TrackMe SVC usage stack 0, stack_license_svc*.8, null())\n | eval degradation_threshold=stack_license_svc*.9\n | eval degraded=if(stack_license_svc>0 AND utilized_svc>=degradation_threshold,utilized_svc,null())\n | eval elevated=if(stack_license_svc>0 AND utilized_svc>=optimal_threshold AND isnull(degraded),utilized_svc,null())\n | eval utilized_svc=if(isnull(elevated) AND isnull(degraded),utilized_svc,null())\n | eval \"license limit\"=if(stack_license_svc>0,stack_license_svc,null())\n | fields - degradation_threshold stack_license_svc\n | rename optimal_threshold as \"optimal utilization threshold\", utilized_svc as \"utilized SVC\"", "queryParameters": { "earliest": "$global_time.earliest$", "latest": "$global_time.latest$" } }, "name": "stack_svc" }, "ds_0HJP5tjw": { "type": "ds.search", "options": { "query": "(index=_cmc_summary OR index=summary) source=\"splunk-entitlements\"\n | stats latest(svc_license) as svc_license\n | eval display=if(svc_license>0,tostring(svc_license,\"commas\").\" SVC\", \"N/A\")\n | fields display", "queryParameters": { "earliest": "-24h@h", "latest": "now" } }, "name": "svc_entitlement" }, "ds_vFBi4bSQ": { "type": "ds.search", "options": { "query": "(index=_cmc_summary OR index=summary) source=\"splunk-svc-search-attribution\" svc_usage=*\n | fields svc_usage svc_consumer svc_consumption_score search_type search_app search_label search_user search_head_names unified_sid process_type\n | fillnull value=\"\" svc_consumer process_type search_provenances search_type search_app search_label search_user unified_sid search_modes labels search_head_names usage_source\n | search search_app=\"trackme\"\n | stats max(svc_usage) as utilized_svc by _time svc_consumer search_type search_app search_label search_user search_head_names unified_sid process_type\n | timechart span=1h sum(utilized_svc) as sum_svc" }, "name": "trackme_usage_per_hour" }, "ds_xSjMkQKs": { "type": "ds.search", "options": { "query": "(index=_cmc_summary OR index=summary) source=\"splunk-svc-search-attribution\" svc_usage=*\n | fields svc_usage svc_consumer svc_consumption_score search_type search_app search_label search_user search_head_names unified_sid process_type\n | fillnull value=\"\" svc_consumer process_type search_provenances search_type search_app search_label search_user unified_sid search_modes labels search_head_names usage_source\n | stats max(svc_usage) as utilized_svc by _time svc_consumer search_type search_app search_label search_user search_head_names unified_sid process_type\n | bucket _time span=1h\n | stats sum(utilized_svc) as svc by _time, search_app\n | eval search_app=if(isnull(search_app) OR search_app=\"\", \"NA\", search_app)\n | eventstats sum(svc) as total_svc by _time\n | eval pct=svc/total_svc*100\n | search search_app=\"trackme\"\n | fields _time search_app pct\n | timechart span=1h first(pct) as pct by search_app\n", "queryParameters": { "earliest": "$global_time.earliest$", "latest": "$global_time.latest$" } }, "name": "trackme_pct_stack_usage" }, "ds_HvTFWH2P": { "type": "ds.search", "options": { "query": "index=_telemetry (host=*.*splunk*.* NOT host=sh*.*splunk*.*) source=*license_usage_summary.log* TERM(\"type=RolloverSummary\") \n| rex field=_raw \"^(?\\d\\d-\\d\\d-\\d{4}\\s\\d\\d:\\d\\d:\\d\\d.\\d{3}\\s\\+\\d{4})\" \n| eval _time=strptime(timestring,\"%m-%d-%Y %H:%M:%S.%N%z\") \n| eval z=strftime(now(),\"%z\") \n| eval m=substr(z,-2) \n| eval h=substr(z,2,2) \n| eval mzone=if(z != 0, ((h*60)+m)*(z/abs(z)), 0) \n| eval min_to_utc=-1440-mzone \n| eval rel_time=min_to_utc.\"m\" \n| eval _time=relative_time(_time, rel_time) \n| bin _time span=1d \n| eval slave=if(isnull(slave), \"unknown\", slave)\n| stats latest(b) AS b by slave, pool, _time \n| timechart span=1d sum(b) AS \"volume\" fixedrange=true \n| eval GB=round(volume/1024/1024/1024, 2) \n| stats values(*) as * by _time \n| fields - volume \n| stats avg(GB) as avg_GB \n| eval avg_GB=round(avg_GB, 2)" }, "name": "stack_ingest" }, "ds_CMiUQzG8_ds_HvTFWH2P": { "type": "ds.search", "options": { "query": "(index=_cmc_summary OR index=summary) source=\"splunk-svc-search-attribution\" svc_usage=*\n | fields svc_usage svc_consumer svc_consumption_score search_type search_app search_label search_user search_head_names unified_sid process_type\n | fillnull value=\"\" svc_consumer process_type search_provenances search_type search_app search_label search_user unified_sid search_modes labels search_head_names usage_source\n\n | stats max(svc_usage) as utilized_svc by _time svc_consumer search_type search_app search_label search_user search_head_names unified_sid process_type\n | bucket _time span=1h\n | stats sum(utilized_svc) as svc by _time, search_app\n | eval search_app=if(isnull(search_app) OR search_app=\"\", \"NA\", search_app)\n | eventstats sum(svc) as total_svc by _time\n \n | eval pct=svc/total_svc*100\n | search search_app=\"trackme\"\n \n | fields _time search_app pct\n | stats avg(pct) as avg_pct, perc95(pct) as perc95\n" }, "name": "trackme_pct_single" }, "ds_ra2AYETO": { "type": "ds.chain", "options": { "extend": "ds_CMiUQzG8_ds_HvTFWH2P", "query": "| fields avg_pct" }, "name": "single_pct_avg" }, "ds_w5uhHl8D": { "type": "ds.chain", "options": { "extend": "ds_CMiUQzG8_ds_HvTFWH2P", "query": "| fields perc95" }, "name": "single_pct_perc95" } }, "defaults": { "dataSources": { "ds.search": { "options": { "queryParameters": { "latest": "$global_time.latest$", "earliest": "$global_time.earliest$" } } } } }, "inputs": { "input_global_trp": { "type": "input.timerange", "options": { "token": "global_time", "defaultValue": "-30d@d,@d" }, "title": "Global Time Range" } }, "layout": { "type": "absolute", "options": { "display": "auto-scale", "height": 1200 }, "structure": [ { "item": "viz_wEwqDRvv", "type": "block", "position": { "x": 0, "y": 130, "w": 1200, "h": 310 } }, { "item": "viz_CL7Yd48d", "type": "block", "position": { "x": 240, "y": 10, "w": 270, "h": 120 } }, { "item": "viz_3dm54Wnf", "type": "block", "position": { "x": 0, "y": 480, "w": 1200, "h": 300 } }, { "item": "viz_8NRmlyOE", "type": "block", "position": { "x": 0, "y": 900, "w": 1200, "h": 300 } }, { "item": "viz_us5aI0OR", "type": "block", "position": { "x": 670, "y": 10, "w": 270, "h": 120 } }, { "item": "viz_rN1Rglnc", "type": "block", "position": { "x": 290, "y": 790, "w": 270, "h": 120 } }, { "item": "viz_fGOeP9lm", "type": "block", "position": { "x": 600, "y": 790, "w": 270, "h": 120 } } ], "globalInputs": [ "input_global_trp" ] }, "description": "", "title": "TrackMe SVC usage stack" } ]]>