admingit
/
Splunk_Deploiement
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

delete/change_gitignore

Browse Source
masterdev
admingit 3 months ago
parent 48f78a7a26
commit 1f697fe98c
57 changed files with 1 additions and 7098 deletions
Show Stats Download Patch File Download Diff File

2
.gitignore vendored
Unescape View File

@ -9,7 +9,7 @@
*.ini
*.xsl
passwd
/apps/
!apps/
/anonymizer/
/auth/
/disabled-apps/

4
dashboards/trackme_MaintenanceKdb.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="trackme:/templates/MaintenanceKdb.html" type="html">
<label>Maintenance Kdb</label>
</view>

4
dashboards/trackme_MaintenanceMode.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="trackme:/templates/MaintenanceMode.html" type="html">
<label>Maintenance Mode</label>
</view>

4
dashboards/trackme_ManageBankHolidays.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="trackme:/templates/ManageBankHolidays.html" type="html">
<label>Manage Bank Holidays</label>
</view>

4
dashboards/trackme_RestApiReference.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="trackme:/templates/RestApiReference.html" type="html">
<label>Rest Api Reference</label>
</view>

4
dashboards/trackme_TenantHome.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="trackme:/templates/TenantHome.html" type="html">
<label>Tenant Home</label>
</view>

4
dashboards/trackme_VirtualTenants.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="trackme:/templates/VirtualTenants.html" type="html">
<label>Virtual Tenants</label>
</view>

12
dashboards/trackme__admin.xml
Unescape View File

@ -1,12 +0,0 @@
<view isVisible="false" >
<label>Internal Admin Nav</label>
<module name="Message" layoutPanel="messaging">
<param name="filter">*</param>
<param name="clearOnJobDispatch">False</param>
<param name="maxSize">1</param>
</module>
<module name="AccountBar" layoutPanel="appHeader">
<param name="mode">lite</param>
</module>
<module name="LiteBar" layoutPanel="liteHeader"></module>
</view>

4
dashboards/trackme_alert.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="pages/app.html" type="html" isVisible="False" isDashboard="False">
<label>Alert</label>
</view>

4
dashboards/trackme_alerts.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="pages/page_with_flag.html" type="html" isDashboard="False" packageName="end-user-xp">
<label>Alerts</label>
</view>

4
dashboards/trackme_analysis_workspace.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view isDashboard="false" type="redirect" target="analytics_workspace">
<label>Analytics</label>
</view>

4
dashboards/trackme_analytics_workspace.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="splunk_metrics_workspace:/templates/base-page.html" type="html" isDashboard="false">
<label>Analytics</label>
</view>

4
dashboards/trackme_backuprestore.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="trackme:/templates/backuprestore.html" type="html">
<label>Backuprestore</label>
</view>

3
dashboards/trackme_charting.xml
Unescape View File

@ -1,3 +0,0 @@
<view template="builder.html" onunloadCancelJobs="False" type="redirect" target="search" isVisible="False" isDashboard="False">
<label>Advanced Charting</label>
</view>

4
dashboards/trackme_configuration.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0" ?>
<view template="trackme:/templates/base.html" type="html" isDashboard="False">
<label>Configuration</label>
</view>

2
dashboards/trackme_dashboard.xml
Unescape View File

@ -1,2 +0,0 @@
<?xml version="1.0"?>
<view template="splunk-dashboard-studio:/templates/dashboard.html" type="html" isDashboard="False"></view>

4
dashboards/trackme_dashboards.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="pages/app.html" type="html" isDashboard="False">
<label>Dashboards</label>
</view>

4
dashboards/trackme_data_model_editor.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="pages/system.html" type="html" isVisible="False" isDashboard="False">
<label>Data Model Editor</label>
</view>

4
dashboards/trackme_data_model_explorer.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view type="redirect" target="pivot" isDashboard="False">
<label>Datasets</label>
</view>

4
dashboards/trackme_data_model_manager.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="pages/system.html" type="html" isVisible="False" isDashboard="False">
<label>Data Model Manager</label>
</view>

4
dashboards/trackme_data_models.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view type="redirect" target="pivot" isDashboard="False">
<label>Datasets</label>
</view>

