You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
254 lines
11 KiB
254 lines
11 KiB
<form stylesheet="windows_overview.css" version="1.1">
|
|
<label>Windows Overview - Windows</label>
|
|
<search id="eventBaseSearch">
|
|
<query>
|
|
eventtype=wineventlog_index_windows eventtype="wineventlog_common"
|
|
| eval Host=if(isNull(host),Host,host)
|
|
| fields Host,LogName,EventCode
|
|
</query>
|
|
<earliest>$Time.earliest$</earliest>
|
|
<latest>$Time.latest$</latest>
|
|
</search>
|
|
<search id="performanceBaseSearch">
|
|
<query>
|
|
eventtype=perfmon_index_windows eventtype="perfmon_windows" object=* counter=*
|
|
| eval Host=if(isNull(host),Host,host)
|
|
| fields Host,object,counter
|
|
</query>
|
|
<earliest>$Time.earliest$</earliest>
|
|
<latest>$Time.latest$</latest>
|
|
</search>
|
|
<fieldset submitButton="false" autoRun="true">
|
|
<input type="time" token="Time">
|
|
<label></label>
|
|
<default>
|
|
<earliest>@d</earliest>
|
|
<latest>now</latest>
|
|
</default>
|
|
</input>
|
|
</fieldset>
|
|
<row>
|
|
<panel>
|
|
<single>
|
|
<title>Windows Events</title>
|
|
<search base="eventBaseSearch">
|
|
<query>| stats dc(Host) as count</query>
|
|
</search>
|
|
<option name="drilldown">all</option>
|
|
<option name="colorBy">value</option>
|
|
<option name="colorMode">none</option>
|
|
<option name="numberPrecision">0</option>
|
|
<option name="rangeColors">["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"]</option>
|
|
<option name="rangeValues">[0,30,70,100]</option>
|
|
<option name="showSparkline">1</option>
|
|
<option name="showTrendIndicator">1</option>
|
|
<option name="trendColorInterpretation">standard</option>
|
|
<option name="trendDisplayMode">absolute</option>
|
|
<option name="unitPosition">after</option>
|
|
<option name="useColors">0</option>
|
|
<option name="useThousandSeparators">1</option>
|
|
<option name="unit">Hosts</option>
|
|
<drilldown target="_blank">
|
|
<link>
|
|
<![CDATA[
|
|
search?q=eventtype=wineventlog_index_windows eventtype="wineventlog_common" earliest=@d | stats values(LogName) as "Event Logs" by host
|
|
]]>
|
|
</link>
|
|
</drilldown>
|
|
</single>
|
|
<single>
|
|
<title>Windows Events</title>
|
|
<search base="eventBaseSearch">
|
|
<query>| stats dc(LogName) as count</query>
|
|
</search>
|
|
<option name="drilldown">all</option>
|
|
<option name="colorBy">value</option>
|
|
<option name="colorMode">none</option>
|
|
<option name="numberPrecision">0</option>
|
|
<option name="rangeColors">["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"]</option>
|
|
<option name="rangeValues">[0,30,70,100]</option>
|
|
<option name="showSparkline">1</option>
|
|
<option name="showTrendIndicator">1</option>
|
|
<option name="trendColorInterpretation">standard</option>
|
|
<option name="trendDisplayMode">absolute</option>
|
|
<option name="unitPosition">after</option>
|
|
<option name="useColors">0</option>
|
|
<option name="useThousandSeparators">1</option>
|
|
<option name="unit">Log Names</option>
|
|
<drilldown target="_blank">
|
|
<link>
|
|
<![CDATA[
|
|
search?q=eventtype=wineventlog_index_windows eventtype="wineventlog_common"
|
|
| stats count by LogName
|
|
| sort LogName
|
|
]]>
|
|
</link>
|
|
</drilldown>
|
|
</single>
|
|
<single>
|
|
<title>Windows Events</title>
|
|
<search base="eventBaseSearch">
|
|
<query>
|
|
