[deployment_server_detail(2)]
args = deployment_server, hostname
definition = rest /services/deployment/server/clients splunk_server=$deployment_server$ | rename splunk_server as deployment_server | eval sourceHost = if( isnull(sourceDomain), hostname, sourceHost ) | eval sourceHost = upper(sourceHost) | rex field=utsname "(?<os>[^\-]+)\-(?<arch>.+)" | eval os = case( os = "linux", "Linux", os = "windows", "Windows" ) | fields - utsname hostname | rename sourceHost as hostname | search hostname=$hostname$
iseval = 0

[forwarder_assets]
definition = index=_internal sourcetype=splunkd group=tcpin_connections (connectionType=cooked OR connectionType=cookedSSL) fwdType=* guid=* `exclude_hosts`\
| eval dest_uri = host.":".destPort | stats values(fwdType) as forwarder_type, latest(version) as version, values(arch) as arch, dc(dest_uri) as dest_count, values(os) as os, max(_time) as last_connected, sum(kb) as new_sum_kb, sparkline(avg(tcp_KBps), 1m) as new_avg_tcp_kbps_sparkline, avg(tcp_KBps) as new_avg_tcp_kbps, avg(tcp_eps) as new_avg_tcp_eps by guid, hostname\
| append\
    [search index=_internal sourcetype=stream:stats host=* senders{}.streamForwarderGroups{}=* \
    | rename senders{}.streamForwarderId as streamfwdId \
    | rename senders{}.id as guid \
    | eventstats sum(senders{}.streams{}.delta_events) as events by streamfwdId \
    | eventstats range(_time) as timeRange \
    | eval arch = systemType \
    | eval os = osName \
    | eval phoneHome=time()-_time \
    | eval eventsPerSecond=round(events/(timeRange),2) \
    | rename sniffer.captures{}.bitsPerSecond as bps \
    | eventstats sum(bps) as bitsPerSecond by _time \
    | eventstats sum(bps) as sumBitsPerSecond by streamfwdId \
    | eventstats count as numStreamStats by streamfwdId \
    | eval avgKBsPerSecond=round(sumBitsPerSecond/numStreamStats/8000,2) \
    | eval sum_kb=round(sumBitsPerSecond/8000,2) \
    | rename senders{}.lastErrorCode as senderErrorCode sniffer.lastErrorCode as snifferErrorCode senders{}.running as sendersRunning sniffer.running as snifferRunning netflow.running as netflowRunning \
    | eval latestTime=if(isnum(rt),rt,now()) \
    | eval errorStatus=if((senderErrorCode==0) AND (snifferErrorCode==0),0,1) \
    | eval warningStatus=if((sendersRunning=="true") AND (snifferRunning=="true"),0,1) \
    | eval inactiveStatus=if(_time > relative_time(latestTime,"-10M"),0,1) \
    | eval idleStatus=if(_time > relative_time(latestTime,"-2M"),0,1) \
    | eval forwarder_type="stream" \
    | eval phoneHome=time()-phoneHome \
    | eval status=case(inactiveStatus==1, "inactive", errorStatus==1, "error", warningStatus==1, "warning", idleStatus==1, "idle", errorStatus==0 AND warningStatus==0, "active") \
    | chart latest(host) as "hostname" latest(guid) as "guid" latest(forwarder_type) as "forwarder_type" latest(versionNumber) as "version" latest(arch) as "arch" latest(os) as "os" latest(phoneHome) as "last_connected" dc(splunk_server) as dest_count  latest(status) as "status" latest(sum_kb) as "new_sum_kb" sparkline(avg(bitsPerSecond/8000),1m) as “new_avg_tcp_kbps_sparkline” latest(avgKBsPerSecond) as "new_avg_tcp_kbps" latest(eventsPerSecond) as "new_avg_tcp_eps" by host \
    | fields - host]\
| eval hostname = upper(hostname)
iseval = 0

[deployment_server_assets(1)]
args = deployment_server
definition = | rest /services/deployment/server/clients splunk_server=$deployment_server$ | rename splunk_server as deployment_server | fields averagePhoneHomeInterval build clientName hostname lastPhoneHomeTime updated utsname deployment_server | eval sourceHost = if( isnull(sourceDomain), hostname, sourceHost ) | eval sourceHost = upper(sourceHost) | rex field=utsname "(?<os>[^\-]+)\-(?<arch>.+)" | eval os = case( os = "linux", "Linux", os = "windows", "Windows" ) | fields - utsname hostname | rename sourceHost as hostname | table hostname os arch version build clientName averagePhoneHomeInterval lastPhoneHomeTime deployment_server
iseval = 0

[deployment_server_applications(1)]
args = deployment_server
definition = rest /services/deployment/server/applications splunk_server=$deployment_server$
iseval = 0

[deployment_server_serverclasses(1)]
args = deployment_server
definition = rest /services/deployment/server/serverclasses splunk_server=$deployment_server$
iseval = 0

[exclude_hosts]
definition = (hostname!="example-host1" hostname!="example-host2")
iseval = 0