admingit
/
Deploiement_Server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e66421659c'
${ noResults }
Deploiement_Server/deployment-apps/DA-ITSI-CP-soar/itsi/deep_dives/da-itsi-cp-soar-splunk-app-...

1645 lines
57 KiB
Raw Blame History

{
"description": "",
"earliest_time": "-24h",
"focus_id": null,
"is_named": true,
"key": "da-itsi-cp-soar-splunk-app-for-soar-system-health",
"lane_settings": [
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "#333333",
"graph_series": "SHKPI-da-itsi-cp-soar-splunk-app-for-soar-system-health",
"graph_type": "line",
"hide_graph": "no",
"key": "lane-38089",
"kpi_add_to_summary": "yes",
"kpi_id": "SHKPI-da-itsi-cp-soar-splunk-app-for-soar-system-health",
"kpi_service_id": "da-itsi-cp-soar-splunk-app-for-soar-system-health",
"kpi_service_title": "Splunk app for SOAR - System Health",
"kpi_title": "ServiceHealthScore",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "kpi",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`get_full_itsi_summary_service_health_events(da-itsi-cp-soar-splunk-app-for-soar-system-health)` | timechart avg(health_score) AS aggregate",
"search_source": "kpi",
"subtitle": "Splunk app for SOAR - System Health",
"threshold_indication_enabled": "enabled",
"threshold_indication_type": "stateIndication",
"title": "",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
95.8,
96
]
},
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "#9AC23C",
"graph_series": "da-itsi-cp-soar-74bd51fecaa9340a53233602",
"graph_type": "column",
"hide_graph": "no",
"key": "lane-40160",
"kpi_add_to_summary": "yes",
"kpi_id": "da-itsi-cp-soar-74bd51fecaa9340a53233602",
"kpi_service_id": "da-itsi-cp-soar-splunk-app-for-soar-system-health",
"kpi_service_title": "Splunk app for SOAR - System Health",
"kpi_title": "Cluster leadership change",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "kpi",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`splunk_app_soar_indexes` source=*clusterd.log \"Our node has become leader\" | `aggregate_raw_into_entity_time_series(count, _time, \"host\", 1)` | `aggregate_entity_into_service_time_series(sum, 1)` | `assess_severity(da-itsi-cp-soar-splunk-app-for-soar-system-health, da-itsi-cp-soar-74bd51fecaa9340a53233602)`",
"search_source": "kpi",
"subtitle": "Splunk app for SOAR - System Health",
"threshold_indication_enabled": "enabled",
"threshold_indication_type": "stateIndication",
"title": "",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
0,
0
]
},
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "AUTO",
"graph_series": "count",
"graph_type": "heatMap",
"hide_graph": "no",
"key": "lane-46396",
"kpi_add_to_summary": "",
"kpi_id": null,
"kpi_service_id": null,
"kpi_service_title": "",
"kpi_title": "",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "event",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`splunk_app_soar_indexes` source=\"*clusterd.log\" \"Our node has become leader\"",
"search_source": "adhoc",
"subtitle": "",
"threshold_indication_enabled": "disabled",
"threshold_indication_type": "levelIndication",
"title": "Cluster Leader",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
null,
null
]
},
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "AUTO",
"graph_series": "count",
"graph_type": "heatMap",
"hide_graph": "no",
"key": "lane-60455",
"kpi_add_to_summary": "",
"kpi_id": null,
"kpi_service_id": null,
"kpi_service_title": "",
"kpi_title": "",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "event",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`splunk_app_soar_indexes` source=*clusterd.log level=error",
"search_source": "adhoc",
"subtitle": "",
"threshold_indication_enabled": "disabled",
"threshold_indication_type": "levelIndication",
"title": "clusterd Errors",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
null,
null
]
},
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "AUTO",
"graph_series": "count",
"graph_type": "heatMap",
"hide_graph": "no",
"key": "lane-59296",
"kpi_add_to_summary": "",
"kpi_id": null,
"kpi_service_id": null,
"kpi_service_title": "",
"kpi_title": "",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "event",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`splunk_app_soar_indexes` source=*proxyd.log level=error",
"search_source": "adhoc",
"subtitle": "",
"threshold_indication_enabled": "disabled",
"threshold_indication_type": "levelIndication",
"title": "proxyd Errors",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
null,
null
]
},
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "AUTO",
