admingit
/
SH-Deployer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9fb61c78af'
${ noResults }
SH-Deployer/apps/SA-ITOA/default/itsi_data_integration_templ...

1964 lines
60 KiB
Raw Blame History

[generic]
title = Generic Default Template
_key = generic
data_source = generic
mapping_fields = [ \
{ \
"name": "src", \
"display_name": "Source", \
"type": "source_field", \
"required": true, \
"default_value": "generic" \
}, \
{ \
"name": "signature", \
"display_name": "Signature", \
"type": "notable_event_field", \
"required": true, \
"default_value": "default_generic_signature" \
}, \
{ \
"name": "vendor_severity", \
"display_name": "Vendor Severity", \
"type": "notable_event_field", \
"required": true, \
"default_value": "OK" \
}, \
{ \
"name": "severity_id", \
"display_name": "Severity ID", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "case", \
"required": true, \
"default_value": "1", \
"values": [ \
{ \
"condition": "IF", \
"clauses": [ \
{ \
"field": "vendor_severity", \
"operator": "==", \
"value": "critical", \
"case_sensitive": false \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "6" \
} \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "vendor_severity", \
"operator": "==", \
"value": "high", \
"case_sensitive": false \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "5" \
} \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "vendor_severity", \
"operator": "==", \
"value": "medium", \
"case_sensitive": false \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "4" \
} \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "vendor_severity", \
"operator": "==", \
"value": "low", \
"case_sensitive": false \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "3" \
} \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "vendor_severity", \
"operator": "==", \
"value": "normal", \
"case_sensitive": false \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "2" \
} \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "vendor_severity", \
"operator": "==", \
"value": "info", \
"case_sensitive": false \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "1" \
} \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "vendor_severity", \
"operator": "==", \
"value": "warning", \
"case_sensitive": false \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "3" \
} \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "vendor_severity", \
"operator": "==", \
"value": "ok", \
"case_sensitive": false \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "2" \
} \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "vendor_severity", \
"operator": "==", \
"value": "down", \
"case_sensitive": false \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "6" \
} \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "vendor_severity", \
"operator": "==", \
"value": "up", \
"case_sensitive": false \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "2" \
} \
] \
}, \
{ \
"condition": "ELSE", \
"outcomes": [ \
{ \
"type": "conf", \
"value": "1" \
} \
] \
} \
] \
}, \
{ \
"name": "title", \
"display_name": "Title", \
"type": "notable_event_field", \
"required": true, \
"default_value": "default_title" \
}, \
{ \
"name": "owner", \
"display_name": "Owner", \
"type": "notable_event_field", \
"required": true, \
"input_type": "conf", \
"default_selected_key": "unassigned", \
"default_value": "unassigned" \
}, \
{ \
"name": "status", \
"display_name": "Status", \
"type": "notable_event_field", \
"required": true, \
"input_type": "conf", \
"default_selected_key": "1", \
"default_value": "1" \
}, \
{ \
"name": "subcomponent", \
"display_name": "Subcomponent", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": true, \
"values": ["{subcomponent}", ["-"]] \
}, \
{ \
"name": "description", \
"display_name": "Description", \
"type": "notable_event_field", \
"required": false \
}, \
{ \
"name": "app", \
"display_name": "App", \
"type": "notable_event_field", \
"required": false \
}, \
{ \
"name": "itsiDrilldownSearchName", \
"display_name": "ITSI Drilldown Search Name", \
"type": "notable_event_field", \
"required": false \
}, \
{ \
"name": "itsiDrilldownSearch", \
"display_name": "ITSI Drilldown Search", \
"type": "notable_event_field", \
"input_type": "composition", \
"required": false, \
"default_selected_field": "itsiDrilldownSearch" \
}, \
{ \
"name": "itsiDrilldownEarliestOffset", \
"display_name": "ITSI Drilldown earliest offset", \
"type": "notable_event_field", \
"default_value": "-900", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownEarliestOffset}", ["-900"]] \
}, \
{ \
"name": "itsiDrilldownLatestOffset", \
