admingit
/
Splunk_deploy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bf0075621d'
${ noResults }
Splunk_deploy/deployment-apps/licensequotausage/default/savedsearches.conf

250 lines
12 KiB
Raw Blame History

[Daily License Quota Usage By Range - Last 30 Days]
dispatch.latest_time = now
display.visualizations.show = 0
display.general.type = statistics
dispatchAs = user
display.visualizations.charting.chart = radialGauge
display.visualizations.custom.type = location_tracker_app.location_tracker
display.general.timeRangePicker.show = 0
request.ui_dispatch_app = licensequotausage
display.page.search.mode = fast
request.ui_dispatch_view = search
display.page.search.tab = statistics
search = index=_internal source=*license_usage.log type=Usage pool=* earliest=-29d@d latest=now | rename _time as Date | eval Date=strftime(Date, "%m-%d-%y") | stats sum(b) as ub by Date | eval ub=round(ub/1024/1024/1024) | rangemap field=ub low=0-1001 elevated=1001-2000 severe=2001-3000 default="Over License Quota" | fields Date range ub | rename range as Range ub as "Daily License Quota Used - GB's" | sort -Date
[Daily License Quota Usage By Range - Last 7 Days]
dispatch.latest_time = now
display.visualizations.show = 0
display.general.type = statistics
dispatchAs = user
display.general.timeRangePicker.show = 0
alert.track = 0
display.visualizations.charting.chart = radialGauge
display.visualizations.custom.type = location_tracker_app.location_tracker
dispatch.earliest_time = -24h@h
request.ui_dispatch_app = licensequotausage
display.page.search.mode = fast
request.ui_dispatch_view = search
display.page.search.tab = statistics
search = index=_internal source=*license_usage.log type=Usage pool=* earliest=-6d@d latest=now | rename _time as Date | eval Date=strftime(Date, "%m-%d-%y") | stats sum(b) as ub by Date | eval ub=round(ub/1024/1024/1024) | rangemap field=ub low=0-1001 elevated=1001-2000 severe=2001-3000 default="Over License Quota" | fields Date range ub | rename range as Range ub as "Daily License Quota Used - GB's" | sort -Date
[High Daily License Quota Usage - Over 1 TB]
dispatch.latest_time = now
display.visualizations.show = 0
display.general.type = statistics
dispatchAs = user
display.general.timeRangePicker.show = 0
display.visualizations.charting.chart = radialGauge
display.visualizations.custom.type = location_tracker_app.location_tracker
dispatch.earliest_time = @d
request.ui_dispatch_app = licensequotausage
display.page.search.mode = fast
request.ui_dispatch_view = search
display.page.search.tab = statistics
search = index=_internal source=*license_usage.log type=Usage pool=* earliest=@d latest=now() | stats sum(b) as bu | eval tbu=round(bu/1024/1024/1024/1024,3) | rename bu as "Bytes Used" tbu as "TB's Used" | search "TB's Used">1
[High Daily License Quota Usage - Over 100 GB's]
dispatch.latest_time = now
display.visualizations.show = 0
display.general.type = statistics
dispatchAs = user
display.general.timeRangePicker.show = 0
action.email.useNSSubject = 1
alert.track = 0
display.visualizations.charting.chart = radialGauge
display.visualizations.custom.type = location_tracker_app.location_tracker
dispatch.earliest_time = @d
request.ui_dispatch_app = licensequotausage
display.page.search.mode = fast
request.ui_dispatch_view = search
display.page.search.tab = statistics
search = index=_internal source=*license_usage.log type=Usage pool=* earliest=@d latest=now() | stats sum(b) as bu | eval gbu=round(bu/1024/1024/1024,3) | rename bu as "Bytes Used" gbu as "GB's Used" | search "GB's Used">100
[High Daily License Quota Usage - Over 250 GB's]
dispatch.latest_time = now
display.visualizations.show = 0
display.general.type = statistics
dispatchAs = user
display.general.timeRangePicker.show = 0
action.email.useNSSubject = 1
alert.track = 0
display.visualizations.charting.chart = radialGauge
display.visualizations.custom.type = location_tracker_app.location_tracker
dispatch.earliest_time = @d
request.ui_dispatch_app = licensequotausage
display.page.search.mode = fast
request.ui_dispatch_view = search
display.page.search.tab = statistics
