admingit
/
Splunk_deploy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bf0075621d'
${ noResults }
Splunk_deploy/deployment-apps/CEIP-RESEAU/local/data/ui/views/temps_ack.xml

47 lines
2.2 KiB
Raw Blame History

<form version="1.1">
<label>Temps ack</label>
<fieldset submitButton="false">
<input type="time" token="field1">
<label></label>
<default>
<earliest>-30d@d</earliest>
<latest>now</latest>
</default>
</input>
</fieldset>
<row>
<panel>
<table>
<search>
<query>index="idx_tic_spectrum" (Creation_Date=* OR Acknowledged="true")
| transaction id keepevicted=true keeporphans=true
| search Severity!=Normal Severity!=Maintenance
| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner
| search Owner="CEIP Reseau"
| eval ack_time_str = mvindex(Date,0)
| rex field=ack_time_str " (?&lt;ack_hour&gt;[0-9]{2}):[0-9]{2}:[0-9]{2}"
| rex field=Creation_Date " (?&lt;begin_hour&gt;[0-9]{2}):[0-9]{2}:[0-9]{2}"
| where begin_hour &gt;= 8 and begin_hour &lt;17
| eval ack_time = strptime(ack_time_str,"%Y-%m-%d %H:%M:%S")
| eval begin_day=if(begin_hour&gt;=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400))
| eval begin_week_day = strftime(begin_day*86400,"%w") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day))
| where begin_week_day !=0 and begin_week_day!=6
| eval begin_week = floor((begin_day-3)/7)
| eval ack_day=if(ack_hour&gt;=17,floor((ack_time+7200)/86400)+1,floor((ack_time+7200)/86400))
| eval ack_week_day = strftime(ack_day*86400,"%w") | eval ack_day = if(ack_week_day==0,ack_day+1,if(ack_week_day==6,ack_day+2,ack_day))
| eval ack_week = floor((ack_day-3)/7)
| eval begin_date = if(begin_hour&gt;=17 OR begin_hour&lt;8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time)
| eval ack_date = if(ack_hour&gt;=17 OR ack_hour&lt;8 OR ack_week_day==0 OR ack_week_day==6,ack_day*86400+21600,ack_time)
| eval diffday = ack_day-begin_day
| eval diffweek = ack_week-begin_week
| eval ack_duration = round((ack_date-begin_date)-(diffday*54000)-(diffweek*64800))
| search ack_duration!=0
| table Severity Alarm_Title _time ack_time_str ack_duration | eval ack_duration = tostring(ack_duration,"duration")</query>
<earliest>$field1.earliest$</earliest>
<latest>$field1.latest$</latest>
</search>
<option name="drilldown">none</option>
</table>
</panel>
</row>
</form>
Reference in new issue View Git Blame Copy Permalink