"display_name": "ITSI Drilldown latest offset", \
"type": "notable_event_field", \
"default_value": "900", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownLatestOffset}", ["900"]] \
}, \
{ \
"name": "itsiDrilldownWebName", \
"display_name": "ITSI Drilldown Website Name", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "case", \
"required": false, \
"values": [ \
{ \
"condition": "IF", \
"clauses": [ \
{ \
"field": "itsiDrilldownWebName", \
"operator": "is not null" \
} \
], \
"outcomes": [ \
"{itsiDrilldownWebName}" \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "itsiDrilldownWebURL", \
"operator": "is not null" \
} \
], \
"outcomes": [ \
"{title}" \
] \
}, \
{ \
"condition": "ELSE", \
"outcomes": [ \
"Sorry, no external drilldown available" \
] \
} \
] \
}, \
{ \
"name": "itsiDrilldownWebURL", \
"display_name": "ITSI Drilldown Website URL", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownWebURL}", ["https://splunk.com"]] \
}, \
{ \
"name": "itsi_instruction", \
"display_name": "ITSI Instruction", \
"type": "notable_event_field", \
"required": false \
} \
]
throttling_group_by_fields = ["signature", "src", "subcomponent"]
mapping_field_options = []
status_id_mapping =
[nagios]
title = Nagios Default Template
_key = nagios
data_source = nagios
mapping_fields = [ \
{ \
"name": "src", \
"display_name": "Source", \
"type": "source_field", \
"default_value": "nagios", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": true, \
"values": ["{src}", "{src_host}", "{host}", ["nagios"]] \
}, \
{ \
"name": "signature", \
"display_name": "Signature", \
"type": "notable_event_field", \
"required": true, \
"default_value": "default_nagios_signature", \
"input_type": "composition", \
"default_selected_field": "eventname" \
}, \
{ \
"name": "vendor_severity", \
"display_name": "Vendor Severity", \
"type": "notable_event_field", \
"required": true, \
"default_value": "OK", \
"input_type": "composition", \
"default_selected_field": "status_code" \
}, \
{ \
"name": "severity_id", \
"display_name": "Severity ID", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "case", \
"required": true, \
"default_value": "1", \
"values": [ \
{ \
"condition": "IF", \
"clauses": [ \
{ \
"field": "vendor_severity", \
"operator": "==", \
"value": "critical", \
"case_sensitive": false \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "6" \
} \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "vendor_severity", \
"operator": "==", \
"value": "warning", \
"case_sensitive": false \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "3" \
} \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "vendor_severity", \
"operator": "==", \
"value": "ok", \
"case_sensitive": false \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "2" \
} \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "vendor_severity", \
"operator": "==", \
"value": "down", \
"case_sensitive": false \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "6" \
} \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "vendor_severity", \
"operator": "==", \
"value": "up", \
"case_sensitive": false \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "2" \
} \
] \
}, \
{ \
"condition": "ELSE", \
"outcomes": [ \
{ \
"type": "conf", \
"value": "1" \
} \
] \
} \
] \
}, \
{ \
"name": "title", \
"display_name": "Title", \
"type": "notable_event_field", \
"required": true, \
"default_value": "default_title" \
}, \
{ \
"name": "owner", \
"display_name": "Owner", \
"type": "notable_event_field", \
"required": true, \
"input_type": "conf", \
"default_selected_key": "unassigned", \
"default_value": "unassigned" \
}, \
{ \
"name": "status", \
"display_name": "Status", \
"type": "notable_event_field", \
"required": true, \
"input_type": "conf", \
"default_selected_key": "1", \
"default_value": "1" \
}, \
{ \
"name": "subcomponent", \
"display_name": "Subcomponent", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": true, \
"values": ["{subcomponent}", ["-"]] \
}, \
{ \
"name": "description", \
"display_name": "Description", \
"type": "notable_event_field", \
"required": false, \
"input_type": "composition", \
"default_selected_field": "body" \
}, \
{ \
"name": "app", \
"display_name": "App", \
"type": "notable_event_field", \
"required": false, \
"input_type": "composition", \
"default_selected_field": "app" \
}, \
{ \
"name": "itsiDrilldownSearchName", \
"display_name": "ITSI Drilldown Search Name", \
"type": "notable_event_field", \
"required": false \
}, \
{ \
"name": "itsiDrilldownSearch", \
"display_name": "ITSI Drilldown Search", \
"type": "notable_event_field", \
"input_type": "composition", \
"required": false, \