search = index=_internal source=*license_usage.log type=Usage pool=* earliest=@d latest=now() | stats sum(b) as bu | eval gbu=round(bu/1024/1024/1024,3) | rename bu as "Bytes Used" gbu as "GB's Used" | search "GB's Used">250
[High Daily License Quota Usage - Over 500 GB's]
dispatch.latest_time = now
display.visualizations.show = 0
display.general.type = statistics
dispatchAs = user
display.general.timeRangePicker.show = 0
action.email.useNSSubject = 1
alert.track = 0
display.visualizations.charting.chart = radialGauge
display.visualizations.custom.type = location_tracker_app.location_tracker
dispatch.earliest_time = @d
request.ui_dispatch_app = licensequotausage
display.page.search.mode = fast
request.ui_dispatch_view = search
display.page.search.tab = statistics
search = index=_internal source=*license_usage.log type=Usage pool=* earliest=@d latest=now() | stats sum(b) as bu | eval gbu=round(bu/1024/1024/1024,3) | rename bu as "Bytes Used" gbu as "GB's Used" | search "GB's Used">500
[High Daily License Quota Usage - Over 750 GB's]
dispatch.latest_time = now
display.visualizations.show = 0
display.general.type = statistics
dispatchAs = user
display.general.timeRangePicker.show = 0
action.email.useNSSubject = 1
alert.track = 0
display.visualizations.charting.chart = radialGauge
display.visualizations.custom.type = location_tracker_app.location_tracker
dispatch.earliest_time = @d
request.ui_dispatch_app = licensequotausage
display.page.search.mode = fast
request.ui_dispatch_view = search
display.page.search.tab = statistics
search = index=_internal source=*license_usage.log type=Usage pool=* earliest=@d latest=now() | stats sum(b) as bu | eval gbu=round(bu/1024/1024/1024,3) | rename bu as "Bytes Used" gbu as "GB's Used" | search "GB's Used">750
[Today's Client Usage]
dispatch.latest_time = now
dispatch.earliest_time = @d
search = index=_internal source=*license_usage.log type=Usage pool=* | stats sum(b) as b by h | eval "Bytes"=round(b) | addcoltotals Bytes labelfield=h label="TOTAL BYTES:" | rename h as Client | fields Client "Bytes" | sort 0 - Bytes | eval Bytes=tostring(Bytes,"commas")
dispatchAs = user
display.general.timeRangePicker.show = 0
display.visualizations.show = 0
action.email.useNSSubject = 1
alert.track = 0
display.visualizations.charting.chart = bar
request.ui_dispatch_view = search
display.visualizations.custom.type = timeline_app.timeline
request.ui_dispatch_app = licensequotausage
display.page.search.mode = fast
auto_summarize.dispatch.earliest_time = -1d@h
display.page.search.tab = statistics
display.general.type = statistics
[Today's Client Usage By Pool]
dispatch.latest_time = now
dispatch.earliest_time = @d
search = index=_internal source=*license_usage.log type=Usage pool=* | stats sum(b) as b by pool h | eval "Bytes"=round(b) | addcoltotals Bytes labelfield=h label="TOTAL BYTES:" | rename h as Client pool as Pool | fields Pool Client "Bytes" | sort 0 - Bytes Pool | eval Bytes=tostring(Bytes,"commas")
dispatchAs = user
display.general.timeRangePicker.show = 0
display.visualizations.show = 0
action.email.useNSSubject = 1
alert.track = 0
display.visualizations.charting.chart = bar
request.ui_dispatch_view = search
display.visualizations.custom.type = timeline_app.timeline
request.ui_dispatch_app = licensequotausage
display.page.search.mode = fast
auto_summarize.dispatch.earliest_time = -1d@h
display.page.search.tab = statistics
display.general.type = statistics
[Today's Index Usage]
dispatch.latest_time = now
display.visualizations.show = 0
display.general.type = statistics
dispatchAs = user
display.general.timeRangePicker.show = 0
alert.track = 0
display.visualizations.charting.chart = bar
display.visualizations.custom.type = timeline_app.timeline
dispatch.earliest_time = @d
request.ui_dispatch_app = licensequotausage
display.page.search.mode = fast
request.ui_dispatch_view = search
display.page.search.tab = statistics
search = index=_internal source=*license_usage.log type=Usage pool=* | stats sum(b) as b by idx | eval "Bytes"=round(b) | addcoltotals Bytes labelfield=idx label="TOTAL BYTES:" | rename idx as Index | fields Index "Bytes" | sort 0 - Bytes | eval Bytes=tostring(Bytes,"commas")
[Today's Index Usage By Pool]
dispatch.latest_time = now
