{ "description": "", "earliest_time": "-24h", "focus_id": null, "is_named": true, "key": "da-itsi-cp-soar-splunk-app-for-soar-system-health", "lane_settings": [ { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "#333333", "graph_series": "SHKPI-da-itsi-cp-soar-splunk-app-for-soar-system-health", "graph_type": "line", "hide_graph": "no", "key": "lane-38089", "kpi_add_to_summary": "yes", "kpi_id": "SHKPI-da-itsi-cp-soar-splunk-app-for-soar-system-health", "kpi_service_id": "da-itsi-cp-soar-splunk-app-for-soar-system-health", "kpi_service_title": "Splunk app for SOAR - System Health", "kpi_title": "ServiceHealthScore", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "kpi", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`get_full_itsi_summary_service_health_events(da-itsi-cp-soar-splunk-app-for-soar-system-health)` | timechart avg(health_score) AS aggregate", "search_source": "kpi", "subtitle": "Splunk app for SOAR - System Health", "threshold_indication_enabled": "enabled", "threshold_indication_type": "stateIndication", "title": "", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ 95.8, 96 ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "#9AC23C", "graph_series": "da-itsi-cp-soar-74bd51fecaa9340a53233602", "graph_type": "column", "hide_graph": "no", "key": "lane-40160", "kpi_add_to_summary": "yes", "kpi_id": "da-itsi-cp-soar-74bd51fecaa9340a53233602", "kpi_service_id": "da-itsi-cp-soar-splunk-app-for-soar-system-health", "kpi_service_title": "Splunk app for SOAR - System Health", "kpi_title": "Cluster leadership change", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "kpi", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`splunk_app_soar_indexes` source=*clusterd.log \"Our node has become leader\" | `aggregate_raw_into_entity_time_series(count, _time, \"host\", 1)` | `aggregate_entity_into_service_time_series(sum, 1)` | `assess_severity(da-itsi-cp-soar-splunk-app-for-soar-system-health, da-itsi-cp-soar-74bd51fecaa9340a53233602)`", "search_source": "kpi", "subtitle": "Splunk app for SOAR - System Health", "threshold_indication_enabled": "enabled", "threshold_indication_type": "stateIndication", "title": "", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ 0, 0 ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "AUTO", "graph_series": "count", "graph_type": "heatMap", "hide_graph": "no", "key": "lane-46396", "kpi_add_to_summary": "", "kpi_id": null, "kpi_service_id": null, "kpi_service_title": "", "kpi_title": "", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "event", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`splunk_app_soar_indexes` source=\"*clusterd.log\" \"Our node has become leader\"", "search_source": "adhoc", "subtitle": "", "threshold_indication_enabled": "disabled", "threshold_indication_type": "levelIndication", "title": "Cluster Leader", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ null, null ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "AUTO", "graph_series": "count", "graph_type": "heatMap", "hide_graph": "no", "key": "lane-60455", "kpi_add_to_summary": "", "kpi_id": null, "kpi_service_id": null, "kpi_service_title": "", "kpi_title": "", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "event", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`splunk_app_soar_indexes` source=*clusterd.log level=error", "search_source": "adhoc", "subtitle": "", "threshold_indication_enabled": "disabled", "threshold_indication_type": "levelIndication", "title": "clusterd Errors", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ null, null ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "AUTO", "graph_series": "count", "graph_type": "heatMap", "hide_graph": "no", "key": "lane-59296", "kpi_add_to_summary": "", "kpi_id": null, "kpi_service_id": null, "kpi_service_title": "", "kpi_title": "", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "event", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`splunk_app_soar_indexes` source=*proxyd.log level=error", "search_source": "adhoc", "subtitle": "", "threshold_indication_enabled": "disabled", "threshold_indication_type": "levelIndication", "title": "proxyd Errors", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ null, null ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "AUTO", "graph_series": "count", "graph_type": "heatMap", "hide_graph": "no", "key": "lane-60763", "kpi_add_to_summary": "", "kpi_id": null, "kpi_service_id": null, "kpi_service_title": "", "kpi_title": "", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "event", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`splunk_app_soar_indexes` sourcetype=\"nginx:plus:access\" status=5*", "search_source": "adhoc", "subtitle": "", "threshold_indication_enabled": "disabled", "threshold_indication_type": "levelIndication", "title": "500 Errors", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ null, null ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "AUTO", "graph_series": "count", "graph_type": "heatMap", "hide_graph": "no", "key": "lane-55397", "kpi_add_to_summary": "", "kpi_id": null, "kpi_service_id": null, "kpi_service_title": "", "kpi_title": "", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "event", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`splunk_app_soar_indexes` sourcetype=\"nginx:plus:access\" status=4*", "search_source": "adhoc", "subtitle": "", "threshold_indication_enabled": "disabled", "threshold_indication_type": "levelIndication", "title": "400 Errors", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ null, null ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "AUTO", "graph_series": "count", "graph_type": "heatMap", "hide_graph": "no", "key": "lane-75014", "kpi_add_to_summary": "", "kpi_id": null, "kpi_service_id": null, "kpi_service_title": "", "kpi_title": "", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "event", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`splunk_app_soar_indexes` source=*app_install.log