4
dashboards/trackme_dataset.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="pages/app.html" type="html" isDashboard="False">
<label>Dataset</label>
</view>

4
dashboards/trackme_datasets.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="pages/page_with_flag.html" type="html" isDashboard="False" packageName="end-user-xp">
<label>Datasets</label>
</view>

4
dashboards/trackme_dm-home.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="splunk-data-management:/templates/index.html" type="html" isDashboard="False">
<label>Data Management</label>
</view>

4
dashboards/trackme_field_extractor.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="pages/app.html" type="html" isDashboard="False">
<label>Field Extractor</label>
</view>

5
dashboards/trackme_flashtimeline.xml
Unescape View File

@ -1,5 +0,0 @@
<?xml version="1.0"?>
<view onunloadCancelJobs="False" autoCancelInterval="100" isDashboard="False" type="redirect" target="search">
<!-- autoCancelInterval is set here to 100 -->
<label>Search</label>
</view>

254
dashboards/trackme_git_pusher_-_push_dashboards_to_git.xml
Unescape View File

@ -1,254 +0,0 @@
<dashboard version="1.1" script="git_pusher.js">
<label>Git Pusher - Push Dashboards to Git</label>
<description>Push Splunk dashboards to Git repository</description>
<!-- Recherche cachée pour charger les dashboards -->
<search id="dsearch">
<query>| rest /services/data/ui/views | search title!="" | fields label, id, eai:acl.app | rename label as "Dashboard Name", id as "dashboard_id", "eai:acl.app" as "app" | sort "Dashboard Name"</query>
<earliest>-4h@h</earliest>
<latest>now</latest>
</search>
<row>
<panel>
<title>Configuration &amp; Dashboard Selection</title>
<html>
<style>
.git-container {
padding: 20px;
background-color: #f7f8fa;
border-radius: 4px;
margin: 10px 0;
}
.success-message {
padding: 10px;
background-color: #d4edda;
color: #155724;
border: 1px solid #c3e6cb;
border-radius: 4px;
margin: 10px 0;
display: none;
}
.error-message {
padding: 10px;
background-color: #f8d7da;
color: #721c24;
border: 1px solid #f5c6cb;
border-radius: 4px;
margin: 10px 0;
display: none;
}
.info-message {
padding: 10px;
background-color: #d1ecf1;
color: #0c5460;
border: 1px solid #bee5eb;
border-radius: 4px;
margin: 10px 0;
}
.form-group {
margin-bottom: 20px;
}
.form-group label {
display: block;
font-weight: bold;
margin-bottom: 5px;
}
.form-group input,
.form-group select,
.form-group textarea {
width: 100%;
padding: 8px;
border: 1px solid #ccc;
border-radius: 4px;
box-sizing: border-box;
}
.form-group textarea {
resize: vertical;
min-height: 100px;
}
.button-group {
margin-top: 20px;
}
.btn {
padding: 10px 20px;
margin-right: 10px;
border: none;
border-radius: 4px;
cursor: pointer;
font-size: 14px;
font-weight: bold;
}
.btn-primary {
background-color: #007bff;
color: white;
}
.btn-primary:hover {
background-color: #0056b3;
}
.btn-secondary {
background-color: #6c757d;
color: white;
}
.btn-secondary:hover {
background-color: #545b62;
}
.btn:disabled {
opacity: 0.6;
cursor: not-allowed;
}
.loading {
display: none;
margin: 20px 0;
}
.spinner {
border: 4px solid #f3f3f3;
border-top: 4px solid #007bff;
border-radius: 50%;
width: 20px;
height: 20px;
animation: spin 1s linear infinite;
display: inline-block;
margin-right: 10px;
}
@keyframes spin {
0% { transform: rotate(0deg); }