"default_selected_field": "itsiDrilldownSearch" \
}, \
{ \
"name": "itsiDrilldownEarliestOffset", \
"display_name": "ITSI Drilldown earliest offset", \
"type": "notable_event_field", \
"default_value": "-900", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownEarliestOffset}", ["-900"]] \
}, \
{ \
"name": "itsiDrilldownLatestOffset", \
"display_name": "ITSI Drilldown latest offset", \
"type": "notable_event_field", \
"default_value": "900", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownLatestOffset}", ["900"]] \
}, \
{ \
"name": "itsiDrilldownWebName", \
"display_name": "ITSI Drilldown Website Name", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "case", \
"required": false, \
"values": [ \
{ \
"condition": "IF", \
"clauses": [ \
{ \
"field": "itsiDrilldownWebName", \
"operator": "is not null" \
} \
], \
"outcomes": [ \
"{itsiDrilldownWebName}" \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "itsiDrilldownWebURL", \
"operator": "is not null" \
} \
], \
"outcomes": [ \
"{title}" \
] \
}, \
{ \
"condition": "ELSE", \
"outcomes": [ \
"Sorry, no external drilldown available" \
] \
} \
] \
}, \
{ \
"name": "itsiDrilldownWebURL", \
"display_name": "ITSI Drilldown Website URL", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownWebURL}", ["https://splunk.com"]] \
}, \
{ \
"name": "itsi_instruction", \
"display_name": "ITSI Instruction", \
"type": "notable_event_field", \
"required": false \
} \
]
throttling_group_by_fields = ["signature", "src", "subcomponent"]
mapping_field_options = []
status_id_mapping =
[scom]
title = Microsoft SCOM Default Template
_key = scom
data_source = scom
mapping_fields = [ \
{ \
"name": "src", \
"display_name": "Source", \
"type": "source_field", \
"required": true, \
"default_value": "scom", \
"input_type": "composition", \
"default_selected_field": "host" \
}, \
{ \
"name": "signature", \
"display_name": "Signature", \
"type": "notable_event_field", \
"required": true, \
"default_value": "default_scom_signature", \
"input_type": "composition", \
"default_selected_field": "name" \
}, \
{ \
"name": "vendor_severity", \
"display_name": "Vendor Severity", \
"type": "notable_event_field", \
"required": true, \
"default_value": "informational", \
"input_type": "composition", \
"default_selected_field": "vendor_severity" \
}, \
{ \
"name": "severity_id", \
"display_name": "Severity ID", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "case", \
"required": true, \
"default_value": "1", \
"values": [ \
{ \
"condition": "IF", \
"clauses": [ \
{ \
"field": "vendor_severity", \
"operator": "==", \
"value": "critical", \
"case_sensitive": false \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "6" \
} \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "vendor_severity", \
"operator": "==", \
"value": "error", \
"case_sensitive": false \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "5" \
} \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "vendor_severity", \
"operator": "==", \
"value": "warning", \
"case_sensitive": false \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "4" \
} \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "vendor_severity", \
"operator": "==", \
"value": "informational", \
"case_sensitive": false \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "1" \
} \
] \
}, \
{ \
"condition": "ELSE", \
"outcomes": [ \
{ \
"type": "conf", \
"value": "1" \
} \
] \
} \
] \
}, \
{ \
"name": "title", \
"display_name": "Title", \
"type": "notable_event_field", \
"required": true, \
"default_value": "default_title" \
}, \
{ \
"name": "owner", \
"display_name": "Owner", \
"type": "notable_event_field", \
"required": true, \
"input_type": "conf", \
"default_selected_key": "unassigned", \
"default_value": "unassigned" \
}, \
{ \
"name": "status", \
"display_name": "Status", \
"type": "notable_event_field", \
"required": true, \
"input_type": "conf", \
"default_selected_key": "1", \
"default_value": "1" \
}, \
{ \
"name": "subcomponent", \
"display_name": "Subcomponent", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": true, \
"values": ["{subcomponent}", ["-"]] \
}, \
{ \
"name": "description", \
"display_name": "Description", \
"type": "notable_event_field", \
"required": false, \
"input_type": "composition", \
"default_selected_field": "description" \
}, \
{ \
"name": "app", \
"display_name": "App", \
"type": "notable_event_field", \
"required": false \
}, \
{ \
"name": "itsiDrilldownSearchName", \
"display_name": "ITSI Drilldown Search Name", \
"type": "notable_event_field", \
"required": false \
}, \
{ \
"name": "itsiDrilldownSearch", \
"display_name": "ITSI Drilldown Search", \
