Extract list of ITSI Services and KPI's from REST

Esky73 · ‎05-11-2018

I'm following the doco here :

http://docs.splunk.com/Documentation/ITSI/3.0.2/RESTAPI/ITSIRESTAPIreference#ITOA_Interface

i run a search :

| rest /servicesNS/nobody/SA-ITOA/itoa_interface/kpi_base_search

and i can get a json blob of data

i'd like to create a table from this of search names, base_search, etc

Is that possible ?

mibrown_splunk · ‎07-12-2018

You could try this to get the fields you're looking for:

| rest /servicesNS/nobody/SA-ITOA/itoa_interface/kpi_base_search 
| eval value=spath(value,"{}") 
| mvexpand value 
| eval base_search = spath(value, "base_search") 
| eval title = spath(value, "title") 
| eval metric_titles=spath(value, "metrics{}.title") 
| eval threshold_fields=spath(value, "metrics{}.threshold_field") 
| eval entity_calculation=spath(value, "metrics{}.entity_statop") 
| eval service_calculation=spath(value, "metrics{}.aggregate_statop") 
| eval units=spath(value, "metrics{}.unit") 
| fields title, base_search, metric_titles, threshold_fields, entity_calculation, service_calculation, units

Alternately you could rework the above search so each row contains all elements of the metric you're interested in.

Extract list of ITSI Services and KPI's from REST

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!