All Apps and Add-ons

How to check the Percent of the DM Acceleration Completed besides using UI?

rbal_splunk
Splunk Employee
Splunk Employee

I am looking for option's besides using Splunk User Interface.

0 Karma
1 Solution

rbal_splunk
Splunk Employee
Splunk Employee

Here are some of the rest call that can be used.

 |rest /services/admin/summarization by_tstats=t splunk_server=local count=0 | eval datamodel=replace('summary.id',"DM_".'eai:acl.app'."_","") | join type=left datamodel [| rest /services/data/models splunk_server=local count=0 | table title acceleration.cron_schedule eai:digest | rename title as datamodel | rename acceleration.cron_schedule AS cron] | table datamodel eai:acl.app summary.access_time summary.is_inprogress summary.size summary.latest_time summary.complete summary.buckets_size summary.buckets cron summary.last_error summary.time_range summary.id summary.mod_time eai:digest summary.earliest_time summary.last_sid summary.access_count | rename summary.id AS summary_id, summary.time_range AS retention, summary.earliest_time as earliest, summary.latest_time as latest, eai:digest as digest | rename summary.* AS *, eai:acl.* AS * | sort datamodel


 | rest /services/admin/summarization by_tstats=t splunk_server=local count=0 | table eai:acl.app summary.id summary.is_inprogress, summary.complete |rename eai:acl.app AS app summary.id AS name summary.complete AS completion summary.is_inprogress AS inprogress| eval datamodel=substr(name, 4+len(app)+1) | fields datamodel inprogress completion

you should see a 1 for completion if the DM is 100% complete, but this number will fluctuate since they are continuously backfilling every 5 min

If you are on Splunk Enterprise Security (ES), you could use

|`cim_datamodelinfo` |fields datamodel complete"

Where cim_datamodelinfo is macro in ES

View solution in original post

rbal_splunk
Splunk Employee
Splunk Employee

Here are some of the rest call that can be used.

 |rest /services/admin/summarization by_tstats=t splunk_server=local count=0 | eval datamodel=replace('summary.id',"DM_".'eai:acl.app'."_","") | join type=left datamodel [| rest /services/data/models splunk_server=local count=0 | table title acceleration.cron_schedule eai:digest | rename title as datamodel | rename acceleration.cron_schedule AS cron] | table datamodel eai:acl.app summary.access_time summary.is_inprogress summary.size summary.latest_time summary.complete summary.buckets_size summary.buckets cron summary.last_error summary.time_range summary.id summary.mod_time eai:digest summary.earliest_time summary.last_sid summary.access_count | rename summary.id AS summary_id, summary.time_range AS retention, summary.earliest_time as earliest, summary.latest_time as latest, eai:digest as digest | rename summary.* AS *, eai:acl.* AS * | sort datamodel


 | rest /services/admin/summarization by_tstats=t splunk_server=local count=0 | table eai:acl.app summary.id summary.is_inprogress, summary.complete |rename eai:acl.app AS app summary.id AS name summary.complete AS completion summary.is_inprogress AS inprogress| eval datamodel=substr(name, 4+len(app)+1) | fields datamodel inprogress completion

you should see a 1 for completion if the DM is 100% complete, but this number will fluctuate since they are continuously backfilling every 5 min

If you are on Splunk Enterprise Security (ES), you could use

|`cim_datamodelinfo` |fields datamodel complete"

Where cim_datamodelinfo is macro in ES

Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...