"type": "notable_event_field", \
"input_type": "composition", \
"required": false, \
"default_selected_field": "itsiDrilldownSearch" \
}, \
{ \
"name": "itsiDrilldownEarliestOffset", \
"display_name": "ITSI Drilldown earliest offset", \
"type": "notable_event_field", \
"default_value": "-900", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownEarliestOffset}", ["-900"]] \
}, \
{ \
"name": "itsiDrilldownLatestOffset", \
"display_name": "ITSI Drilldown latest offset", \
"type": "notable_event_field", \
"default_value": "900", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownLatestOffset}", ["900"]] \
}, \
{ \
"name": "itsiDrilldownWebName", \
"display_name": "ITSI Drilldown Website Name", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "case", \
"required": false, \
"values": [ \
{ \
"condition": "IF", \
"clauses": [ \
{ \
"field": "itsiDrilldownWebName", \
"operator": "is not null" \
} \
], \
"outcomes": [ \
"{itsiDrilldownWebName}" \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "itsiDrilldownWebURL", \
"operator": "is not null" \
} \
], \
"outcomes": [ \
"{title}" \
] \
}, \
{ \
"condition": "ELSE", \
"outcomes": [ \
"Sorry, no external drilldown available" \
] \
} \
] \
}, \
{ \
"name": "itsiDrilldownWebURL", \
"display_name": "ITSI Drilldown Website URL", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownWebURL}", ["https://splunk.com"]] \
}, \
{ \
"name": "itsi_instruction", \
"display_name": "ITSI Instruction", \
"type": "notable_event_field", \
"required": false \
} \
]
throttling_group_by_fields = ["signature", "src", "subcomponent"]
mapping_field_options = []
status_id_mapping =
[o11y]
title = O11y Default Template
_key = o11y
data_source = o11y
mapping_fields = [ \
{ \
"name": "src", \
"display_name": "Source", \
"type": "source_field", \
"required": true, \
"default_value": "o11y", \
"input_type": "composition", \
"default_selected_field": "src" \
}, \
{ \
"name": "signature", \
"display_name": "Signature", \
"type": "notable_event_field", \
"required": true, \
"default_value": "default_o11y_signature", \
"input_type": "composition", \
"default_selected_field": "signature" \
}, \
{ \
"name": "vendor_severity", \
"display_name": "Vendor Severity", \
"type": "notable_event_field", \
"required": true, \
"default_value": "OK", \
"input_type": "composition", \
"default_selected_field": "vendor_severity" \
}, \
{ \
"name": "severity_id", \
"display_name": "Severity ID", \
"type": "notable_event_field", \
"required": true, \
"default_value": "1", \
"input_type": "composition", \
"default_selected_field": "severity_id" \
}, \
{ \
"name": "title", \
"display_name": "Title", \
"type": "notable_event_field", \
"required": true, \
"default_value": "default_title", \
"input_type": "composition", \
"default_selected_field": "signature" \
}, \
{ \
"name": "owner", \
"display_name": "Owner", \
"type": "notable_event_field", \
"required": true, \
"input_type": "conf", \
"default_selected_key": "unassigned", \
"default_value": "unassigned" \
}, \
{ \
"name": "status", \
"display_name": "Status", \
"type": "notable_event_field", \
"required": true, \
"input_type": "conf", \
"default_selected_key": "1", \
"default_value": "1" \
}, \
{ \
"name": "subcomponent", \
"display_name": "Subcomponent", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": true, \
"values": ["{subcomponent}", ["-"]] \
}, \
{ \
"name": "description", \
"display_name": "Description", \
"type": "notable_event_field", \
"required": false, \
"input_type": "composition", \
"default_selected_field": "description" \
}, \
{ \
"name": "app", \
"display_name": "App", \
"type": "notable_event_field", \
"required": false, \
"input_type": "composition", \
"default_selected_field": "app" \
}, \
{ \
"name": "itsiDrilldownSearchName", \
"display_name": "ITSI Drilldown Search Name", \
"type": "notable_event_field", \
"required": false \
}, \
{ \
"name": "itsiDrilldownSearch", \
"display_name": "ITSI Drilldown Search", \
"type": "notable_event_field", \
"input_type": "composition", \
"required": false, \
"default_selected_field": "itsiDrilldownSearch" \
}, \
{ \
"name": "itsiDrilldownEarliestOffset", \
"display_name": "ITSI Drilldown earliest offset", \
"type": "notable_event_field", \
"default_value": "-900", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownEarliestOffset}", ["-900"]] \
}, \
{ \
"name": "itsiDrilldownLatestOffset", \
"display_name": "ITSI Drilldown latest offset", \
"type": "notable_event_field", \
"default_value": "900", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownLatestOffset}", ["900"]] \
}, \
{ \
"name": "itsiDrilldownWebName", \