display.visualizations.show = 0
display.general.type = statistics
dispatchAs = user
display.general.timeRangePicker.show = 0
action.email.useNSSubject = 1
alert.track = 0
display.visualizations.charting.chart = bar
display.visualizations.custom.type = timeline_app.timeline
dispatch.earliest_time = @d
request.ui_dispatch_app = licensequotausage
display.page.search.mode = fast
request.ui_dispatch_view = search
display.page.search.tab = statistics
search = index=_internal source=*license_usage.log type=Usage pool=* | stats sum(b) as b by pool idx | eval "Bytes"=round(b) | addcoltotals Bytes labelfield=idx label="TOTAL BYTES:" | rename idx as Index pool as Pool | fields Pool Index "Bytes" | sort 0 - Bytes Pool | eval Bytes=tostring(Bytes,"commas")
[Today's SourceType Usage]
dispatch.latest_time = now
display.visualizations.show = 0
display.general.type = statistics
dispatchAs = user
display.general.timeRangePicker.show = 0
alert.track = 0
display.visualizations.charting.chart = bar
display.visualizations.custom.type = timeline_app.timeline
dispatch.earliest_time = @d
request.ui_dispatch_app = licensequotausage
display.page.search.mode = fast
request.ui_dispatch_view = search
display.page.search.tab = statistics
search = index=_internal source=*license_usage.log type=Usage pool=* | stats sum(b) as b by st idx | eval "Bytes"=round(b) | addcoltotals Bytes labelfield=st label="TOTAL BYTES:" | rename st as SourceType idx as Index | fields SourceType Index "Bytes" | sort 0 - Bytes | eval Bytes=tostring(Bytes,"commas")
[Today's SourceType Usage By Pool]
dispatch.latest_time = now
display.visualizations.show = 0
display.general.type = statistics
dispatchAs = user
display.general.timeRangePicker.show = 0
action.email.useNSSubject = 1
alert.track = 0
display.visualizations.charting.chart = bar
display.visualizations.custom.type = timeline_app.timeline
dispatch.earliest_time = @d
request.ui_dispatch_app = licensequotausage
display.page.search.mode = fast
request.ui_dispatch_view = search
display.page.search.tab = statistics
search = index=_internal source=*license_usage.log type=Usage pool=* | stats sum(b) as b by pool st idx | eval "Bytes"=round(b) | addcoltotals Bytes labelfield=st label="TOTAL BYTES:" | rename pool as Pool st as SourceType idx as Index | fields Pool SourceType Index "Bytes" | sort 0 - Bytes Pool | eval Bytes=tostring(Bytes,"commas")
[Today's Usage By Index, SourceType & Client]
dispatch.latest_time = now
display.visualizations.show = 0
display.general.type = statistics
dispatchAs = user
display.general.timeRangePicker.show = 0
action.email.useNSSubject = 1
alert.track = 0
display.visualizations.charting.chart = bar
display.visualizations.custom.type = timeline_app.timeline
dispatch.earliest_time = @d
request.ui_dispatch_app = licensequotausage
display.page.search.mode = fast
request.ui_dispatch_view = search
display.page.search.tab = statistics
search = index=_internal source=*license_usage.log type=Usage pool=* | stats sum(b) as b by idx st h | eval "Bytes"=round(b) | addcoltotals Bytes labelfield=idx label="TOTAL BYTES:" | rename idx as Index st as SourceType h as Client | fields Index SourceType Client "Bytes" | sort 0 - Bytes | eval Bytes=tostring(Bytes,"commas")
[Today's Usage By Index, SourceType & Client By Pool]
dispatch.latest_time = now
display.visualizations.show = 0
display.general.type = statistics
dispatchAs = user
display.general.timeRangePicker.show = 0
action.email.useNSSubject = 1
alert.track = 0
display.visualizations.charting.chart = bar
display.visualizations.custom.type = timeline_app.timeline
dispatch.earliest_time = @d
request.ui_dispatch_app = licensequotausage
display.page.search.mode = fast
request.ui_dispatch_view = search
display.page.search.tab = statistics
search = index=_internal source=*license_usage.log type=Usage pool=* | stats sum(b) as b by pool idx st h | eval "Bytes"=round(b) | addcoltotals Bytes labelfield=idx label="TOTAL BYTES:" | rename idx as Index st as SourceType h as Client pool as Pool | fields Pool Index SourceType Client "Bytes" | sort 0 - Bytes Pool | eval Bytes=tostring(Bytes,"commas")
Reference in new issue View Git Blame Copy Permalink