100% { transform: rotate(360deg); }
}
.dashboard-list {
border: 1px solid #ddd;
border-radius: 4px;
max-height: 400px;
overflow-y: auto;
padding: 10px;
}
.dashboard-item {
padding: 8px;
border-bottom: 1px solid #eee;
}
.dashboard-item:last-child {
border-bottom: none;
}
.dashboard-item input[type="checkbox"] {
margin-right: 10px;
}
.dashboard-item label {
margin: 0;
font-weight: normal;
cursor: pointer;
}
.dashboard-loading {
text-align: center;
padding: 20px;
color: #666;
}
.dashboard-empty {
text-align: center;
padding: 20px;
color: #999;
font-style: italic;
}
.select-all-group {
padding: 10px;
border-bottom: 2px solid #ddd;
background-color: #f9f9f9;
}
.select-all-group input[type="checkbox"] {
margin-right: 10px;
}
.select-all-group label {
margin: 0;
font-weight: bold;
cursor: pointer;
}
.app-badge {
display: inline-block;
background-color: #e7f3ff;
color: #0066cc;
padding: 2px 6px;
border-radius: 3px;
font-size: 11px;
margin-left: 8px;
}
</style>
<div class="git-container">
<div class="info-message">
Configure your Git settings and select the dashboards you want to push to your repository.
</div>
<div class="form-group">
<label for="git-url">Git Repository URL:</label>
<input type="text" id="git-url" placeholder="https://github.com/username/repo.git" />
</div>
<div class="form-group">
<label for="git-branch">Target Branch:</label>
<input type="text" id="git-branch" placeholder="main" value="main" />
</div>
<div class="form-group">
<label for="git-token">Git Token/Password:</label>
<input type="password" id="git-token" placeholder="Enter your Git token or password" />
</div>
<div class="form-group">
<label>Available Dashboards:</label>
<div class="dashboard-list" id="dashboard-list">
<div class="dashboard-loading">
<div class="spinner"></div>
<span>Loading dashboards...</span>
</div>
</div>
<small style="color: #666; margin-top: 5px; display: block;">Select one or more dashboards to push</small>
</div>
<div class="form-group">
<label for="commit-message">Commit Message:</label>
<textarea id="commit-message" placeholder="Describe your changes... e.g., 'Update sales dashboard with new metrics'"></textarea>
</div>
<div class="button-group">
<button class="btn btn-primary" id="push-btn" onclick="pushDashboards()">
Push to Git
</button>
<button class="btn btn-secondary" onclick="resetForm()">
Reset
</button>
</div>
<div class="loading" id="loading">
<div class="spinner"></div>
<span id="loading-text">Pushing dashboards to Git...</span>
</div>
<div class="success-message" id="success-msg">
<span id="success-text">Dashboards successfully pushed to Git!</span>
</div>
<div class="error-message" id="error-msg">
<span id="error-text">Error occurred while pushing dashboards</span>
</div>
</div>
</html>
</panel>
</row>
<row>
<panel>
<title>Push History</title>
<table>
<search>
<query>index=_internal source=*git_pusher* action=push_attempt | table _time, user, dashboards, commit_message, status, error_msg | reverse | rename _time as "Timestamp", user as "User", dashboards as "Dashboards", commit_message as "Message", status as "Status", error_msg as "Error" | head 20</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
<format type="color" field="Status">
<colorPalette type="map">{"success": "#28a745", "error": "#dc3545", "pending": "#ffc107"}</colorPalette>
</format>
</table>
</panel>
</row>
</dashboard>

