You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
28 lines
1.4 KiB
28 lines
1.4 KiB
[AI team Event iQ telemetry]
|
|
action.email.sendresults = 0
|
|
action.outputtelemetry = 1
|
|
action.outputtelemetry.param.anonymous = 1
|
|
action.outputtelemetry.param.support = 0
|
|
action.outputtelemetry.param.license = 0
|
|
action.outputtelemetry.param.optinrequired = 3
|
|
action.outputtelemetry.param.component = app.SA-ITSI-AlertCorrelation
|
|
action.outputtelemetry.param.input = data
|
|
action.outputtelemetry.param.type = aggregate
|
|
alert.track = false
|
|
counttype = number of events
|
|
relation = greater than
|
|
quantity = 0
|
|
cron_schedule = 33 3 * * *
|
|
description = Sends anonymous telemetry for the AI teams aspect of Event iQ in ITSI
|
|
disabled = False
|
|
dispatch.earliest_time = -1d@d
|
|
dispatch.latest_time = @d
|
|
enableSched = 1
|
|
is_visible = false
|
|
schedule_window = auto
|
|
search = index="_internal" source=*rules* itsi_ai_telemetry \
|
|
| rex field=_raw "itsi_ai_telemetry: (?<message>.*)" \
|
|
| stats count by message \
|
|
| table message, count \
|
|
| tojson output_field=data \
|
|
| table data |