"graph_series": "count",
"graph_type": "heatMap",
"hide_graph": "no",
"key": "lane-60763",
"kpi_add_to_summary": "",
"kpi_id": null,
"kpi_service_id": null,
"kpi_service_title": "",
"kpi_title": "",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "event",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`splunk_app_soar_indexes` sourcetype=\"nginx:plus:access\" status=5*",
"search_source": "adhoc",
"subtitle": "",
"threshold_indication_enabled": "disabled",
"threshold_indication_type": "levelIndication",
"title": "500 Errors",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
null,
null
]
},
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "AUTO",
"graph_series": "count",
"graph_type": "heatMap",
"hide_graph": "no",
"key": "lane-55397",
"kpi_add_to_summary": "",
"kpi_id": null,
"kpi_service_id": null,
"kpi_service_title": "",
"kpi_title": "",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "event",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`splunk_app_soar_indexes` sourcetype=\"nginx:plus:access\" status=4*",
"search_source": "adhoc",
"subtitle": "",
"threshold_indication_enabled": "disabled",
"threshold_indication_type": "levelIndication",
"title": "400 Errors",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
null,
null
]
},
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "AUTO",
"graph_series": "count",
"graph_type": "heatMap",
"hide_graph": "no",
"key": "lane-75014",
"kpi_add_to_summary": "",
"kpi_id": null,
"kpi_service_id": null,
"kpi_service_title": "",
"kpi_title": "",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "event",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`splunk_app_soar_indexes` source=*app_install.log error:",
"search_source": "adhoc",
"subtitle": "",
"threshold_indication_enabled": "disabled",
"threshold_indication_type": "levelIndication",
"title": "APP Install Errors",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
null,
null
]
},
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "AUTO",
"graph_series": "count",
"graph_type": "heatMap",
"hide_graph": "no",
"key": "lane-45360",
"kpi_add_to_summary": "",
"kpi_id": null,
"kpi_service_id": null,
"kpi_service_title": "",
"kpi_title": "",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "event",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`splunk_app_soar_indexes` source=*phantom_install* level=ERROR",
"search_source": "adhoc",
"subtitle": "",
"threshold_indication_enabled": "disabled",
"threshold_indication_type": "levelIndication",
"title": "SOAR Install Errors",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
null,
null
]
},
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "AUTO",
"graph_series": "count",
"graph_type": "heatMap",
"hide_graph": "no",
"key": "lane-57790",
"kpi_add_to_summary": "",
"kpi_id": null,
"kpi_service_id": null,
"kpi_service_title": "",
"kpi_title": "",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "event",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`splunk_app_soar_indexes` source=*actiond.log level=error",
"search_source": "adhoc",
"subtitle": "",
"threshold_indication_enabled": "disabled",
"threshold_indication_type": "levelIndication",
"title": "actiond Errors",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
null,
null
]
},
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "AUTO",
"graph_series": "count",
"graph_type": "heatMap",
"hide_graph": "no",
"key": "lane-63524",
"kpi_add_to_summary": "",
"kpi_id": null,
"kpi_service_id": null,
"kpi_service_title": "",
"kpi_title": "",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "event",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`splunk_app_soar_indexes` source=*consul-* error",
"search_source": "adhoc",
"subtitle": "",
"threshold_indication_enabled": "disabled",
"threshold_indication_type": "levelIndication",
"title": "consul Errors",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
null,
null
]
},
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "AUTO",
"graph_series": "count",
"graph_type": "heatMap",
"hide_graph": "no",
"key": "lane-64558",
"kpi_add_to_summary": "",
"kpi_id": null,
"kpi_service_id": null,
"kpi_service_title": "",
"kpi_title": "",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "event",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`splunk_app_soar_indexes` source=*decided.log level=error",
"search_source": "adhoc",
"subtitle": "",
"threshold_indication_enabled": "disabled",
"threshold_indication_type": "levelIndication",
"title": "decided Errors",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
