All Apps and Add-ons

How to check the Percent of the DM Acceleration Completed besides using UI?

rbal_splunk
Splunk Employee
Splunk Employee

I am looking for option's besides using Splunk User Interface.

0 Karma
1 Solution

rbal_splunk
Splunk Employee
Splunk Employee

Here are some of the rest call that can be used.

 |rest /services/admin/summarization by_tstats=t splunk_server=local count=0 | eval datamodel=replace('summary.id',"DM_".'eai:acl.app'."_","") | join type=left datamodel [| rest /services/data/models splunk_server=local count=0 | table title acceleration.cron_schedule eai:digest | rename title as datamodel | rename acceleration.cron_schedule AS cron] | table datamodel eai:acl.app summary.access_time summary.is_inprogress summary.size summary.latest_time summary.complete summary.buckets_size summary.buckets cron summary.last_error summary.time_range summary.id summary.mod_time eai:digest summary.earliest_time summary.last_sid summary.access_count | rename summary.id AS summary_id, summary.time_range AS retention, summary.earliest_time as earliest, summary.latest_time as latest, eai:digest as digest | rename summary.* AS *, eai:acl.* AS * | sort datamodel


 | rest /services/admin/summarization by_tstats=t splunk_server=local count=0 | table eai:acl.app summary.id summary.is_inprogress, summary.complete |rename eai:acl.app AS app summary.id AS name summary.complete AS completion summary.is_inprogress AS inprogress| eval datamodel=substr(name, 4+len(app)+1) | fields datamodel inprogress completion

you should see a 1 for completion if the DM is 100% complete, but this number will fluctuate since they are continuously backfilling every 5 min

If you are on Splunk Enterprise Security (ES), you could use

|`cim_datamodelinfo` |fields datamodel complete"

Where cim_datamodelinfo is macro in ES

View solution in original post

rbal_splunk
Splunk Employee
Splunk Employee

Here are some of the rest call that can be used.

 |rest /services/admin/summarization by_tstats=t splunk_server=local count=0 | eval datamodel=replace('summary.id',"DM_".'eai:acl.app'."_","") | join type=left datamodel [| rest /services/data/models splunk_server=local count=0 | table title acceleration.cron_schedule eai:digest | rename title as datamodel | rename acceleration.cron_schedule AS cron] | table datamodel eai:acl.app summary.access_time summary.is_inprogress summary.size summary.latest_time summary.complete summary.buckets_size summary.buckets cron summary.last_error summary.time_range summary.id summary.mod_time eai:digest summary.earliest_time summary.last_sid summary.access_count | rename summary.id AS summary_id, summary.time_range AS retention, summary.earliest_time as earliest, summary.latest_time as latest, eai:digest as digest | rename summary.* AS *, eai:acl.* AS * | sort datamodel


 | rest /services/admin/summarization by_tstats=t splunk_server=local count=0 | table eai:acl.app summary.id summary.is_inprogress, summary.complete |rename eai:acl.app AS app summary.id AS name summary.complete AS completion summary.is_inprogress AS inprogress| eval datamodel=substr(name, 4+len(app)+1) | fields datamodel inprogress completion

you should see a 1 for completion if the DM is 100% complete, but this number will fluctuate since they are continuously backfilling every 5 min

If you are on Splunk Enterprise Security (ES), you could use

|`cim_datamodelinfo` |fields datamodel complete"

Where cim_datamodelinfo is macro in ES

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...