li-windows-events-to-prod-env
Pipeline: li-windows-events-to-prod-env
| @rn:read-stream
name = "windows-splunk-stream" &
group = "group-prod-env-windows"
--> @dm:add-missing-columns
columns="rda_gw_client_ip,raw" &
value="None"
--> @dm:enrich-using-rule-dict
dict = "petclinic-env-dict" &
rule_column = "rule" &
enrich_columns = "env"
--> @rn:write-stats-to-stream
name = "log-intel-stats" &
groupby = "env" &
type = "windows-events" &
mode = "input"
--> *dm:filter
raw does not contain 'DEBUG'
and
raw does not contain 'INFO'
--> @dm:skip-block-if-shape
row_count=0
--> @rn:write-stats-to-stream
name = "log-intel-stats" &
groupby = "env" &
type = "windows-events" &
mode = "output"
--> @splunkv2:add-to-index
index='prod_petclinic_imp_logs' & create = 'True'
|
Extensions used in this Pipeline
Artifacts used in this Pipeline
| Artifact Type |
Artifact Name |
Access |
| rda-network-stream |
windows-splunk-stream |
read |
| dataset |
petclinic-env-dict |
read |
| rda-network-stream |
log-intel-stats |
write |
Bots used in this Pipeline
@rn:read-stream @dm:add-missing-columns @dm:enrich-using-rule-dict @rn:write-stats-to-stream *dm:filter @dm:skip-block-if-shape @splunkv2:add-to-index