4
dashboards/trackme_job_management.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view isVisible="false" template="jobs.html" type="redirect" target="job_manager">
<label>Jobs</label>
</view>

4
dashboards/trackme_job_manager.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="pages/page_with_flag.html" type="html" isDashboard="False" packageName="end-user-xp">
<label>Job Manager</label>
</view>

4
dashboards/trackme_license.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="trackme:/templates/license.html" type="html">
<label>License</label>
</view>

4
dashboards/trackme_mod_setup.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="pages/app.html" type="html" isDashboard="False">
<label>Mod Setup</label>
</view>

4
dashboards/trackme_pivot.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="pages/app.html" type="html" isDashboard="False">
<label>Datasets</label>
</view>

4
dashboards/trackme_report.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="pages/app.html" type="html" isVisible="False" isDashboard="False">
<label>Report</label>
</view>

3
dashboards/trackme_report_builder_define_data.xml
Unescape View File

@ -1,3 +0,0 @@
<view isVisible="false" template="builder.html" displayView="report_builder_display" decomposeIntentions="true" isDashboard="False" type="redirect" target="search">
<label>Report Builder</label>
</view>

3
dashboards/trackme_report_builder_display.xml
Unescape View File

@ -1,3 +0,0 @@
<view isVisible="false" template="builder.html" isDashboard="False" type="redirect" target="report">
<label>Display Report</label>
</view>

3
dashboards/trackme_report_builder_format_report.xml
Unescape View File

@ -1,3 +0,0 @@
<view isVisible="false" template="builder.html" displayView="report_builder_display" onunloadCancelJobs="False" decomposeIntentions="true" isDashboard="False" type="redirect" target="search">
<label>Report Builder</label>
</view>

3
dashboards/trackme_report_builder_print.xml
Unescape View File

@ -1,3 +0,0 @@
<view isVisible="false" template="builder.html" isDashboard="False" type="redirect" target="report">
<label>Display Report</label>
</view>

4
dashboards/trackme_reports.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="pages/page_with_flag.html" type="html" isDashboard="False" packageName="end-user-xp">
<label>Reports</label>
</view>

603
dashboards/trackme_scheduled_export_dashboard.xml
View File

File diff suppressed because one or more lines are too long

4
dashboards/trackme_search.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="pages/search.html" type="html" isDashboard="False">
<label>Search</label>
</view>

4
dashboards/trackme_show_source.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="pages/app.html" type="html" isDashboard="False">
<label>Show Source</label>
</view>