"display_name": "ITSI Drilldown Website Name", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "case", \
"required": false, \
"values": [ \
{ \
"condition": "IF", \
"clauses": [ \
{ \
"field": "itsiDrilldownWebName", \
"operator": "is not null" \
} \
], \
"outcomes": [ \
"{itsiDrilldownWebName}" \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "itsiDrilldownWebURL", \
"operator": "is not null" \
} \
], \
"outcomes": [ \
"{title}" \
] \
}, \
{ \
"condition": "ELSE", \
"outcomes": [ \
"Sorry, no external drilldown available" \
] \
} \
] \
}, \
{ \
"name": "itsiDrilldownWebURL", \
"display_name": "ITSI Drilldown Website URL", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownWebURL}", ["https://splunk.com"]] \
}, \
{ \
"name": "itsi_instruction", \
"display_name": "ITSI Instruction", \
"type": "notable_event_field", \
"required": false \
} \
]
throttling_group_by_fields = ["signature", "src", "subcomponent"]
mapping_field_options = []
status_id_mapping =
[appdynamics]
title = Splunk AppDynamics Default Template
_key = appdynamics
data_source = appdynamics
mapping_fields = [ \
{ \
"name": "src", \
"display_name": "Source", \
"type": "source_field", \
"required": true, \
"default_value": "appdynamics", \
"input_type": "composition", \
"default_selected_field": "src" \
}, \
{ \
"name": "signature", \
"display_name": "Signature", \
"type": "notable_event_field", \
"required": true, \
"default_value": "default_appdynamics_signature", \
"input_type": "composition", \
"default_selected_field": "signature" \
}, \
{ \
"name": "vendor_severity", \
"display_name": "Vendor Severity", \
"type": "notable_event_field", \
"required": true, \
"default_value": "OK", \
"input_type": "composition", \
"default_selected_field": "vendor_severity" \
}, \
{ \
"name": "severity_id", \
"display_name": "Severity ID", \
"type": "notable_event_field", \
"required": true, \
"default_value": "1", \
"input_type": "composition", \
"default_selected_field": "severity_id" \
}, \
{ \
"name": "title", \
"display_name": "Title", \
"type": "notable_event_field", \
"required": true, \
"default_value": "default_title", \
"input_type": "composition", \
"default_selected_field": "signature" \
}, \
{ \
"name": "owner", \
"display_name": "Owner", \
"type": "notable_event_field", \
"required": true, \
"input_type": "conf", \
"default_selected_key": "unassigned", \
"default_value": "unassigned" \
}, \
{ \
"name": "status", \
"display_name": "Status", \
"type": "notable_event_field", \
"required": true, \
"input_type": "conf", \
"default_selected_key": "1", \
"default_value": "1" \
}, \
{ \
"name": "subcomponent", \
"display_name": "Subcomponent", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": true, \
"values": ["{subcomponent}", ["-"]] \
}, \
{ \
"name": "description", \
"display_name": "Description", \
"type": "notable_event_field", \
"required": false, \
"input_type": "composition", \
"default_selected_field": "description" \
}, \
{ \
"name": "app", \
"display_name": "App", \
"type": "notable_event_field", \
"required": false, \
"input_type": "composition", \
"default_selected_field": "app" \
}, \
{ \
"name": "itsiDrilldownSearchName", \
"display_name": "ITSI Drilldown Search Name", \
"type": "notable_event_field", \
"required": false \
}, \
{ \
"name": "itsiDrilldownSearch", \
"display_name": "ITSI Drilldown Search", \
"type": "notable_event_field", \
"input_type": "composition", \
"required": false, \
"default_selected_field": "itsiDrilldownSearch" \
}, \
{ \
"name": "itsiDrilldownEarliestOffset", \
"display_name": "ITSI Drilldown earliest offset", \
"type": "notable_event_field", \
"default_value": "-900", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownEarliestOffset}", ["-900"]] \
}, \
{ \
"name": "itsiDrilldownLatestOffset", \
"display_name": "ITSI Drilldown latest offset", \
"type": "notable_event_field", \
"default_value": "900", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownLatestOffset}", ["900"]] \
}, \
{ \
"name": "itsiDrilldownWebName", \
"display_name": "ITSI Drilldown Website Name", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "case", \
"required": false, \
"values": [ \
{ \
"condition": "IF", \
"clauses": [ \
{ \
"field": "itsiDrilldownWebName", \
"operator": "is not null" \
} \
], \
"outcomes": [ \
"{itsiDrilldownWebName}" \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "itsiDrilldownWebURL", \
"operator": "is not null" \
} \
], \
"outcomes": [ \
"{title}" \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "itsiDrilldownURI", \
"operator": "is not null" \
} \
], \
"outcomes": [ \
"{title}" \
] \
}, \
{ \
"condition": "ELSE", \
"outcomes": [ \
