It is assumed that the instances shown as part of tags are integrated with RDA. CloudFabrix recommends to limiting the number of rows displayed at the RDA command line.
The following are some of the examples that can be executed for testing purposes. Please note depending on the type of the integration, the tag name could differ or the tag may not exists in your environment (For example, when there is no integration with AWS, then AWS tags shown and respective examples will not work)
AWS Assets
> tag *aws-prod:us-east-1:ec2:instances > data --> /tmp/output/aws-east-instances.csv> tag *aws-prod:us-east-1:ec2:my-images > data --> /tmp/output/aws-east-images.csv> tag *aws-prod:us-east-1:ec2:volumes > data --> /tmp/output/aws-east-volumes.csv> tag *aws-prod:us-east-1:ec2:vpcs > data --> /tmp/output/aws-east-vpcs.csv> tag *aws-prod:us-east-1:ec2:addresses > data --> /tmp/output/aws-east-addresses.csv> tag *aws-prod:us-east-1:s3:buckets> data --> /tmp/output/aws-east-buckets.csv> tag @aws-prod:us-east-1:ce:daily-costs > data date is during this month --> /tmp/output/aws-east-costs.csv
Microsoft Azure Assets
> limit 10 #This limits number of rows to 10> tag *azure:instances > data --> /tmp/output/azure-instances.csv> tag *azure:my-images > data --> /tmp/output/azure-images.csv> tag *azure:volumes > data --> /tmp/output/azure-volumes.csv> tag *azure:networks > data --> /tmp/output/azure-networks.csv> tag *azure:networkips > data --> /tmp/output/azure-networkips.csv> tag *azure:networklbs> data --> /tmp/output/azure-networklbs.csv> tag *azure:storagecontainers> data --> /tmp/output/azure-storagecontainers.csv
Microsoft Azure Insights
# Azure Insights - metrics, alarms, log analytics> limit 10> tag *azurein:logs:workspaces > data --> /tmp/output/azurein-workspaces.csv> tag @azurein:logs:analytics > data WorkspaceID is ' /tmp/output/azurein-analytics.csv> tag *azurein:metrics-list > data --> /tmp/output/azurein-metrics-list.csv> tag @azurein:metric-data > data objID is '/subscriptions//resourceGroups/macaw_resource_grp/providers/Microsoft.Compute/virtualMachines/sp-lb-vm' and metricnames is 'Percentage CPU' and timestamp is after -30 days --> /tmp/output/azurein-metric-data.csv> tag *azurein:metric-alarms > data --> /tmp/output/azurein-metric-alarms.csv
Cluster Prediction
> limit 100> tag #es:winevents> data `@timestamp` is after -30 days GET message as 'description' \ --> @cfxusml:logprediction \ --> /tmp/win_event_predicted_clusters.csv
Cluster Pipeline
> limit 2000> tag #es:winevents> data * get message as 'description' \ --> @cfxusml:logclustering \ --> /tmp/win_event_clusters.csv
Data Generation Examples
> limit 100# Log Template> tag @datagen:fortinet_logs> data timestamp is after -15 mins and LOCAL_SRC_IP is '' and rate is '5/min' \ --> /tmp/fortinet_logs.csv# Ensure you enter valid IP address in the above data statement # CPU Timeseries data (smoothing with high std)> tag @datagen:cpu> data timestamp is after -15 mins and rate is '60/min'# Memory Timeseries data (smoothing with low std)> tag @datagen:memory> data timestamp is after -15 mins and rate is '60/min'# Network IO Timeseries data (no smothing high std)> tag @datagen:network_io> data timestamp is after -15 mins and rate is '60/min'
Email
> limit 10> tag *slack:users> data --> @email:sendmail \ subject = "Slack Users List" and \ message = "Slack Users are attched" and \ recipient = 'cfxdx.emails@gmail.com' # the above recipient is example email address, change to suitable
JIRA
> limit 50> tag #cfxqa:issues> data project='SaaS' and created after 'Jan 1 2020' and (resolution is not 'Fixed' or resolution is null)
Regression Pipeline
> tag @cfxobs:metric-range> data metric is '100 - (avg by (instance) (irate(windows_cpu_time_total{mode="idle"}[1m])) * 100)' \ and timestamp is after -30 days and step is '60m' \ --> *cfxql:filter instance is ':9443' \ --> @cfxml:1hour --> /tmp/output/regression.csv# Replace with correct IP address
SLACK
# Slack Userlist and Fileupload> limit 10> tag *slack:users> data --> /tmp/output/slack-users.csv> tag *aws-prod:us-east-1:ec2:instances> data --> @slack:fileupload:test_cfxdx_slack channel is 'test_cfxdx_slack' and \ message is 'AWS Instances Report' and format is 'xlsx' and \ title is 'AWS Daily Instances Report.xlsx'