null,
null
]
},
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "AUTO",
"graph_series": "count",
"graph_type": "heatMap",
"hide_graph": "no",
"key": "lane-65746",
"kpi_add_to_summary": "",
"kpi_id": null,
"kpi_service_id": null,
"kpi_service_title": "",
"kpi_title": "",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "event",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`splunk_app_soar_indexes` source=*ingestd.log level=error",
"search_source": "adhoc",
"subtitle": "",
"threshold_indication_enabled": "disabled",
"threshold_indication_type": "levelIndication",
"title": "ingestd Errors",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
null,
null
]
},
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "AUTO",
"graph_series": "count",
"graph_type": "heatMap",
"hide_graph": "no",
"key": "lane-66830",
"kpi_add_to_summary": "",
"kpi_id": null,
"kpi_service_id": null,
"kpi_service_title": "",
"kpi_title": "",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "event",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`splunk_app_soar_indexes` source =*nginx/error.log failed OR error",
"search_source": "adhoc",
"subtitle": "",
"threshold_indication_enabled": "disabled",
"threshold_indication_type": "levelIndication",
"title": "nginx Errors",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
null,
null
]
},
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "AUTO",
"graph_series": "count",
"graph_type": "heatMap",
"hide_graph": "no",
"key": "lane-68739",
"kpi_add_to_summary": "",
"kpi_id": null,
"kpi_service_id": null,
"kpi_service_title": "",
"kpi_title": "",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "event",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`splunk_app_soar_indexes` source=*postgresql*.log FATAL OR ERROR",
"search_source": "adhoc",
"subtitle": "",
"threshold_indication_enabled": "disabled",
"threshold_indication_type": "levelIndication",
"title": "postgres Errors",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
null,
null
]
},
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "AUTO",
"graph_series": "count",
"graph_type": "heatMap",
"hide_graph": "no",
"key": "lane-69356",
"kpi_add_to_summary": "",
"kpi_id": null,
"kpi_service_id": null,
"kpi_service_title": "",
"kpi_title": "",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "event",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`splunk_app_soar_indexes` source=*add-es-index-std* level=warning OR level=error OR level=debug",
"search_source": "adhoc",
"subtitle": "",
"threshold_indication_enabled": "disabled",
"threshold_indication_type": "levelIndication",
"title": "search Errors",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
0,
14
]
},
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "AUTO",
"graph_series": "count",
"graph_type": "heatMap",
"hide_graph": "no",
"key": "lane-82164",
"kpi_add_to_summary": "",
"kpi_id": null,
"kpi_service_id": null,
"kpi_service_title": "",
"kpi_title": "",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "event",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`splunk_app_soar_indexes` source=*spawn*.log level=error",
"search_source": "adhoc",
"subtitle": "",
"threshold_indication_enabled": "disabled",
"threshold_indication_type": "levelIndication",
"title": "spawn Errors",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
null,
null
]
},
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "AUTO",
"graph_series": "count",
"graph_type": "heatMap",
"hide_graph": "no",
"key": "lane-105227",
"kpi_add_to_summary": "",
"kpi_id": null,
"kpi_service_id": null,
"kpi_service_title": "",
"kpi_title": "",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "event",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`splunk_app_soar_indexes` source=*supervisord.log \"not expected\"",
"search_source": "adhoc",
"subtitle": "",
"threshold_indication_enabled": "disabled",
"threshold_indication_type": "levelIndication",
"title": "supervisord Errors",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
null,
null
]
},
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "AUTO",
"graph_series": "count",
"graph_type": "heatMap",
"hide_graph": "no",
"key": "lane-128285",
"kpi_add_to_summary": "",
"kpi_id": null,
"kpi_service_id": null,
"kpi_service_title": "",
"kpi_title": "",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "event",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`splunk_app_soar_indexes` source=*watchdogd.log level=error",
"search_source": "adhoc",
"subtitle": "",
