​> tag *aws-prod:us-east-1:ec2:instances  > data --> /tmp/output/aws-east-instances.csv​> tag *aws-prod:us-east-1:ec2:my-images > data --> /tmp/output/aws-east-images.csv​> tag *aws-prod:us-east-1:ec2:volumes > data --> /tmp/output/aws-east-volumes.csv​> tag *aws-prod:us-east-1:ec2:vpcs > data --> /tmp/output/aws-east-vpcs.csv​> tag  *aws-prod:us-east-1:ec2:addresses > data --> /tmp/output/aws-east-addresses.csv​> tag *aws-prod:us-east-1:s3:buckets> data --> /tmp/output/aws-east-buckets.csv​> tag @aws-prod:us-east-1:ce:daily-costs   > data date is during this month --> /tmp/output/aws-east-costs.csv

> limit 10 #This limits number of rows to 10> tag *azure:instances  > data --> /tmp/output/azure-instances.csv​> tag *azure:my-images > data --> /tmp/output/azure-images.csv​> tag *azure:volumes > data --> /tmp/output/azure-volumes.csv​> tag *azure:networks > data --> /tmp/output/azure-networks.csv​> tag  *azure:networkips > data --> /tmp/output/azure-networkips.csv​> tag *azure:networklbs> data --> /tmp/output/azure-networklbs.csv​> tag *azure:storagecontainers> data --> /tmp/output/azure-storagecontainers.csv

# Azure Insights - metrics, alarms, log analytics> limit 10​> tag *azurein:logs:workspaces  > data --> /tmp/output/azurein-workspaces.csv​> tag @azurein:logs:analytics > data WorkspaceID is ' /tmp/output/azurein-analytics.csv​> tag *azurein:metrics-list > data --> /tmp/output/azurein-metrics-list.csv​> tag @azurein:metric-data > data objID is '/subscriptions//resourceGroups/macaw_resource_grp/providers/Microsoft.Compute/virtualMachines/sp-lb-vm' and metricnames is 'Percentage CPU' and timestamp is after -30 days --> /tmp/output/azurein-metric-data.csv​> tag  *azurein:metric-alarms > data --> /tmp/output/azurein-metric-alarms.csv

> limit 100> tag #es:winevents> data `@timestamp` is after -30 days GET message as 'description' \    --> @cfxusml:logprediction \    --> /tmp/win_event_predicted_clusters.csv

> limit 2000> tag #es:winevents> data * get message as 'description' \    --> @cfxusml:logclustering  \    --> /tmp/win_event_clusters.csv

> limit 100​# Log Template> tag @datagen:fortinet_logs> data timestamp is after -15 mins and LOCAL_SRC_IP is '' and rate is '5/min' \        --> /tmp/fortinet_logs.csv# Ensure you enter valid IP address in the above data statement # CPU Timeseries data (smoothing with high std)> tag @datagen:cpu> data timestamp is after -15 mins and rate is '60/min'​# Memory Timeseries data (smoothing with low std)> tag @datagen:memory> data timestamp is after -15 mins and rate is '60/min'​# Network IO Timeseries data (no smothing high std)> tag @datagen:network_io> data timestamp is after -15 mins and rate is '60/min'   

> limit 10​> tag *slack:users​> data --> @email:sendmail \    subject = "Slack Users List" and \    message = "Slack Users are attched" and \    recipient = 'cfxdx.emails@gmail.com' # the above recipient is example email address, change to suitable

> limit 50​> tag #cfxqa:issues​> data project='SaaS' and created after 'Jan 1 2020' and (resolution is not 'Fixed' or resolution is null)

> tag @cfxobs:metric-range> data metric is '100 - (avg by (instance) (irate(windows_cpu_time_total{mode="idle"}[1m])) * 100)' \        and timestamp is after -30 days and step is '60m'   \            --> *cfxql:filter instance is ':9443' \            --> @cfxml:1hour --> /tmp/output/regression.csv# Replace  with correct IP address

# Slack Userlist and Fileupload> limit 10​> tag *slack:users> data --> /tmp/output/slack-users.csv​> tag *aws-prod:us-east-1:ec2:instances> data --> @slack:fileupload:test_cfxdx_slack channel is 'test_cfxdx_slack' and \                message is 'AWS Instances Report' and format is 'xlsx' and \                title is 'AWS Daily Instances Report.xlsx'