389
dashboards/trackme_splunk_archiver_dashboard.xml
Unescape View File

@ -1,389 +0,0 @@
<form version="1.1" isDashboard="False">
<label>Splunk Archiver</label>
<description>Splunk archiver overview</description>
<row>
<panel>
<table>
<title>Archive Summary By Index</title>
<search>
<query>index=_internal source=*splunk_archiver.log* finished | eval last_bucket_time=strftime(latest_bucket_time_secs, "%F %T %z")| eval transfered_mb=remote_bucket_bytes/1000000 | rename splunk_index AS "Splunk Index", virtual_index AS "Archive Index" | stats max(last_bucket_time) as "Latest Archive Bucket Time" sum(transfered_mb) as "Total Transfered MB" sum(buckets_copied) as "Total Buckets Copied" by "Splunk Index", "Archive Index"</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="count">10</option>
</table>
</panel>
</row>
<row>
<panel>
<event>
<title>Archiving Errors in the Last Day</title>
<search>
<query>index=_internal source=*splunk_archiver.log* earliest=-1d | rex max_match=1000 "\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d+ -\d{4} (?&lt;severity&gt;\w+) " | where severity="ERROR"</query>
</search>
<option name="count">5</option>
<option name="list.drilldown">full</option>
<option name="list.wrap">1</option>
<option name="maxLines">5</option>
<option name="raw.drilldown">full</option>
<option name="rowNumbers">0</option>
<option name="table.drilldown">all</option>
<option name="table.wrap">1</option>
<option name="type">list</option>
<fields>[]</fields>
</event>
</panel>
</row>
<row>
<panel>
<input type="time" token="field1" searchWhenChanged="true">
<label>Select a time range:</label>
<default>
<earliest>-7d@h</earliest>
<latest>now</latest>
</default>
</input>
<input type="dropdown" token="splunk_idx1" searchWhenChanged="true">
<label>Select a splunk index:</label>
<prefix>splunk_index="</prefix>
<suffix>"</suffix>
<default>*</default>
<choice value="*">ALL</choice>
<search>
<query>index=_internal source=*splunk_archiver.log* committed | stats count by splunk_index</query>
<earliest>0</earliest>
<latest></latest>
</search>
<fieldForLabel>splunk_index</fieldForLabel>
<fieldForValue>splunk_index</fieldForValue>
</input>
<chart>
<title>Buckets Copied</title>
<search>
<query>index=_internal source=*splunk_archiver.log* committed $splunk_idx1$ | timechart count by splunk_index</query>
<earliest>$field1.earliest$</earliest>
<latest>$field1.latest$</latest>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">false</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">column</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="list.drilldown">full</option>
<option name="list.wrap">1</option>
<option name="maxLines">5</option>
<option name="raw.drilldown">full</option>
<option name="rowNumbers">0</option>
<option name="table.drilldown">all</option>
<option name="table.wrap">1</option>
<option name="type">list</option>
<fields>["host","source","sourcetype"]</fields>
</chart>
</panel>
</row>
<row>
<panel>
<input type="time" token="field2" searchWhenChanged="true">
<label>Select a time range:</label>
<default>
<earliest>-7d@h</earliest>
<latest>now</latest>
</default>
</input>
<input type="dropdown" token="splunk_idx2" searchWhenChanged="true">
<label>Select a splunk index:</label>
<prefix>splunk_index="</prefix>
<suffix>"</suffix>
<default>*</default>
<choice value="*">ALL</choice>
<search>
<query>index=_internal source=*splunk_archiver.log* committed | stats count by splunk_index</query>
<earliest>0</earliest>
<latest></latest>
</search>
<fieldForLabel>splunk_index</fieldForLabel>
<fieldForValue>splunk_index</fieldForValue>
</input>
<chart>
<title>Total MB Transferred</title>
<search>
<query>index=_internal source=*splunk_archiver.log* committed "$splunk_idx2$" | eval mb = remote_bucket_bytes/1000000 | timechart sum(mb) by splunk_index</query>
<earliest>$field2.earliest$</earliest>
<latest>$field2.latest$</latest>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">log</option>
<option name="charting.axisY2.enabled">false</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">line</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">zero</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="dataOverlayMode">none</option>
</chart>
</panel>
</row>
<row>
<panel>
<input type="time" token="field4">
<label>Select a time range:</label>
<default>
<earliest>-7d@h</earliest>
<latest>now</latest>
</default>
</input>
<table>
<title>Buckets Update</title>
<search>
<query>index=_internal source=*splunk_archiver.log* committed | rename bucket_name AS "Archived Bucket", splunk_index AS "Splunk Index" | eval mb=round(remote_bucket_bytes/1000000,2) | stats sum(mb) as "Archived Bucket MB" by "Splunk Index", "Archived Bucket"</query>