| stats count by EventCode, LogName
|
|
| stats count
|
|
</query>
|
|
</search>
|
|
<option name="drilldown">all</option>
|
|
<option name="colorBy">value</option>
|
|
<option name="colorMode">none</option>
|
|
<option name="numberPrecision">0</option>
|
|
<option name="showSparkline">1</option>
|
|
<option name="showTrendIndicator">1</option>
|
|
<option name="trendColorInterpretation">standard</option>
|
|
<option name="trendDisplayMode">absolute</option>
|
|
<option name="unitPosition">after</option>
|
|
<option name="useColors">0</option>
|
|
<option name="useThousandSeparators">1</option>
|
|
<option name="rangeColors">["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"]</option>
|
|
<option name="rangeValues">[0,30,70,100]</option>
|
|
<option name="unit">Event IDs</option>
|
|
<drilldown target="_blank">
|
|
<link>
|
|
<![CDATA[
|
|
search?q=eventtype=wineventlog_index_windows eventtype="wineventlog_common"
|
|
| stats latest(SourceName) as SourceName, latest(TaskCategory) as TaskCategory by EventCode, LogName
|
|
| sort LogName, TaskCategory, EventCode
|
|
]]>
|
|
</link>
|
|
</drilldown>
|
|
</single>
|
|
</panel>
|
|
</row>
|
|
<row>
|
|
<panel>
|
|
<single>
|
|
<title>Windows Performance Counters</title>
|
|
<search base="performanceBaseSearch">
|
|
<query>| stats dc(Host) as count</query>
|
|
</search>
|
|
<option name="drilldown">all</option>
|
|
<option name="colorBy">value</option>
|
|
<option name="colorMode">none</option>
|
|
<option name="numberPrecision">0</option>
|
|
<option name="rangeColors">["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"]</option>
|
|
<option name="rangeValues">[0,30,70,100]</option>
|
|
<option name="showSparkline">1</option>
|
|
<option name="showTrendIndicator">1</option>
|
|
<option name="trendColorInterpretation">standard</option>
|
|
<option name="trendDisplayMode">absolute</option>
|
|
<option name="unitPosition">after</option>
|
|
<option name="useColors">0</option>
|
|
<option name="useThousandSeparators">1</option>
|
|
<option name="unit">Hosts</option>
|
|
<drilldown target="_blank">
|
|
<link>
|
|
<![CDATA[
|
|
search?q=eventtype=perfmon_index_windows eventtype="perfmon_windows" object=* earliest=@d | stats dc(counter) as dccount by object, Host | eval comb=object." (Total Counters = ".dccount.")"| stats values(comb) as Perfmon_Counter_Category by Host | table Host, Perfmon_Counter_Category
|
|
]]>
|
|
</link>
|
|
</drilldown>
|
|
</single>
|
|
<single>
|
|
<title>Windows Performance Counters</title>
|
|
<search base="performanceBaseSearch">
|
|
<query>| stats dc(object) as count</query>
|
|
</search>
|
|
<option name="drilldown">all</option>
|
|
<option name="colorBy">value</option>
|
|
<option name="colorMode">none</option>
|
|
<option name="numberPrecision">0</option>
|
|
<option name="rangeColors">["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"]</option>
|
|
<option name="rangeValues">[0,30,70,100]</option>
|
|
<option name="showSparkline">1</option>
|
|
<option name="showTrendIndicator">1</option>
|
|
<option name="trendColorInterpretation">standard</option>
|
|
<option name="trendDisplayMode">absolute</option>
|
|
<option name="unitPosition">after</option>
|
|
<option name="useColors">0</option>
|
|
<option name="useThousandSeparators">1</option>
|
|
<option name="unit">Objects</option>
|
|
<drilldown target="_blank">
|
|
<link>
|
|