error:", "search_source": "adhoc", "subtitle": "", "threshold_indication_enabled": "disabled", "threshold_indication_type": "levelIndication", "title": "APP Install Errors", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ null, null ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "AUTO", "graph_series": "count", "graph_type": "heatMap", "hide_graph": "no", "key": "lane-45360", "kpi_add_to_summary": "", "kpi_id": null, "kpi_service_id": null, "kpi_service_title": "", "kpi_title": "", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "event", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`splunk_app_soar_indexes` source=*phantom_install* level=ERROR", "search_source": "adhoc", "subtitle": "", "threshold_indication_enabled": "disabled", "threshold_indication_type": "levelIndication", "title": "SOAR Install Errors", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ null, null ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "AUTO", "graph_series": "count", "graph_type": "heatMap", "hide_graph": "no", "key": "lane-57790", "kpi_add_to_summary": "", "kpi_id": null, "kpi_service_id": null, "kpi_service_title": "", "kpi_title": "", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "event", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`splunk_app_soar_indexes` source=*actiond.log level=error", "search_source": "adhoc", "subtitle": "", "threshold_indication_enabled": "disabled", "threshold_indication_type": "levelIndication", "title": "actiond Errors", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ null, null ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "AUTO", "graph_series": "count", "graph_type": "heatMap", "hide_graph": "no", "key": "lane-63524", "kpi_add_to_summary": "", "kpi_id": null, "kpi_service_id": null, "kpi_service_title": "", "kpi_title": "", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "event", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`splunk_app_soar_indexes` source=*consul-* error", "search_source": "adhoc", "subtitle": "", "threshold_indication_enabled": "disabled", "threshold_indication_type": "levelIndication", "title": "consul Errors", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ null, null ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "AUTO", "graph_series": "count", "graph_type": "heatMap", "hide_graph": "no", "key": "lane-64558", "kpi_add_to_summary": "", "kpi_id": null, "kpi_service_id": null, "kpi_service_title": "", "kpi_title": "", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "event", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`splunk_app_soar_indexes` source=*decided.log level=error", "search_source": "adhoc", "subtitle": "", "threshold_indication_enabled": "disabled", "threshold_indication_type": "levelIndication", "title": "decided Errors", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ null, null ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "AUTO", "graph_series": "count", "graph_type": "heatMap", "hide_graph": "no", "key": "lane-65746", "kpi_add_to_summary": "", "kpi_id": null, "kpi_service_id": null, "kpi_service_title": "", "kpi_title": "", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "event", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`splunk_app_soar_indexes` source=*ingestd.log level=error", "search_source": "adhoc", "subtitle": "", "threshold_indication_enabled": "disabled", "threshold_indication_type": "levelIndication", "title": "ingestd Errors", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ null, null ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "AUTO", "graph_series": "count", "graph_type": "heatMap", "hide_graph": "no", "key": "lane-66830", "kpi_add_to_summary": "", "kpi_id": null, "kpi_service_id": null, "kpi_service_title": "", "kpi_title": "", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "event", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`splunk_app_soar_indexes` source =*nginx/error.log failed OR error", "search_source": "adhoc", "subtitle": "", "threshold_indication_enabled": "disabled", "threshold_indication_type": "levelIndication", "title": "nginx Errors", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ null, null ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "AUTO", "graph_series": "count", "graph_type": "heatMap", "hide_graph": "no", "key": "lane-68739", "kpi_add_to_summary": "", "kpi_id": null, "kpi_service_id": null, "kpi_service_title": "", "kpi_title": "", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "event", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`splunk_app_soar_indexes` source=*postgresql*.log FATAL OR ERROR", "search_source": "adhoc", "subtitle": "", "threshold_indication_enabled": "disabled", "threshold_indication_type": "levelIndication", "title": "postgres Errors", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ null, null ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "AUTO", "graph_series": "count", "graph_type": "heatMap", "hide_graph": "no", "key": "lane-69356", "kpi_add_to_summary": "", "kpi_id": null, "kpi_service_id": null, "kpi_service_title": "", "kpi_title": "", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "event", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`splunk_app_soar_indexes` source=*add-es-index-std* level=warning OR level=error OR level=debug", "search_source": "adhoc", "subtitle": "", "threshold_indication_enabled": "disabled", "threshold_indication_type": "levelIndication", "title": "search Errors", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ 0, 14 ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "AUTO", "graph_series": "count", "graph_type": "heatMap", "hide_graph": "no", "key": "lane-82164", "kpi_add_to_summary": "", "kpi_id": null, "kpi_service_id": null, "kpi_service_title": "", "kpi_title": "", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "event", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`splunk_app_soar_indexes` source=*spawn*.log