You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
40 lines
1.0 KiB
40 lines
1.0 KiB
addAiFields: true # Whether we should add AI fields to the alerts
|
|
maxFields: 10 # Maximum # of fields to return from FieldSelector
|
|
# List of field names =>
|
|
# We will drop any fields with these names regardless of their values
|
|
namesToDrop:
|
|
- groupingid
|
|
- entity_key
|
|
- search_name
|
|
- search_type
|
|
- owner
|
|
- event_identifier_fields
|
|
- search_type
|
|
- itsi_instruction
|
|
- is_use_event_time
|
|
- event_id
|
|
- mod_time
|
|
- log_level
|
|
- rid
|
|
- _time
|
|
- cpu_time
|
|
- latency
|
|
- ts
|
|
# List of prefixes =>
|
|
# We will drop any fields whose names begin with these prefixes
|
|
prefixesToDrop:
|
|
- drilldown
|
|
- itsiDrilldown
|
|
- event_identifier_
|
|
- orig_
|
|
# List of search terms =>
|
|
# We will drop any fields whose names contain these search terms
|
|
searchTermsToDrop:
|
|
- severity
|
|
- status
|
|
# List of search terms for AI fields =>
|
|
# We will use any fields whose names contain these search terms as input to our AI field extraction logi
|
|
searchTermsForAiFields:
|
|
- title
|
|
- summary
|
|
- description |