Reporting

Reply

List of index, sourcetype & fields

[ Edited ]
NJeanselme
Adviser
Posts: 82

‎01-31-2017 03:12 AM - edited ‎01-31-2017 06:37 AM

8963     13

When you want to build custom searches, a question that is quickly raised is: what are the indexes, sourcetype & fields I can use.

Here is how to generate the map of your reporting data for NIOS 7.3 and newer. For your convenience, results from our test NIOS 8.0 environment are attached in csv format.

 

1) Indexes & sourcetypes:

| eventcount summarize=false index=* | dedup index | fields index 

 | map maxsearches=100 search="|metadata type=sourcetypes index=\"$index$\" | eval index=\"$index$\""

 | fields index sourcetype

indexes-sourcetypes

 

2) indexes, sourcetypes & fields:

| tstats count WHERE index=* GROUPBY index, sourcetype

 | fields - count

 | rename index AS indexname, sourcetype AS sourcetypename

 | map maxsearches=30 search="| search index=\"$indexname$\" sourcetype=\"$sourcetypename$\" | head 1000 | fieldsummary | eval index=\"$indexname$\", sourcetype=\"$sourcetypename$\" | fields index, sourcetype, field"

 

indexes-sourcetypes-fields

 

3) all values for a given field

Let us look for all the ACTION field values. If we filter on field "ACTION" it the previous file:

 

ACTION field

 

It exists in multiple indexes, so you should review to the index you are looking for:

index=ib_audit | stats values(ACTION)

 

ACTION values

Check out our new Tech docs website at http://docs.infobox.com for latest documentation on Infoblox products.
Reply

Re: List of index, sourcetype & fields
jslocum2017
Member
Posts: 2

‎02-10-2017 09:00 AM

8964     13

Thank you! This is great information. What about the size of the Grid Replication Queue? This does not appear in your list anywhere, at least I could not find it. We really need to be able to report on this, as we've been having problems with grid replication getting overloaded by DDNS updates and we need to be able to keep tabs on it. It is possible to monitor this today with SNMP (Infoblox Platform One MIB / ibClusterReplicationStatusTable/ibNodeQueueFromMaster & ibNodeQueueToMaster or .1.3.6.1.4.1.7779.3.1.1.2.1.2.1.5)

 

How can we go about getting this added to the reporter indexes?

 

Thanks for all your help!

Reply
0 Kudos
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Latest Annoucements

Infoblox Experts Community

You have reached the maximum number of topics allowed as a visitor. Please Login or Join the community to continue to read.

Join for free

TOPICS REMAINING

Register for unlimited browsing. Registration is FREE.

Join Community