admingit
/
Deploiement_Server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '51f28ad3da'
${ noResults }
Deploiement_Server/deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/windows_event.xml

246 lines
14 KiB
Raw Blame History

<form stylesheet="custom.css" version="1.1">
<label>Event Monitoring - Windows</label>
<fieldset submitButton="false">
<input type="dropdown" token="EventHost" searchWhenChanged="true">
<label>Event Host</label>
<search>
<query>eventtype=wineventlog_index_windows eventtype="wineventlog_common" source="*inEventLog:$LogName$" TaskCategory="$TaskCategory$" SourceName="$SourceName$" EventCode="$EventCode$" Type="$Type$" "$event.additional$"| eval Host=if(isnull(Host), upper(host), upper(Host)) | fields Host | mvexpand Host | dedup Host | table Host | sort Host</query>
</search>
<fieldForLabel>Host</fieldForLabel>
<fieldForValue>Host</fieldForValue>
<choice value="*">All</choice>
<default>*</default>
<initialValue>*</initialValue>
</input>
<input type="dropdown" token="LogName" searchWhenChanged="true">
<label>Log Name</label>
<choice value="*">All</choice>
<search>
<query>eventtype=wineventlog_index_windows eventtype="wineventlog_common" (host="$EventHost$" OR ComputerName="$EventHost$") TaskCategory="$TaskCategory$" SourceName="$SourceName$" EventCode="$EventCode$" Type="$Type$" "$event.additional$" | fields LogName | mvexpand LogName | dedup LogName | table LogName | sort LogName</query>
</search>
<fieldForLabel>LogName</fieldForLabel>
<fieldForValue>LogName</fieldForValue>
<default>*</default>
<initialValue>*</initialValue>
</input>
<input type="dropdown" token="SourceName" searchWhenChanged="true">
<label>Source Name</label>
<choice value="*">All</choice>
<search>
<query>eventtype=wineventlog_index_windows eventtype="wineventlog_common" source="*inEventLog:$LogName$" (host="$EventHost$" OR ComputerName="$EventHost$") TaskCategory="$TaskCategory$" EventCode="$EventCode$" Type="$Type$" "$event.additional$" | fields SourceName | mvexpand SourceName | dedup SourceName | table SourceName | sort SourceName</query>
</search>
<fieldForLabel>SourceName</fieldForLabel>
<fieldForValue>SourceName</fieldForValue>
<default>*</default>
<initialValue>*</initialValue>
</input>
<input type="dropdown" token="TaskCategory" searchWhenChanged="true">
<label>Task Category</label>
<choice value="*">All</choice>
<search>
<query>eventtype=wineventlog_index_windows eventtype="wineventlog_common" source="*inEventLog:$LogName$" (host="$EventHost$" OR ComputerName="$EventHost$") SourceName="$SourceName$" EventCode="$EventCode$" Type="$Type$" "$event.additional$" | fields TaskCategory | mvexpand TaskCategory | dedup TaskCategory | table TaskCategory | sort TaskCategory</query>
</search>
<fieldForLabel>TaskCategory</fieldForLabel>
<fieldForValue>TaskCategory</fieldForValue>
<default>*</default>
</input>
<input type="dropdown" token="EventCode" searchWhenChanged="true">
<label>Event Code</label>
<choice value="*">All</choice>
<search>
<query>eventtype=wineventlog_index_windows eventtype="wineventlog_common" source="*inEventLog:$LogName$" (host="$EventHost$" OR ComputerName="$EventHost$") TaskCategory="$TaskCategory$" SourceName="$SourceName$" Type="$Type$" "$event.additional$" | fields EventCode | mvexpand EventCode | dedup EventCode | table EventCode | sort EventCode</query>
</search>
<fieldForLabel>EventCode</fieldForLabel>
<fieldForValue>EventCode</fieldForValue>
<default>*</default>
<initialValue>*</initialValue>
</input>
<input type="dropdown" token="Type" searchWhenChanged="true">
<choice value="*">All</choice>
<search>
<query>eventtype=wineventlog_index_windows eventtype="wineventlog_common" source="*inEventLog:$LogName$" (host="$EventHost$" OR ComputerName="$EventHost$") TaskCategory="$TaskCategory$" SourceName="$SourceName$" EventCode="$EventCode$" "$event.additional$" | fields Type | mvexpand Type | dedup Type | table Type | sort Type</query>
</search>
<fieldForLabel>Type</fieldForLabel>
<fieldForValue>Type</fieldForValue>
<default>*</default>
<initialValue>*</initialValue>
</input>
<input type="text" token="event.additional" searchWhenChanged="true">
<label>Additional Terms</label>
<default>*</default>
</input>
<input type="time" token="time" searchWhenChanged="true">
<label></label>
<default>
<earliest>-15m</earliest>
<latest>now</latest>
</default>
</input>
</fieldset>
<row>
<panel>
<table>
<title>Source Names</title>
<search>
<query>eventtype="wineventlog_common" source="*inEventLog:$LogName$" (host="$EventHost$" OR ComputerName="$EventHost$") TaskCategory="$TaskCategory$" SourceName="$SourceName$" EventCode="$EventCode$" Type="$Type$" "$event.additional$" | stats sparkline as "Trend", count by SourceName | sort -count</query>
<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>
</search>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="drilldown">cell</option>
