You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
68 lines
3.6 KiB
68 lines
3.6 KiB
[Splunk_ML_Toolkit - ML-SPL - Telemetry Gen]
|
|
action.email.sendresults = 0
|
|
action.outputtelemetry = 1
|
|
action.outputtelemetry.param.anonymous = 1
|
|
action.outputtelemetry.param.support = 0
|
|
action.outputtelemetry.param.license = 0
|
|
action.outputtelemetry.param.optinrequired = 3
|
|
action.outputtelemetry.param.component = app.Splunk_ML_Toolkit.mlspl
|
|
action.outputtelemetry.param.input = data
|
|
action.outputtelemetry.param.type = aggregate
|
|
alert.track = false
|
|
counttype = number of events
|
|
relation = greater than
|
|
quantity = 0
|
|
cron_schedule = 33 3 * * *
|
|
description = Sends anonymous ML operational data
|
|
disabled = False
|
|
dispatch.earliest_time = -1d@d
|
|
dispatch.latest_time = @d
|
|
enableSched = 1
|
|
is_visible = false
|
|
schedule_window = auto
|
|
search = index="_internal" source="*mlspl.log*" \
|
|
| rex field=_raw "PID (?<PID>\d+)" \
|
|
| stats values(*) as *, max(columns) as maxColumns, sum(rows) as numRows by PID \
|
|
| where isnotnull(command) and (isnotnull(algo_name) or isnotnull(scoringName) or isnotnull(provider)) \
|
|
| sort _time \
|
|
| stats values(*) as *, max(columns) as maxColumns, sum(rows) as numRows by PID, UUID \
|
|
| fields PID UUID algo_name app_context apply_time command csv_parse_time csv_read_time csv_render_time \
|
|
example_name experiment_id fit_time handle_time maxColumns modelId num_fields num_fields_PC num_fields_RS num_fields_SS \
|
|
num_fields_fs num_fields_prefixed num_fields_tfidf numRows params partialFit pipeline_stage scoringName scoringTimeSec \
|
|
onnx_model_validate_and_upload_time onnx_model_size_on_disk_mb col_dimension onnx_input_shape dataframe_shape metrics_type model_upload \
|
|
ai_processing_time provider model rows rows_processed_time \
|
|
| head 1000 \
|
|
| makejson output=data \
|
|
| table data
|
|
|
|
[Splunk_ML_Toolkit - ML-SPL - Sourcetype Inference]
|
|
action.email.sendresults = 0
|
|
action.outputtelemetry = 1
|
|
action.outputtelemetry.param.anonymous = 1
|
|
action.outputtelemetry.param.support = 0
|
|
action.outputtelemetry.param.license = 0
|
|
action.outputtelemetry.param.optinrequired = 3
|
|
action.outputtelemetry.param.component = app.Splunk_ML_Toolkit.sourcetype
|
|
action.outputtelemetry.param.input = data
|
|
action.outputtelemetry.param.type = aggregate
|
|
alert.track = false
|
|
counttype = number of events
|
|
relation = greater than
|
|
quantity = 0
|
|
cron_schedule = 33 3 * * *
|
|
description = Sends information required for sourcetype infererence
|
|
disabled = False
|
|
dispatch.earliest_time = -1d@d
|
|
dispatch.latest_time = @d
|
|
enableSched = 1
|
|
is_visible = false
|
|
schedule_window = auto
|
|
search = index="_internal" source="*mlspl.log*" \
|
|
| rex field=_raw "Sourcetype inference: Punct (?<full_punct>[^ ]+) has sourcetype (?<orig_sourcetype>.*)" \
|
|
| search full_punct=* AND orig_sourcetype=* \
|
|
| stats count by orig_sourcetype, full_punct \
|
|
| sample 1000 \
|
|
| makejson output=data \
|
|
| table data
|
|
|