<earliest>$field4.earliest$</earliest>
<latest>$field4.latest$</latest>
</search>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="count">10</option>
</table>
</panel>
</row>
<row>
<panel>
<input type="time" token="field3">
<label>Select a time range:</label>
<default>
<earliest>-7d@h</earliest>
<latest>now</latest>
</default>
</input>
<chart>
<title>Errors</title>
<search>
<query>index=_internal source=*splunk_archiver.log* | rex max_match=1000 "\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d+ -\d{4} (?&lt;severity&gt;\w+) " | where severity="ERROR" | timechart count AS errors</query>
<earliest>$field3.earliest$</earliest>
<latest>$field3.latest$</latest>
</search>
<option name="charting.chart">line</option>
<option name="charting.axisY2.enabled">false</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
</chart>
</panel>
</row>
<row>
<panel>
<title>Archiving via coldToFrozen</title>
<input type="time" token="field3" searchWhenChanged="true">
<label>Select a time range:</label>
<default>
<earliest>-7d@h</earliest>
<latest>now</latest>
</default>
</input>
<input type="dropdown" token="splunk_idx3" searchWhenChanged="true">
<label>Select a splunk index:</label>
<prefix>splunk_index="</prefix>
<suffix>"</suffix>
<default>*</default>
<choice value="*">ALL</choice>
<search>
<query>index=_internal source=*splunk_archiver.log* report: buckets_to_freeze_remaining_count buckets_to_freeze_deleted | stats count by splunk_index</query>
<earliest>0</earliest>
<latest></latest>
</search>
<fieldForLabel>splunk_index</fieldForLabel>
<fieldForValue>splunk_index</fieldForValue>
</input>
<chart>
<title>Archives via coldToFrozen by index</title>
<search>
<query>index=_internal source=*splunk_archiver.log* buckets_to_freeze_remaining_count buckets_to_freeze_deleted report: $splunk_idx3$ | timechart sum(buckets_to_freeze_remaining_count) as "Buckets to freeze", sum(buckets_to_freeze_deleted) as "Buckets frozen" by splunk_index</query>
<earliest>$field3.earliest$</earliest>
<latest>$field3.latest$</latest>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">log</option>
<option name="charting.axisY2.enabled">false</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">line</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">zero</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="dataOverlayMode">none</option>
</chart>
<chart>
<title>MB transfered via coldToFrozen by index</title>
<search>
<query>index=_internal source=*splunk_archiver.log* buckets_to_freeze_size_bytes buckets_to_freeze_deleted_size_bytes report: $splunk_idx3$ | timechart sum(buckets_to_freeze_size_bytes) as "to_freeze", sum(buckets_to_freeze_deleted_size_bytes) as "frozen", by splunk_index | eval "to_freeze_mb"=to_freeze/1000000 | eval frozen_mb=frozen/1000000 | rename to_freeze_mb AS "Remaning diskspace to free (MB)", frozen_mb AS "Frozen transfered (MB)", splunk_index AS "Splunk index" | fields - to_freeze, frozen</query>
<earliest>$field3.earliest$</earliest>
<latest>$field3.latest$</latest>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">log</option>
<option name="charting.axisY2.enabled">false</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">line</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">zero</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="dataOverlayMode">none</option>
</chart>
</panel>
</row>
<row>
<panel>
<title>Archiving by host</title>
<input type="time" token="time_field5">
<label>Select a time range:</label>
<default>
<earliest>-7d@h</earliest>
<latest>now</latest>
</default>
</input>
<chart>
<title>Time spent by host</title>
<search>
<query>index=_internal source=*splunk_archiver.log* Report: | eval secs = total_elapsed_ms/1000 | timechart sum(secs) as "Seconds spent archiving" by host</query>
<earliest>$time_field5.earliest$</earliest>
<latest>$time_field5.latest$</latest>
</search>
<option name="charting.chart">line</option>
<option name="charting.axisY2.enabled">false</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">zero</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="charting.axisTitleY.text">Seconds</option>
</chart>
<chart>
<title>Data transferred by host</title>
<search>
<query>index=_internal source=*splunk_archiver.log* Report: | eval mb = remote_bucket_bytes/1000000 | timechart sum(mb) as "Data transferred" by host</query>
<earliest>$time_field5.earliest$</earliest>
<latest>$time_field5.latest$</latest>
</search>
<option name="charting.chart">line</option>
<option name="charting.axisY2.enabled">false</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">zero</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="charting.axisTitleY.text">MB</option>
</chart>
</panel>
</row>
</form>