"Sorry, no external drilldown available" \
] \
} \
] \
}, \
{ \
"name": "itsiDrilldownWebURL", \
"display_name": "ITSI Drilldown Website URL", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownURI}", "{itsiDrilldownWebURL}", ["https://splunk.com"]] \
}, \
{ \
"name": "itsi_instruction", \
"display_name": "ITSI Instruction", \
"type": "notable_event_field", \
"required": false \
} \
]
throttling_group_by_fields = ["signature", "src", "subcomponent"]
mapping_field_options = []
status_id_mapping =
[cloudtrail]
title = CloudTrail Default Template
_key = cloudtrail
data_source = cloudtrail
mapping_fields = [ \
{ \
"name": "src", \
"display_name": "Source", \
"type": "source_field", \
"required": true, \
"default_value": "cloudtrail", \
"input_type": "composition", \
"default_selected_field": "eventSource" \
}, \
{ \
"name": "signature", \
"display_name": "Signature", \
"type": "notable_event_field", \
"required": true, \
"default_value": "default_cloudtrail_signature", \
"input_type": "composition", \
"default_selected_field": "eventName" \
}, \
{ \
"name": "vendor_severity", \
"display_name": "Vendor Severity", \
"type": "notable_event_field", \
"required": true, \
"default_value": "OK", \
"input_type": "composition", \
"default_selected_field": "errorCode" \
}, \
{ \
"name": "severity_id", \
"display_name": "Severity ID", \
"type": "notable_event_field", \
"required": true, \
"default_value": "1", \
"input_type": "mapping_rule", \
"rule_type": "case", \
"values": [ \
{ \
"condition": "IF", \
"clauses": [ \
{ \
"field": "errorCode", \
"operator": "!=", \
"value": "Success" \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "6" \
} \
] \
}, \
{ \
"condition": "ELSE", \
"outcomes": [ \
{ \
"type": "conf", \
"value": "1" \
} \
] \
} \
] \
}, \
{ \
"name": "title", \
"display_name": "Title", \
"type": "notable_event_field", \
"required": true, \
"default_value": "default_title", \
"input_type": "composition", \
"default_selected_field": "eventID" \
}, \
{ \
"name": "owner", \
"display_name": "Owner", \
"type": "notable_event_field", \
"required": true, \
"input_type": "conf", \
"default_selected_key": "unassigned", \
"default_value": "unassigned" \
}, \
{ \
"name": "status", \
"display_name": "Status", \
"type": "notable_event_field", \
"required": true, \
"input_type": "conf", \
"default_selected_key": "1", \
"default_value": "1" \
}, \
{ \
"name": "subcomponent", \
"display_name": "Subcomponent", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": true, \
"values": ["{subcomponent}", ["-"]] \
}, \
{ \
"name": "description", \
"display_name": "Description", \
"type": "notable_event_field", \
"required": false, \
"input_type": "composition", \
"default_selected_field": "errorMessage" \
}, \
{ \
"name": "app", \
"display_name": "App", \
"type": "notable_event_field", \
"required": false, \
"input_type": "composition", \
"default_selected_field": "app" \
}, \
{ \
"name": "itsiDrilldownSearchName", \
"display_name": "ITSI Drilldown Search Name", \
"type": "notable_event_field", \
"required": false \
}, \
{ \
"name": "itsiDrilldownSearch", \
"display_name": "ITSI Drilldown Search", \
"type": "notable_event_field", \
"input_type": "composition", \
"required": false, \
"default_selected_field": "itsiDrilldownSearch" \
}, \
{ \
"name": "itsiDrilldownEarliestOffset", \
"display_name": "ITSI Drilldown earliest offset", \
"type": "notable_event_field", \
"default_value": "-900", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownEarliestOffset}", ["-900"]] \
}, \
{ \
"name": "itsiDrilldownLatestOffset", \
"display_name": "ITSI Drilldown latest offset", \
"type": "notable_event_field", \
"default_value": "900", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownLatestOffset}", ["900"]] \
}, \
{ \
"name": "itsiDrilldownWebName", \
"display_name": "ITSI Drilldown Website Name", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "case", \
"required": false, \
"values": [ \
{ \
"condition": "IF", \
"clauses": [ \
{ \
"field": "itsiDrilldownWebName", \
"operator": "is not null" \
} \
], \
"outcomes": [ \
"{itsiDrilldownWebName}" \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "itsiDrilldownWebURL", \
"operator": "is not null" \
} \
], \
"outcomes": [ \
"{title}" \
] \
}, \
{ \
"condition": "ELSE", \
"outcomes": [ \
"Sorry, no external drilldown available" \
] \
} \
] \
}, \
{ \
"name": "itsiDrilldownWebURL", \
"display_name": "ITSI Drilldown Website URL", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownWebURL}", ["https://splunk.com"]] \
}, \
{ \
"name": "itsi_instruction", \
"display_name": "ITSI Instruction", \
"type": "notable_event_field", \
"required": false \
} \
]
