Skip to content

Commit 9144d24

Browse files
jerewill-ciscojerewill-cisco
committed
reformatted the rest of the examples
1 parent 78f85c4 commit 9144d24

File tree

1 file changed

+14
-2
lines changed

1 file changed

+14
-2
lines changed

README.md

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -384,13 +384,25 @@ index=* sourcetype=cisco:intersight:licenseAccountLicenseData
384384
Here's an example where we join the computePhysicalSummaries and the networkElementSummaries into a combined table...
385385

386386
```SPL
387-
index=* sourcetype=cisco:intersight:*Summaries | dedup Moid | eval version=coalesce(Version,Firmware) | rex field=SourceObjectType "compute\.(?<ComputeType>.*)" | eval Type=coalesce(ComputeType,SwitchType)| rename AlarmSummary.Critical as Criticals | rename AlarmSummary.Warning as Warnings | eval Health=case(Criticals >= 1,"Critical", Warnings >= 1,"Warning", 1=1, "Healthy") | rename RegisteredDevice.ConnectionStatus as Status | table source, Status, Health, Type, Name, Model, Serial, version
387+
index=* sourcetype=cisco:intersight:*Summaries
388+
| dedup Moid
389+
| eval version=coalesce(Version,Firmware)
390+
| rex field=SourceObjectType "compute\.(?<ComputeType>.*)"
391+
| eval Type=coalesce(ComputeType,SwitchType)
392+
| rename AlarmSummary.Critical as Criticals, AlarmSummary.Warning as Warnings
393+
| eval Health=case(Criticals >= 1,"Critical", Warnings >= 1,"Warning", 1=1, "Healthy")
394+
| rename RegisteredDevice.ConnectionStatus as Status | table source, Status, Health, Type, Name, Model, Serial, version
388395
```
389396

390397
Here's an example where we join the Advisory instances to our other inventory types to provide a detailed view...
391398

392399
```SPL
393-
index=* sourcetype=cisco:intersight:tamAdvisoryInstances | dedup Moid | rename AffectedObjectType as type | rename Advisory.AdvisoryId as Id | rename Advisory.Severity.Level as Severity | join type=outer AffectedObjectMoid [search index=* (sourcetype="cisco:intersight:*Summaries" OR sourcetype=cisco:intersight:hyperflexClusters) | dedup Moid | rename Moid as AffectedObjectMoid | eval version=coalesce(Version,Firmware,HxVersion) | eval Model=coalesce(Model,DeploymentType+" "+DriveType)] | sort Severity | table source, Id, Severity, Name, type, Model, Serial, version`
400+
index=* sourcetype=cisco:intersight:tamAdvisoryInstances
401+
| dedup Moid
402+
| rename AffectedObjectType as type, Advisory.AdvisoryId as Id, Advisory.Severity.Level as Severity
403+
| join type=outer AffectedObjectMoid [search index=* (sourcetype="cisco:intersight:*Summaries" OR sourcetype=cisco:intersight:hyperflexClusters) | dedup Moid | rename Moid as AffectedObjectMoid | eval version=coalesce(Version,Firmware,HxVersion) | eval Model=coalesce(Model,DeploymentType+" "+DriveType)]
404+
| sort Severity
405+
| table source, Id, Severity, Name, type, Model, Serial, version
394406
```
395407

396408
Here's an example where we join the hyperflexCluster, hyperflexNodes, and hyperflexStorageContainers to get an overview of the cluster that is slightly different than the one above, but it now includes counts of the converged nodes and compute-only nodes in the cluster as well as counts of NFS and iSCSI data stores...

0 commit comments

Comments
 (0)