bh_stats_gen_constraints macro is used to control what data is examined by the
bh_stats_gen search when generating the metrics used by the alerting searches. The default
behavior is to exclude all data in the summary index, and all data from the stash sourcetype, but
include all other data.
NOTE: This macro is used within a
tstats command, and therefore the macro’s must be valid
bh_stats_gen_additions macro is used to insert arbitrary SPL into the
search in order to transform data before it is written to the summary index.
eval statements to calculate custom metrics to be stored in
the summary data.
bh_alert_additions macro is used to insert arbitrary SPL into the alerting searches, in
order to transform data before it is written to the summary index.
Example: Apply subsearch logic from a monitoring system to automatically exclude hosts that are known to be offline
default_contact macro is used only for the
Broken Hosts Alert - by contact search. It
is used to set the default email address for items that don’t have a separate contact listed in
contact column of the lookup table.
default_expected_time macro is used to set a default
lateSecs value for things not
defined in the lookup. The
lateSecs value tells Broken Hosts how long a specific source of data
is allowed to go without sending data before an alert should be triggered. This setting is in
seconds, and defaults to 14400 (4 hours).