throttling_group_by_fields = ["signature", "src", "subcomponent"]
mapping_field_options = []
status_id_mapping =
[solarwinds]
title = Solarwinds Default Template
_key = solarwinds
data_source = solarwinds
mapping_fields = [ \
{ \
"name": "src", \
"display_name": "Source", \
"type": "source_field", \
"required": true, \
"default_value": "solarwinds", \
"input_type": "regex", \
"regex": ".*\\\/\\\/(?<itsi_field_name>[^\\\/]*)", \
"regex_source": "Uri" \
}, \
{ \
"name": "signature", \
"display_name": "Signature", \
"type": "notable_event_field", \
"required": true, \
"default_value": "default_solarwinds_signature", \
"input_type": "regex", \
"regex": "Component\\s+(?<itsi_field_name>\"[^\"]+\"|[\\w]+)", \
"regex_source": "Message" \
}, \
{ \
"name": "vendor_severity", \
"display_name": "Vendor Severity", \
"type": "notable_event_field", \
"required": true, \
"default_value": "OK", \
"input_type": "regex", \
"regex": ".* is (?<itsi_field_name>\\w+)", \
"regex_source": "Message" \
}, \
{ \
"name": "severity_id", \
"display_name": "Severity ID", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "case", \
"required": true, \
"default_value": "1", \
"values": [ \
{ \
"condition": "IF", \
"clauses": [ \
{ \
"field": "vendor_severity", \
"operator": "==", \
"value": "down", \
"case_sensitive": false \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "6" \
} \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "vendor_severity", \
"operator": "==", \
"value": "up", \
"case_sensitive": false \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "2" \
} \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "vendor_severity", \
"operator": "==", \
"value": "critical", \
"case_sensitive": false \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "6" \
} \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "vendor_severity", \
"operator": "==", \
"value": "warning", \
"case_sensitive": false \
} \
], \
"outcomes": [ \
{ \
"type": "conf", \
"value": "3" \
} \
] \
}, \
{ \
"condition": "ELSE", \
"outcomes": [ \
{ \
"type": "conf", \
"value": "1" \
} \
] \
} \
] \
}, \
{ \
"name": "title", \
"display_name": "Title", \
"type": "notable_event_field", \
"required": true, \
"default_value": "default_title" \
}, \
{ \
"name": "owner", \
"display_name": "Owner", \
"type": "notable_event_field", \
"required": true, \
"input_type": "conf", \
"default_selected_key": "unassigned", \
"default_value": "unassigned" \
}, \
{ \
"name": "status", \
"display_name": "Status", \
"type": "notable_event_field", \
"required": true, \
"input_type": "conf", \
"default_selected_key": "1", \
"default_value": "1" \
}, \
{ \
"name": "subcomponent", \
"display_name": "Subcomponent", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": true, \
"values": ["{subcomponent}", ["-"]] \
}, \
{ \
"name": "description", \
"display_name": "Description", \
"type": "notable_event_field", \
"required": false, \
"input_type": "composition", \
"default_selected_key": "description" \
}, \
{ \
"name": "app", \
"display_name": "App", \
"type": "notable_event_field", \
"required": false \
}, \
{ \
"name": "itsiDrilldownSearchName", \
"display_name": "ITSI Drilldown Search Name", \
"type": "notable_event_field", \
"required": false \
}, \
{ \
"name": "itsiDrilldownSearch", \
"display_name": "ITSI Drilldown Search", \
"type": "notable_event_field", \
"input_type": "composition", \
"required": false, \
"default_selected_field": "itsiDrilldownSearch" \
}, \
{ \
"name": "itsiDrilldownEarliestOffset", \
"display_name": "ITSI Drilldown earliest offset", \
"type": "notable_event_field", \
"default_value": "-900", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownEarliestOffset}", ["-900"]] \
}, \
{ \
"name": "itsiDrilldownLatestOffset", \
"display_name": "ITSI Drilldown latest offset", \
"type": "notable_event_field", \
"default_value": "900", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownLatestOffset}", ["900"]] \
}, \
{ \
"name": "itsiDrilldownWebName", \
"display_name": "ITSI Drilldown Website Name", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "case", \
"required": false, \
"values": [ \
{ \
"condition": "IF", \
"clauses": [ \
{ \
"field": "itsiDrilldownWebName", \
"operator": "is not null" \
} \
], \
"outcomes": [ \
"{itsiDrilldownWebName}" \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "itsiDrilldownWebURL", \
"operator": "is not null" \
} \
], \
"outcomes": [ \
"{title}" \
] \
}, \
{ \
"condition": "ELSE", \
"outcomes": [ \
"Sorry, no external drilldown available" \
] \
} \
] \
}, \
{ \
"name": "itsiDrilldownWebURL", \
"display_name": "ITSI Drilldown Website URL", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownWebURL}", ["https://splunk.com"]] \
