maestro-investigate
Adds investigation material to a Maestro ticket. Investigation material can include a subject, a query to execute, and a description. Use the maestro-investigate-result command to retrieve the investigation results afterwards.
Command properties
| Item | Description |
|---|---|
| Command type | Driver query |
| Required permission | User |
| License usage | Non-licensed command |
| Parallel execution | Not supported |
| Distributed execution | Not supported |
Syntax
maestro-investigate ticket=GUID subject=subject query=query [description=description]
Options
ticket=GUID- GUID of the ticket to add the investigation material to. Required option.
subject=subject- Subject of the investigation material. Required option.
query=query- Query to use for the investigation. Required option.
description=description- Description of the investigation material.
Output fields
| Field | Type | Description |
|---|---|---|
| guid | string | GUID of the investigation material |
Description
Adds investigation material to the specified ticket and outputs the GUID of the created investigation material. This GUID can be used with the maestro-investigate-result command to retrieve the investigation results. Investigation material is added for each input record passed through the pipeline.
Examples
-
Add investigation material to a ticket
| makeresults | maestro-investigate ticket="aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee" subject="Source IP analysis" query="table sonar_event_00001 | stats count by src_ip" description="Source IP statistics per event"Adds investigation material containing a query to the ticket.