Examples using Terminal / Commandline
It is assumed that the instances shown as part of tags are integrated with RDA. CloudFabrix recommends to limiting the number of rows displayed at the RDA command line.
The following are some of the examples that can be executed for testing purposes. Please note depending on the type of the integration, the tag name could differ or the tag may not exists in your environment (For example, when there is no integration with AWS, then AWS tags shown and respective examples will not work)
> tag *aws-prod:us-east-1:ec2:instances > data --> /tmp/output/aws-east-instances.csv> tag *aws-prod:us-east-1:ec2:my-images > data --> /tmp/output/aws-east-images.csv> tag *aws-prod:us-east-1:ec2:volumes > data --> /tmp/output/aws-east-volumes.csv> tag *aws-prod:us-east-1:ec2:vpcs > data --> /tmp/output/aws-east-vpcs.csv> tag *aws-prod:us-east-1:ec2:addresses > data --> /tmp/output/aws-east-addresses.csv> tag *aws-prod:us-east-1:s3:buckets> data --> /tmp/output/aws-east-buckets.csv> tag @aws-prod:us-east-1:ce:daily-costs > data date is during this month --> /tmp/output/aws-east-costs.csv
> limit 10 #This limits number of rows to 10> tag *azure:instances > data --> /tmp/output/azure-instances.csv> tag *azure:my-images > data --> /tmp/output/azure-images.csv> tag *azure:volumes > data --> /tmp/output/azure-volumes.csv> tag *azure:networks > data --> /tmp/output/azure-networks.csv> tag *azure:networkips > data --> /tmp/output/azure-networkips.csv> tag *azure:networklbs> data --> /tmp/output/azure-networklbs.csv> tag *azure:storagecontainers> data --> /tmp/output/azure-storagecontainers.csv
# Azure Insights - metrics, alarms, log analytics> limit 10> tag *azurein:logs:workspaces > data --> /tmp/output/azurein-workspaces.csv> tag @azurein:logs:analytics > data WorkspaceID is ' /tmp/output/azurein-analytics.csv> tag *azurein:metrics-list > data --> /tmp/output/azurein-metrics-list.csv> tag @azurein:metric-data > data objID is '/subscriptions//resourceGroups/macaw_resource_grp/providers/Microsoft.Compute/virtualMachines/sp-lb-vm' and metricnames is 'Percentage CPU' and timestamp is after -30 days --> /tmp/output/azurein-metric-data.csv> tag *azurein:metric-alarms > data --> /tmp/output/azurein-metric-alarms.csv
> limit 100> tag #es:winevents> data `@timestamp` is after -30 days GET message as 'description' \ --> @cfxusml:logprediction \ --> /tmp/win_event_predicted_clusters.csv
> limit 2000> tag #es:winevents> data * get message as 'description' \ --> @cfxusml:logclustering \ --> /tmp/win_event_clusters.csv
> limit 100# Log Template> tag @datagen:fortinet_logs> data timestamp is after -15 mins and LOCAL_SRC_IP is '' and rate is '5/min' \ --> /tmp/fortinet_logs.csv# Ensure you enter valid IP address in the above data statement # CPU Timeseries data (smoothing with high std)> tag @datagen:cpu> data timestamp is after -15 mins and rate is '60/min'# Memory Timeseries data (smoothing with low std)> tag @datagen:memory> data timestamp is after -15 mins and rate is '60/min'# Network IO Timeseries data (no smothing high std)> tag @datagen:network_io> data timestamp is after -15 mins and rate is '60/min'
> limit 10> tag *slack:users> data --> @email:sendmail \ subject = "Slack Users List" and \ message = "Slack Users are attched" and \ recipient = '[email protected]' # the above recipient is example email address, change to suitable
> limit 50> tag #cfxqa:issues> data project='SaaS' and created after 'Jan 1 2020' and (resolution is not 'Fixed' or resolution is null)
> tag @cfxobs:metric-range> data metric is '100 - (avg by (instance) (irate(windows_cpu_time_total{mode="idle"}[1m])) * 100)' \ and timestamp is after -30 days and step is '60m' \ --> *cfxql:filter instance is ':9443' \ --> @cfxml:1hour --> /tmp/output/regression.csv# Replace with correct IP address
# Slack Userlist and Fileupload> limit 10> tag *slack:users> data --> /tmp/output/slack-users.csv> tag *aws-prod:us-east-1:ec2:instances> data --> @slack:fileupload:test_cfxdx_slack channel is 'test_cfxdx_slack' and \ message is 'AWS Instances Report' and format is 'xlsx' and \ title is 'AWS Daily Instances Report.xlsx'
Last modified 2yr ago