<![CDATA[
|
|
search?q=eventtype=perfmon_index_windows eventtype="perfmon_windows" object=* earliest=@d | stats dc(counter) as Number by object, host | sort -Number
|
|
]]>
|
|
</link>
|
|
</drilldown>
|
|
</single>
|
|
<single>
|
|
<title>Windows Performance Counters</title>
|
|
<search base="performanceBaseSearch">
|
|
<query> | stats dc(counter) as count</query>
|
|
</search>
|
|
<option name="drilldown">all</option>
|
|
<option name="colorBy">value</option>
|
|
<option name="colorMode">none</option>
|
|
<option name="numberPrecision">0</option>
|
|
<option name="rangeColors">["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"]</option>
|
|
<option name="rangeValues">[0,30,70,100]</option>
|
|
<option name="showSparkline">1</option>
|
|
<option name="showTrendIndicator">1</option>
|
|
<option name="trendColorInterpretation">standard</option>
|
|
<option name="trendDisplayMode">absolute</option>
|
|
<option name="unitPosition">after</option>
|
|
<option name="useColors">0</option>
|
|
<option name="useThousandSeparators">1</option>
|
|
<option name="unit">Counters</option>
|
|
<drilldown target="_blank">
|
|
<link>
|
|
<![CDATA[
|
|
search?q=eventtype=perfmon_index_windows eventtype="perfmon_windows" | eval Perfmon_Counter=counter | eval Perfmon_Counter_Category=object | dedup Perfmon_Counter, instance | table Perfmon_Counter_Category, Perfmon_Counter, instance | sort Perfmon_Counter_Category, Perfmon_Counter, instance
|
|
]]>
|
|
</link>
|
|
</drilldown>
|
|
</single>
|
|
</panel>
|
|
</row>
|
|
<row>
|
|
<panel>
|
|
<table>
|
|
<title>Sources</title>
|
|
<search>
|
|
<query>eventtype=windows_index_windows OR eventtype=wineventlog_index_windows OR eventtype=perfmon_index_windows | fields source | stats count by source | rename source as Source,count as Count</query>
|
|
<earliest>$Time.earliest$</earliest>
|
|
<latest>$Time.latest$</latest>
|
|
</search>
|
|
<option name="wrap">true</option>
|
|
<option name="rowNumbers">false</option>
|
|
<option name="drilldown">row</option>
|
|
<option name="dataOverlayMode">none</option>
|
|
<option name="count">10</option>
|
|
</table>
|
|
</panel>
|
|
<panel>
|
|
<table>
|
|
<title>Sourcetypes</title>
|
|
<search>
|
|
<query>eventtype=windows_index_windows OR eventtype=wineventlog_index_windows OR eventtype=perfmon_index_windows | fields sourcetype | stats count by sourcetype | rename sourcetype as Sourcetype,count as Count</query>
|
|
<earliest>$Time.earliest$</earliest>
|
|
<latest>$Time.latest$</latest>
|
|
</search>
|
|
<option name="wrap">true</option>
|
|
<option name="rowNumbers">false</option>
|
|
<option name="drilldown">cell</option>
|
|
<option name="dataOverlayMode">none</option>
|
|
<option name="count">10</option>
|
|
</table>
|
|
</panel>
|
|
<panel>
|
|
<table>
|
|
<title>Hosts</title>
|
|
<search>
|
|
<query>eventtype=windows_index_windows OR eventtype=wineventlog_index_windows OR eventtype=perfmon_index_windows | fields host | stats count by host | rename host as Host,count as Count</query>
|
|
<earliest>$Time.earliest$</earliest>
|
|
<latest>$Time.latest$</latest>
|
|
</search>
|
|
<option name="wrap">true</option>
|
|
<option name="rowNumbers">false</option>
|
|
<option name="drilldown">row</option>
|
|
<option name="dataOverlayMode">none</option>
|
|
<option name="count">10</option>
|
|
</table>
|
|
</panel>
|
|
</row>
|
|
</form> |