level=error", "search_source": "adhoc", "subtitle": "", "threshold_indication_enabled": "disabled", "threshold_indication_type": "levelIndication", "title": "spawn Errors", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ null, null ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "AUTO", "graph_series": "count", "graph_type": "heatMap", "hide_graph": "no", "key": "lane-105227", "kpi_add_to_summary": "", "kpi_id": null, "kpi_service_id": null, "kpi_service_title": "", "kpi_title": "", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "event", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`splunk_app_soar_indexes` source=*supervisord.log \"not expected\"", "search_source": "adhoc", "subtitle": "", "threshold_indication_enabled": "disabled", "threshold_indication_type": "levelIndication", "title": "supervisord Errors", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ null, null ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "AUTO", "graph_series": "count", "graph_type": "heatMap", "hide_graph": "no", "key": "lane-128285", "kpi_add_to_summary": "", "kpi_id": null, "kpi_service_id": null, "kpi_service_title": "", "kpi_title": "", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "event", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`splunk_app_soar_indexes` source=*watchdogd.log level=error", "search_source": "adhoc", "subtitle": "", "threshold_indication_enabled": "disabled", "threshold_indication_type": "levelIndication", "title": "watchdogd Errors", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ null, null ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "AUTO", "graph_series": "count", "graph_type": "heatMap", "hide_graph": "no", "key": "lane-128890", "kpi_add_to_summary": "", "kpi_id": null, "kpi_service_id": null, "kpi_service_title": "", "kpi_title": "", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "event", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`splunk_app_soar_indexes` (source=*websocket-stdout.log level=error) OR (source=*websocket-stderr.log level=error)", "search_source": "adhoc", "subtitle": "", "threshold_indication_enabled": "disabled", "threshold_indication_type": "levelIndication", "title": "websocket Errors", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ null, null ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "AUTO", "graph_series": "count", "graph_type": "heatMap", "hide_graph": "no", "key": "lane-129303", "kpi_add_to_summary": "", "kpi_id": null, "kpi_service_id": null, "kpi_service_title": "", "kpi_title": "", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "event", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`splunk_app_soar_indexes` source=*workflowd.log level=error", "search_source": "adhoc", "subtitle": "", "threshold_indication_enabled": "disabled", "threshold_indication_type": "levelIndication", "title": "workflowd Errors", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ null, null ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "AUTO", "graph_series": "count", "graph_type": "heatMap", "hide_graph": "no", "key": "lane-129752", "kpi_add_to_summary": "", "kpi_id": null, "kpi_service_id": null, "kpi_service_title": "", "kpi_title": "", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "event", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`splunk_app_soar_indexes` source=*watchdogd.log level=error", "search_source": "adhoc", "subtitle": "", "threshold_indication_enabled": "disabled", "threshold_indication_type": "levelIndication", "title": "wsgi Errors", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ null, null ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "AUTO", "graph_series": "count", "graph_type": "heatMap", "hide_graph": "no", "key": "lane-44735", "kpi_add_to_summary": "", "kpi_id": null, "kpi_service_id": null, "kpi_service_title": "", "kpi_title": "", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "event", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`soar_remote_search_action_run` status=failed", "search_source": "adhoc", "subtitle": "", "threshold_indication_enabled": "disabled", "threshold_indication_type": "levelIndication", "title": "Action Run Failures", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ 0, 9 ] }, { "data_gaps": "connected", "data_model": { "datamodel": "", "field": "", "object": "", "owner_field": "" }, "data_model_stat_op": "count", "data_model_where_clause": "", "distribution_stream_mode": "quantile", "entity_add_to_summary": "yes", "exclude_fields": [ "alert_color", "alert_severity", "alert_level", "serviceid", "kpiid", "itsi_kpi_id", "itsi_service_id", "alert_error", "alert_period", "kpi", "kpibasesearch", "urgency", "is_entity_in_maintenance", "is_service_in_maintenance", "is_filled_gap_event" ], "graph_color": "AUTO", "graph_series": "count", "graph_type": "heatMap", "hide_graph": "no", "key": "lane-47785", "kpi_add_to_summary": "", "kpi_id": null, "kpi_service_id": null, "kpi_service_title": "", "kpi_title": "", "kpi_unit": "", "lane_overlay_settings": { "entity_count": 5.0, "graph_color": "AUTO", "graph_type": "line", "is_enabled": "no", "metric": null, "overlay_type": "", "search": "* | timechart count", "selected_entities": [], "selection_mode": "static" }, "lane_size": "small", "lane_type": "event", "overwrite_entity_title": "no", "overwrite_kpi_title": "no", "search": "`soar_remote_search_app_run` \"result_data{}.status\"=failed", "search_source": "adhoc", "subtitle": "", "threshold_indication_enabled": "disabled", "threshold_indication_type": "levelIndication", "title": "App Run Failures", "vertical_axis_boundary_type": "value", "vertical_axis_scale": "linear", "vertical_axis_static_bounds": [ 0, 4 ] } ], "latest_time": "now", "title": "Splunk app for SOAR - System Health", "topology_id": "da-itsi-cp-soar-splunk-app-for-soar-system-health", "version": "0.0.33" }