CYA_Export_For_ITSI_Splunk_Query

# Copyright 2019 Paychex, Inc.
# Licensed pursuant to the terms of the Apache License, Version 2.0 (the "License");
# your use of the Work is subject to the terms and conditions of the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor
# provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including,
# without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT,
# MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible
# for determining the appropriateness of using or redistributing the Work and assume 
# any risks associated with your exercise of permissions under this License.


| union maxtime=300 timeout=300
   [| rest splunk_server=local /servicesNS/-/-/itoa_interface/glass_table | eval Type="ITSI Glass Tables"]
   [| rest splunk_server=local /servicesNS/-/-/itoa_interface/home_view | eval Type="ITSI Home View"]
   [| rest splunk_server=local /servicesNS/-/-/itoa_interface/deep_dive | eval Type="ITSI Deep Dive"]
   [| rest splunk_server=local /servicesNS/nobody/SA-ITOA/itoa_interface/event_management_state | eval Type="ITSI Event Management State"]
| fields Type value
| eval value= spath(value, "{}")
| mvexpand value
| table Type value
| spath input=value
| search "acl.owner"=[| makeresults count=1 | eval username="$username$" | eval search="\"".mvfilter(NOT match(username,"username"))."\"" | table search | append
       [| rest splunk_server=local /services/authentication/current-context | table username | rename username as search | eval search="\"".search."\""]
   | stats list(search) as search | eval search=mvindex(search, 0)]
| fields - value
| eval _time=now()
| table _time Type title acl.appauthor acl.perms.read acl.perms.write *