All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to check the Percent of the DM Acceleration Completed besides using UI?

rbal_splunk
Splunk Employee
Splunk Employee
‎07-13-2017 12:11 PM

I am looking for option's besides using Splunk User Interface.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rbal_splunk
Splunk Employee
Splunk Employee
‎07-13-2017 12:13 PM

Here are some of the rest call that can be used.

 |rest /services/admin/summarization by_tstats=t splunk_server=local count=0 | eval datamodel=replace('summary.id',"DM_".'eai:acl.app'."_","") | join type=left datamodel [| rest /services/data/models splunk_server=local count=0 | table title acceleration.cron_schedule eai:digest | rename title as datamodel | rename acceleration.cron_schedule AS cron] | table datamodel eai:acl.app summary.access_time summary.is_inprogress summary.size summary.latest_time summary.complete summary.buckets_size summary.buckets cron summary.last_error summary.time_range summary.id summary.mod_time eai:digest summary.earliest_time summary.last_sid summary.access_count | rename summary.id AS summary_id, summary.time_range AS retention, summary.earliest_time as earliest, summary.latest_time as latest, eai:digest as digest | rename summary.* AS *, eai:acl.* AS * | sort datamodel


 | rest /services/admin/summarization by_tstats=t splunk_server=local count=0 | table eai:acl.app summary.id summary.is_inprogress, summary.complete |rename eai:acl.app AS app summary.id AS name summary.complete AS completion summary.is_inprogress AS inprogress| eval datamodel=substr(name, 4+len(app)+1) | fields datamodel inprogress completion

you should see a 1 for completion if the DM is 100% complete, but this number will fluctuate since they are continuously backfilling every 5 min

If you are on Splunk Enterprise Security (ES), you could use 

|`cim_datamodelinfo` |fields datamodel complete"

Where cim_datamodelinfo is macro in ES

View solution in original post

Reply
Solved! Jump to solution
Solution

rbal_splunk
Splunk Employee
Splunk Employee
‎07-13-2017 12:13 PM

Here are some of the rest call that can be used.

 |rest /services/admin/summarization by_tstats=t splunk_server=local count=0 | eval datamodel=replace('summary.id',"DM_".'eai:acl.app'."_","") | join type=left datamodel [| rest /services/data/models splunk_server=local count=0 | table title acceleration.cron_schedule eai:digest | rename title as datamodel | rename acceleration.cron_schedule AS cron] | table datamodel eai:acl.app summary.access_time summary.is_inprogress summary.size summary.latest_time summary.complete summary.buckets_size summary.buckets cron summary.last_error summary.time_range summary.id summary.mod_time eai:digest summary.earliest_time summary.last_sid summary.access_count | rename summary.id AS summary_id, summary.time_range AS retention, summary.earliest_time as earliest, summary.latest_time as latest, eai:digest as digest | rename summary.* AS *, eai:acl.* AS * | sort datamodel


 | rest /services/admin/summarization by_tstats=t splunk_server=local count=0 | table eai:acl.app summary.id summary.is_inprogress, summary.complete |rename eai:acl.app AS app summary.id AS name summary.complete AS completion summary.is_inprogress AS inprogress| eval datamodel=substr(name, 4+len(app)+1) | fields datamodel inprogress completion

you should see a 1 for completion if the DM is 100% complete, but this number will fluctuate since they are continuously backfilling every 5 min

If you are on Splunk Enterprise Security (ES), you could use 

|`cim_datamodelinfo` |fields datamodel complete"

Where cim_datamodelinfo is macro in ES

Reply
Get Updates on the Splunk Community!

Holistic Visibility and Effective Alerting Across IT and OT Assets

Instead of effective and unified solutions, they’re left with tool fatigue, disjointed alerts and siloed ...

SOC Modernization: How Automation and Splunk SOAR are Shaping the Next-Gen Security ...

Security automation is no longer a luxury but a necessity. Join us to learn how Splunk ES and SOAR empower ...

Ask It, Fix It: Faster Investigations with AI Assistant in Observability Cloud

  Join us in this Tech Talk and learn about the recently launched AI Assistant in Observability Cloud. With ...
Top