4
dashboards/trackme_table.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="pages/app.html" type="html" isDashboard="False">
<label>Table</label>
</view>

446
dashboards/trackme_trackMe_audit_adaptive_delay_treshold.xml
Unescape View File

@ -1,446 +0,0 @@
<dashboard version="2" theme="dark">
<label>TrackMe - Adaptive delay threshold audit (global audit)</label>
<description>This dashboards audits the activity and behaviour of the adaptive delay thresholding for TrackMe feeds components</description>
<definition><![CDATA[
{
"dataSources": {
"ds_search_1": {
"type": "ds.search",
"options": {
"query": "index=_internal sourcetype=trackme:custom_commands:trackmesplkadaptivedelay tenant_id=$tk_tenant$ component=$tk_component$\n| rex field=sourcetype \"trackme:custom_commands:(?<command>.*)\"\n| table _time, log_level, command, _raw\n| sort - _time",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "loggging_events"
},
"ds_UpugjNjy": {
"type": "ds.search",
"options": {
"query": "index=_internal sourcetype=trackme:custom_commands:trackmesplkadaptivedelay tenant_id=$tk_tenant$ component=$tk_component$\n| rex field=sourcetype \"trackme:custom_commands:(?<command>.*)\"\n| timechart count minspan=5m count limit=0 by log_level",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "events_by_log_level"
},
"ds_yHwHGBpa": {
"type": "ds.search",
"options": {
"query": "| inputlookup trackme_virtual_tenants | eval keyid=_key\n| where tenant_status=\"enabled\" AND (tenant_dsm_enabled=1 OR tenant_dhm_enabled=1) AND tenant_replica=0\n| stats count by tenant_id\n| sort 0 tenant_id",
"queryParameters": {
"earliest": "-5m",
"latest": "now"
}
},
"name": "populate_tenants"
},
"ds_diTMqSWx": {
"type": "ds.search",
"options": {
"query": "`trackme_audit_idx` tenant_id=$tk_tenant$ object_category=$tk_component$ \"automated adaptive delay update\"\n| table _time, tenant_id, object_category, object, action, comment\n| sort - 0 _time | trackmeprettyjson fields=comment",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "audit_adaptive_table"
},
"ds_o8rZrPBE_ds_UpugjNjy": {
"type": "ds.search",
"options": {
"query": "`trackme_audit_idx` tenant_id=$tk_tenant$ object_category=$tk_component$ \"automated adaptive delay update\"\n| table _time, tenant_id, object_category, object, action, change_type, comment\n| sort - 0 _time | trackmeprettyjson fields=comment\n| spath input=comment\n| rename results.adaptive_delay as adaptive_delay\n| timechart minspan=1m useother=f limit=40 first(adaptive_delay) as adaptive_delay by object",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "overtime_adaptive_actions"
}
},
"visualizations": {
"viz_table_1": {
"type": "splunk.table",
"options": {
"columnFormat": {
"log_level": {
"data": "> table | seriesByName(\"log_level\") | formatByType(log_levelColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"log_level\") | matchValue(log_levelRowColorsEditorConfig)"
}
},
"count": 100
},
"context": {
"log_levelColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
},
"log_levelRowColorsEditorConfig": [
{
"match": "WARNING",
"value": "#DD9900"
},
{
"match": "INFO",
"value": "#00CDAF"
},
{
"match": "ERROR",
"value": "#FF677B"
},
{
"match": "DEBUG",
"value": "#009CEB"
}
]
},
"dataSources": {
"primary": "ds_search_1"
},
"title": "Logging:",
"description": "This shows logged events from the adaptive delay threshold backend"
},
"viz_dtUfQMrD": {
"type": "splunk.column",
"options": {
"stackMode": "stacked",
"seriesColorsByField": "{\"ERROR\": \"#FF677B\", \"WARNING\": \"#DD9900\", \"INFO\": \"#00CDAF\", \"DEBUG\": \"#009CEB\"}"
},
"dataSources": {
"primary": "ds_UpugjNjy"
},
"title": "Logging: events by logging level over time",
"description": "This shows events over time shown by their logging level"
},
"viz_NmxZjn2m": {
"type": "splunk.image",
"options": {
"preserveAspectRatio": true,
"src": "../../static/app/trackme/icons/trackme.png"
}
},
"viz_QmsYbcgT": {
"type": "splunk.table",
"options": {
"columnFormat": {
"action": {
"data": "> table | seriesByName(\"action\") | formatByType(actionColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"action\") | matchValue(actionRowColorsEditorConfig)"
},
"comment": {
"data": "> table | seriesByName(\"comment\") | formatByType(commentColumnFormatEditorConfig)"
}
},
"count": 100
},
"context": {
"actionColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
},
"actionRowColorsEditorConfig": [
{
"match": "WARNING",
"value": "#DD9900"
},
{
"match": "success",
"value": "#00CDAF"
},
{
"match": "failure",
"value": "#FF677B"
},
{
"match": "DEBUG",
"value": "#009CEB"
}
],
"commentColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
}
},
"dataSources": {
"primary": "ds_diTMqSWx"
},
"title": "Adaptive delay threshold audit update traces"
},
"viz_WWQmnNzo": {
"type": "splunk.column",
"dataSources": {
"primary": "ds_o8rZrPBE_ds_UpugjNjy"
},
"title": "Adaptive response actions by object",
