AlertsInInternalServer
A dataset object in the example InternalServer data model.
Select
This is an example of a dataset view. These views are generated from dataset objects inside a data model. The component will use the Splunk APIs to process the following query components; the component processes other parts of the query client-side in memory.
All columns support server-side processing for the following operators and functions:
- Operators: =, <, >, >=, <=, IN, IS NULL, IS NOT NULL, NOT
- Functions: AVG, SUM, MIN, MAX, COUNT, STDEV, STDEVP, VAR, VARP
LIMIT, ORDER BY, GROUP BY, and HAVING are also processed server-side. An exception is the case when in the selected columns, there are fields that are not in the GROUP BY, and GROUP BY, criteria, and limiting are handled client-side.
In the case when an unsupported criteria or function is used, all processing will be completed client-side (except selecting specified fields). This is also the case when a SELECT statement has a column that is not in the GroupBy clause.
For example, the component uses the Splunk APIs to process the following queries.
SELECT Component, Timeendpos as Timeend FROM [AlertsInInternalServer] WHERE Component = 'Saved' OR EventType != '' AND Priority IS NOT NULL AND Linecount NOT IN ('1', '2') ORDER BY Priority DESC LIMIT 5
SELECT AVG(Suppressed), Priority FROM [AlertsInInternalServer] GROUP BY Priority HAVING AVG(Suppressed) > 0
Columns
| Name | Type | Description |
| _time | Datetime | |
| component | String | |
| date_hour | Int | |
| date_mday | Int | |
| date_minute | Int | |
| date_month | String | |
| date_second | Int | |
| date_wday | String | |
| date_year | Int | |
| date_zone | Int | |
| digest_mode | Int | |
| dispatch_time | Int | |
| host | String | |
| linecount | Int | |
| log_level | String | |
| priority | String | |
| punct | String | |
| savedsearch_id | String | |
| scheduled_time | Int | |
| search_type | String | |
| server_alert_actions | String | |
| server_app | String | |
| server_message | String | |
| server_result_count | Int | |
| server_run_time | Double | |
| server_savedsearch_name | String | |
| server_sid | String | |
| server_status | String | |
| server_user | String | |
| source | String | |
| sourcetype | String | |
| splunk_server | String | |
| suppressed | Int | |
| thread_id | String | |
| timeendpos | Int | |
| timestartpos | Int | |
| window_time | Int |