Splunk searches relating to ITSI

clear
Splunk Search for List of all ITSI KPI Thresholds by Service Copy
| rest report_as=text splunk_server=local /servicesNS/nobody/SA-ITOA/itoa_interface/service | spath input=value output=services path={} | fields services | mvexpand services | spath input=services output=title path=title | spath input=services output=key path=_key | spath input=services output=kpis path=kpis{} | fields key title kpis | mvexpand kpis | spath input=kpis output=type path=type | search type!=service_health | spath input=kpis output=aggregate_thresholds path=aggregate_thresholds | mvexpand aggregate_thresholds | spath input=kpis output=kpi_title path=title | spath input=kpis output=kpi_key path=_key | spath input=kpis output=kpi_unit path=unit | fields key title kpi_key kpi_title kpi_unit *thresholds | spath input=aggregate_thresholds output=aggregate_baseSeverityValue path=baseSeverityValue | spath input=entity_thresholds output=entity_baseSeverityValue path=baseSeverityValue | spath input=aggregate_thresholds output=aggregate_thresholds path=thresholdLevels{} | mvexpand aggregate_thresholds | spath input=aggregate_thresholds output=aggregate_thresholdValue path=thresholdValue | spath input=aggregate_thresholds output=aggregate_severityLabel path=severityLabel | fields title kpi_title kpi_unit aggregate* | fields - aggregate_thresholds entity_thresholds | eval aggregate_severityLabel=if(isNull(aggregate_severityLabel),"Informational",aggregate_severityLabel), aggregate_thresholdValue=aggregate_thresholdValue." ".kpi_unit | dedup title kpi_title aggregate_thresholdValue | stats list(aggregate_thresholdValue) as "Threshold Level", list(aggregate_severityLabel) as "Threshold Severity" by title kpi_title
1 comment
Splunk Search for ITSI Entities Associated With Each Service Copy
| inputlookup service_kpi_lookup | fields _key title | rename _key as key | lookup itsi_entities services._key as key OUTPUT _itsi_identifier_lookups as identifiers
0 comments
Splunk Search for ITSI Services Without Dependencies Copy
| inputlookup service_telemetry_lookup | fields title services_depends_on.serviceid | rename services_depends_on.serviceid as dependencies | eval dependencies=mvjoin(dependencies,",") | where isnull(dependencies)
0 comments
Splunk Search for ITSI Services Not Reporting Data Copy
| inputlookup service_kpi_lookup | fields _key title | rename _key as itsi_service_id | search [ search earliest=-7d latest=now index=itsi_summary itsi_kpi_id!=SHKPI* | stats values(alert_value) as alert_value by itsi_service_id | eval alert_value=mvjoin(alert_value,",") | search alert_value=N/A | fields itsi_service_id ]
0 comments
Splunk Search for Listing all ITSI KPIs Copy
| rest splunk_server=local /servicesNS/nobody/SA-ITOA/itoa_interface/service fields="title,_key,kpis"  | spath input=value path={} output=svcs | mvexpand svcs  | fields - value  | spath input=svcs path=kpis{} output=kpis  | spath input=svcs path=title output=service_title  | spath input=svcs path=kpis{} output=kpi | fields - svcs, kpis  | mvexpand kpi  | spath input=kpi path=search_type output=search_type  | spath input=kpi path=type output=type  | spath input=kpi path=title output=kpi_title  | spath input=kpi path=base_search output=base_search  | spath input=kpi path=base_search_id output=base_search_id  | spath input=kpi path=_key output=search_id  | search type!=service_health  | fields service_title kpi_title search_type base_search_id search_id base_search 
0 comments