Hello All,
We are in the process of cleaning up unused and Real Time Searches from the system.
I can see there are two real time searches run from Distributed Management Console only on my Deployment Manager:
http_event_collector_instance
http_event_collector_deployment
HTTP Event Collector: Instance ------- (when I load this page, It only gives me below output).
You currently have no tokens configured.
Search query used in this dashboard:
dmc_set_index_introspection` component="HttpEventCollector" data.series="$data_series$" host="$host$" $token_clause$
| bin _time span=1m
| stats sum(data.num_of_events) as events_total, sum(data.num_of_requests) as requests_total, sum(data.num_of_requests_to_disabled_token) as disabled_token_total, sum(data.num_of_requests_to_incorrect_url) as incorrect_url_total, sum(data.num_of_auth_failures) as auth_fail_total, sum(data.num_of_parser_errors) as parser_error_total, sum(data.total_bytes_indexed) as data_indexed, sum(data.total_bytes_received) as data_received by _time
| eval incorrect_url_total=if(isnotnull(incorrect_url_total), incorrect_url_total, 0)
| eval auth_fail_total=if(isnotnull(auth_fail_total), auth_fail_total, 0)
| eval data_indexed=data_indexed/pow(1024, 2)
| eval data_received=data_received/pow(1024, 2)
| eval valid_requests_total = requests_total
| eval invalid_requests_total = auth_fail_total + disabled_token_total + incorrect_url_total
I need help in clarifying below points before disabling the searches:
1. What does this search do?
2. What will be the impact if I disable this or convert it into a saved search in place of real time search?
3. How to make sure that it is not further referred in other dashboards as it only belongs to DMC (Distributed Management Console)?
... View more