You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10 lines
944 B
10 lines
944 B
[ace_field_analyzer]
|
|
black_list_fields = event_id,owner,severity,host,drilldown_search_title,drilldown_search_earliest_offset,drilldown_title,drilldown_uri,search_type,time,entity_key,orig_rid,_raw,_time,splunk_server,_cd,_bkt,mod_time,orig_sid,is_use_event_time,eventtype,tag,splunk_server_group,search_name,rid,linecount,index,event_identifier_fields,source,sourcetype,tag::eventtype,drilldown_search_search,drilldown_search_latest_offset,punct,timeendpos,timestartpos,alerttriggertime,orig_raw,service_ids,serviceid,entity_title
|
|
text_field_names = comment,description,summary,review,message
|
|
### Ignore fields that contain in their name any of the key words in this list
|
|
### Key word "time" will ignore fields that represent time like alert_triggertime,alerttriggertime,lasttimeup, etc ...
|
|
ignore_fields_that_contain = time
|
|
threshold_distinct_value_perc = 35
|
|
min_distinct_value_perc = 10
|
|
max_count_perc = 80
|
|
threshold_event_coverage_perc = 10 |