<option name="dataOverlayMode">none</option>
<option name="count">10</option>
</table>
</panel>
<panel>
<table>
<title>Task Categories</title>
<search>
<query>eventtype="wineventlog_common" source="*inEventLog:$LogName$" (host="$EventHost$" OR ComputerName="$EventHost$") TaskCategory="$TaskCategory$" SourceName="$SourceName$" EventCode="$EventCode$" Type="$Type$" $event.additional$ | stats sparkline as "Trend", count by TaskCategory | sort -count</query>
<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>
</search>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="drilldown">row</option>
</table>
</panel>
</row>
<row>
<panel>
<table>
<title>Hosts</title>
<search>
<query>eventtype="wineventlog_common" source="*inEventLog:$LogName$" (host="$EventHost$" OR ComputerName="$EventHost$") TaskCategory="$TaskCategory$" SourceName="$SourceName$" EventCode="$EventCode$" Type="$Type$" $event.additional$ | stats sparkline as "Trend", count by host | sort -count</query>
<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>
</search>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="drilldown">cell</option>
<option name="dataOverlayMode">none</option>
<option name="count">10</option>
</table>
</panel>
<panel>
<table>
<title>Event IDs</title>
<search>
<query>eventtype="wineventlog_common" source="*inEventLog:$LogName$" (host="$EventHost$" OR ComputerName="$EventHost$") TaskCategory="$TaskCategory$" SourceName="$SourceName$" EventCode="$EventCode$" Type="$Type$" $event.additional$ | eval EventCodeDescription=if(isnull(EventCodeDescription), mvindex(split(Message, "."), 0), EventCodeDescription) | stats sparkline as "Trend", count by EventCode, EventCodeDescription | sort -count</query>
<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>
</search>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="drilldown">row</option>
</table>
</panel>
</row>
<row>
<panel>
<chart>
<title>Event Count By Hosts - Over Time</title>
<search>
<query>eventtype="wineventlog_common" source="*inEventLog:$LogName$" (host="$EventHost$" OR ComputerName="$EventHost$") TaskCategory="$TaskCategory$" SourceName="$SourceName$" EventCode="$EventCode$" Type="$Type$" $event.additional$ | timechart span=1m count by host</query>
<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>
</search>
<option name="charting.chart">column</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
</chart>
</panel>
<panel>
<chart>
<title>Event Count By Event Code - Over Time</title>
<search>
<query>eventtype="wineventlog_common" source="*inEventLog:$LogName$" (host="$EventHost$" OR ComputerName="$EventHost$") TaskCategory="$TaskCategory$" SourceName="$SourceName$" EventCode="$EventCode$" Type="$Type$" $event.additional$ | timechart span=1m count by EventCode</query>
<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>
</search>
<option name="charting.chart">column</option>
</chart>
</panel>
</row>
<row>
<panel>
<chart>
<title>Event Counts By Log Name - Over Time</title>
<search>
<query>eventtype="wineventlog_common" source="*inEventLog:$LogName$" (host="$EventHost$" OR ComputerName="$EventHost$") TaskCategory="$TaskCategory$" SourceName="$SourceName$" EventCode="$EventCode$" Type="$Type$" $event.additional$ | timechart span=1m count by LogName</query>
<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>
</search>
<option name="charting.chart">column</option>
</chart>
</panel>
<panel>
<chart>
<title>Event Counts By Type - Over Time</title>
<search>
<query>eventtype="wineventlog_common" source="*inEventLog:$LogName$" (host="$EventHost$" OR ComputerName="$EventHost$") TaskCategory="$TaskCategory$" SourceName="$SourceName$" EventCode="$EventCode$" Type="$Type$" $event.additional$ | timechart span=1m count by Type</query>
<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>
</search>
<option name="charting.chart">column</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
</chart>
</panel>
</row>
<row>
<panel>
<html>
<h3>More reports</h3>
<ul class="windows-footer">
<li><a href="search?s=Generic%20event%20counts">Generic event counts</a></li>
<li><a href="search?s=Event%20categories%20and%20counts%20by%20host%20for%20the%20last%2030%20days">Event categories and counts by host for the last 30 days</a></li>
<li><a href="search?s=Event%20severity%20counts%20by%20host%20for%20the%20last%207%20days">Event severity counts by host for the last 7 days</a></li>
<li><a href="search?s=Event%20severity%20counts%20by%20host%20for%20the%20last%2030%20days">Event severity counts by host for the last 30 days</a></li>
<li><a href="search?s=Event%20severity%20counts%20by%20host%20for%20the%20last%2024%20hours">Event severity counts by host for the last 24 hours</a></li>
</ul>
</html>
</panel>
</row>
</form>
Reference in new issue View Git Blame Copy Permalink