}, \
{ \
"name": "itsi_instruction", \
"display_name": "ITSI Instruction", \
"type": "notable_event_field", \
"required": false \
} \
]
throttling_group_by_fields = ["signature", "src", "subcomponent"]
mapping_field_options = []
status_id_mapping =
[thousandeyes]
title = Cisco ThousandEyes Default Template
_key = thousandeyes
data_source = thousandeyes
mapping_fields = [ \
{ \
"name": "src", \
"display_name": "Source", \
"type": "source_field", \
"required": true, \
"default_value": "thousandeyes", \
"input_type": "composition", \
"default_selected_field": "src" \
}, \
{ \
"name": "signature", \
"display_name": "Signature", \
"type": "notable_event_field", \
"required": true, \
"default_value": "default_thousandeyes_signature", \
"input_type": "composition", \
"default_selected_field": "signature" \
}, \
{ \
"name": "vendor_severity", \
"display_name": "Vendor Severity", \
"type": "notable_event_field", \
"required": true, \
"default_value": "OK", \
"input_type": "composition", \
"default_selected_field": "vendor_severity" \
}, \
{ \
"name": "severity_id", \
"display_name": "Severity ID", \
"type": "notable_event_field", \
"required": true, \
"default_value": "1", \
"input_type": "composition", \
"default_selected_field": "severity_id" \
}, \
{ \
"name": "title", \
"display_name": "Title", \
"type": "notable_event_field", \
"required": true, \
"default_value": "default_title", \
"input_type": "composition", \
"default_selected_field": "signature" \
}, \
{ \
"name": "owner", \
"display_name": "Owner", \
"type": "notable_event_field", \
"required": true, \
"input_type": "conf", \
"default_selected_key": "unassigned", \
"default_value": "unassigned" \
}, \
{ \
"name": "status", \
"display_name": "Status", \
"type": "notable_event_field", \
"required": true, \
"input_type": "conf", \
"default_selected_key": "1", \
"default_value": "1" \
}, \
{ \
"name": "subcomponent", \
"display_name": "Subcomponent", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": true, \
"values": ["{subcomponent}", ["-"]] \
}, \
{ \
"name": "description", \
"display_name": "Description", \
"type": "notable_event_field", \
"required": false, \
"input_type": "composition", \
"default_selected_field": "description" \
}, \
{ \
"name": "app", \
"display_name": "App", \
"type": "notable_event_field", \
"required": false, \
"input_type": "composition", \
"default_selected_field": "app" \
}, \
{ \
"name": "itsiDrilldownSearchName", \
"display_name": "ITSI Drilldown Search Name", \
"type": "notable_event_field", \
"required": false \
}, \
{ \
"name": "itsiDrilldownSearch", \
"display_name": "ITSI Drilldown Search", \
"type": "notable_event_field", \
"input_type": "composition", \
"required": false, \
"default_selected_field": "itsiDrilldownSearch" \
}, \
{ \
"name": "itsiDrilldownEarliestOffset", \
"display_name": "ITSI Drilldown earliest offset", \
"type": "notable_event_field", \
"default_value": "-900", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownEarliestOffset}", ["-900"]] \
}, \
{ \
"name": "itsiDrilldownLatestOffset", \
"display_name": "ITSI Drilldown latest offset", \
"type": "notable_event_field", \
"default_value": "900", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownLatestOffset}", ["900"]] \
}, \
{ \
"name": "itsiDrilldownWebName", \
"display_name": "ITSI Drilldown Website Name", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "case", \
"required": false, \
"values": [ \
{ \
"condition": "IF", \
"clauses": [ \
{ \
"field": "itsiDrilldownWebName", \
"operator": "is not null" \
} \
], \
"outcomes": [ \
"{itsiDrilldownWebName}" \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "itsiDrilldownWebURL", \
"operator": "is not null" \
} \
], \
"outcomes": [ \
"{title}" \
] \
}, \
{ \
"condition": "ELSE_IF", \
"clauses": [ \
{ \
"field": "itsiDrilldownURI", \
"operator": "is not null" \
} \
], \
"outcomes": [ \
"{title}" \
] \
}, \
{ \
"condition": "ELSE", \
"outcomes": [ \
"Sorry, no external drilldown available" \
] \
} \
] \
}, \
{ \
"name": "itsiDrilldownWebURL", \
"display_name": "ITSI Drilldown Website URL", \
"type": "notable_event_field", \
"input_type": "mapping_rule", \
"rule_type": "coalesce", \
"required": false, \
"values": ["{itsiDrilldownURI}", "{itsiDrilldownWebURL}", ["https://splunk.com"]] \
}, \
{ \
"name": "itsi_instruction", \
"display_name": "ITSI Instruction", \
"type": "notable_event_field", \
"required": false \
} \
]
throttling_group_by_fields = ["signature", "src", "subcomponent"]
mapping_field_options = []
status_id_mapping =
Reference in new issue View Git Blame Copy Permalink