groupingid=coalesce(groupingid, internal_groupingid) '
                                          '| eval event_identifier_string=groupingid '
                                          '| dedup event_identifier_string sortby -_time -severity_id')
EA_DATA_INT_DEDUP_SEARCH_FOR_NOTABLE_EVENT = ('| join type=left event_identifier_string vendor_severity '
                                              '[| tstats latest(_time) as _time latest(event_identifier_fields) '
                                              'as event_identifier_fields max(severity_id) as severity_id where '
                                              '`itsi_event_management_index` earliest=-59m latest=now by '
                                              'event_identifier_string, vendor_severity '
                                              '| dedup event_identifier_string sortby -_time -severity_id '
                                              '| table _time, event_identifier_string, event_identifier_fields, '
                                              'vendor_severity] | where isnull(event_identifier_fields)')