"threshold_indication_enabled": "disabled",
"threshold_indication_type": "levelIndication",
"title": "watchdogd Errors",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
null,
null
]
},
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "AUTO",
"graph_series": "count",
"graph_type": "heatMap",
"hide_graph": "no",
"key": "lane-128890",
"kpi_add_to_summary": "",
"kpi_id": null,
"kpi_service_id": null,
"kpi_service_title": "",
"kpi_title": "",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "event",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`splunk_app_soar_indexes` (source=*websocket-stdout.log level=error) OR (source=*websocket-stderr.log level=error)",
"search_source": "adhoc",
"subtitle": "",
"threshold_indication_enabled": "disabled",
"threshold_indication_type": "levelIndication",
"title": "websocket Errors",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
null,
null
]
},
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "AUTO",
"graph_series": "count",
"graph_type": "heatMap",
"hide_graph": "no",
"key": "lane-129303",
"kpi_add_to_summary": "",
"kpi_id": null,
"kpi_service_id": null,
"kpi_service_title": "",
"kpi_title": "",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "event",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`splunk_app_soar_indexes` source=*workflowd.log level=error",
"search_source": "adhoc",
"subtitle": "",
"threshold_indication_enabled": "disabled",
"threshold_indication_type": "levelIndication",
"title": "workflowd Errors",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
null,
null
]
},
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "AUTO",
"graph_series": "count",
"graph_type": "heatMap",
"hide_graph": "no",
"key": "lane-129752",
"kpi_add_to_summary": "",
"kpi_id": null,
"kpi_service_id": null,
"kpi_service_title": "",
"kpi_title": "",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "event",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`splunk_app_soar_indexes` source=*watchdogd.log level=error",
"search_source": "adhoc",
"subtitle": "",
"threshold_indication_enabled": "disabled",
"threshold_indication_type": "levelIndication",
"title": "wsgi Errors",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
null,
null
]
},
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "AUTO",
"graph_series": "count",
"graph_type": "heatMap",
"hide_graph": "no",
"key": "lane-44735",
"kpi_add_to_summary": "",
"kpi_id": null,
"kpi_service_id": null,
"kpi_service_title": "",
"kpi_title": "",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "event",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`soar_remote_search_action_run` status=failed",
"search_source": "adhoc",
"subtitle": "",
"threshold_indication_enabled": "disabled",
"threshold_indication_type": "levelIndication",
"title": "Action Run Failures",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
0,
9
]
},
{
"data_gaps": "connected",
"data_model": {
"datamodel": "",
"field": "",
"object": "",
"owner_field": ""
},
"data_model_stat_op": "count",
"data_model_where_clause": "",
"distribution_stream_mode": "quantile",
"entity_add_to_summary": "yes",
"exclude_fields": [
"alert_color",
"alert_severity",
"alert_level",
"serviceid",
"kpiid",
"itsi_kpi_id",
"itsi_service_id",
"alert_error",
"alert_period",
"kpi",
"kpibasesearch",
"urgency",
"is_entity_in_maintenance",
"is_service_in_maintenance",
"is_filled_gap_event"
],
"graph_color": "AUTO",
"graph_series": "count",
"graph_type": "heatMap",
"hide_graph": "no",
"key": "lane-47785",
"kpi_add_to_summary": "",
"kpi_id": null,
"kpi_service_id": null,
"kpi_service_title": "",
"kpi_title": "",
"kpi_unit": "",
"lane_overlay_settings": {
"entity_count": 5.0,
"graph_color": "AUTO",
"graph_type": "line",
"is_enabled": "no",
"metric": null,
"overlay_type": "",
"search": "* | timechart count",
"selected_entities": [],
"selection_mode": "static"
},
"lane_size": "small",
"lane_type": "event",
"overwrite_entity_title": "no",
"overwrite_kpi_title": "no",
"search": "`soar_remote_search_app_run` \"result_data{}.status\"=failed",
"search_source": "adhoc",
"subtitle": "",
"threshold_indication_enabled": "disabled",
"threshold_indication_type": "levelIndication",
"title": "App Run Failures",
"vertical_axis_boundary_type": "value",
"vertical_axis_scale": "linear",
"vertical_axis_static_bounds": [
0,
4
]
}
],
"latest_time": "now",
"title": "Splunk app for SOAR - System Health",
"topology_id": "da-itsi-cp-soar-splunk-app-for-soar-system-health",
"version": "0.0.33"
}
Reference in new issue View Git Blame Copy Permalink