"description": "This shows actions performed by the adaptive delay backend and the threshold value defined",
"options": {
"dataValuesDisplay": "all",
"xAxisTitleVisibility": "hide",
"yAxisTitleText": "Threshold seconds"
}
},
"viz_2O9rRdJE": {
"type": "splunk.markdown",
"options": {
"markdown": "# Adaptive Delay Thresholding in TrackMe\n## Behavior:\n- The adaptive threshold tracker monitors the status of feed entities currently in alert due to delay threshold breach (anomaly_reason=delay_threshold_breached). \n- This tracker invokes the command *trackmesplkadaptivedelay* for entities matching specific conditions, which then investigates historical metrics collected by TrackMe.\n\n## Dynamic Threshold Logic Attribution:\n\nAs a basis, TrackMe automatically runs the following mstats search (over 90 days of metrics):\n\n```\n| mstats latest(trackme.splk.feeds.lag_event_sec) as lag_event_sec where `trackme_metrics_idx(mytenant)` tenant_id=\"mytenant\" object_category=\"splk-dsm\" object=\"myobject\" OR object=\"myobject2\" by tenant_id, object_category, object span=5m\n| stats perc95(lag_event_sec) as perc95_lag_event_sec, max(lag_event_sec) as max_lag_event_sec by object\n| foreach *lag_event_sec [ eval <<FIELD>> = round('<<FIELD>>', 0) ]\n| eval perc95_days_unit = perc95_lag_event_sec/86400, perc95_duration = tostring(perc95_lag_event_sec, \"duration\")\n| lookup trackme_dsm_tenant_01-feeds object OUTPUT data_last_lag_seen as current_lag_event_sec\n| where current_lag_event_sec>7200\n| eval diff_perc95 = max_lag_event_sec-perc95_lag_event_sec, diff_duration=tostring(diff_perc95, \"duration\"), diff_proportion=round(diff_perc95/perc95_lag_event_sec*100, 2)\n| where diff_proportion<25\n| eval adaptive_delay = round(max_lag_event_sec/3600, 0) * 3600, adaptive_delay_duration = tostring(adaptive_delay, \"duration\")\n```\n\nTrackMe later on reviews previously updated entities using more sophisticated variations of this logic.\n\n### Further logic and previously processed review:\n\n- TrackMe reviews previously updated entities automatically.\n- Entities updated since less than 4 hours are temporarily ignored.\n- Entities updated since more than 4 hours and within the 24 hours and where the treshold was increased are reviewed for further update.\n- Beyond these conditions, entities updated since the past 7 days are reviewed and updated depending on the conditions.\n\n### Key Tracker Level Arguments: \n\n#### min_delay_sec\n\n- This defines the minimum delay value in seconds for entities to be considered (2 hours by default).\n\n#### max_auto_delay_sec\n\n- This defines the maximal delay value that the adaptive backend can set, if the automated delay calculation go beyond it, this value will be used instead, expressed in seconds.\n\n#### max_changes_past_7days\n\n- This defines the maximal number of changes that can be performed in a 7 days time frame, once reached we will not update this entity again until the counter is reset.\n\n#### min_historical_metrics_days\n\n- The minimal number of accumulated days of metrics before we start updating the delay threshold, expressed in days.\n\n#### review_period_no_days\n\n- The relative time period for review. When entities were updated, TrackMe will review over time the behaviour and eventually adapt the threshold to take into accoount new patterns, expressed in number of days, valid options: 7, 15, 30.\n\n### Updating Delay Thresholds Automatically:\n\n- After performing these investigations, the command updates the delay threshold value for selected entities, and generates an audit record with corresponding results (context: automated adaptive delay update).\n- Audit messages can be found with the following search:\n\n*Example:*\n\n```\n`trackme_audit_idx` tenant_id=* \"automated adaptive delay update\"\n| table _time, tenant_id, object_category, object, action, comment\n| sort - 0 _time | trackmeprettyjson fields=comment\n```\n\nActivity log traces can be found in:\n\n```\nindex=_internal sourcetype=trackme:custom_commands:trackmesplkadaptivedelay\n```\n\n### Preventing an Entity from Being Automatically Managed\n\n- Via the UI, you can set the value of ``allow_adaptive_delay`` to False, which prevents TrackMe from automatically updating the delay threshold for a given entity."
}
},
"viz_NUqP7Fjk": {
"type": "abslayout.line",
"options": {
"strokeDasharray": 4
}
},
"viz_XMHDnORn": {
"type": "abslayout.line",
"options": {
"strokeDasharray": 4
}
},
"viz_IuV33TS1": {
"type": "splunk.markdown",
"options": {
"markdown": "# Adaptive threshold audit traces"
}
},
"viz_IiBC8GdB": {
"type": "splunk.markdown",
"options": {
"markdown": "# Adaptive threshold logging traces"
}
},
"viz_eCsTg4eC": {
"type": "abslayout.line",
"options": {
"strokeDasharray": 4
}
}
},
"inputs": {
"input_global_trp": {
"type": "input.timerange",
"options": {
"token": "global_time",
"defaultValue": "-24h@h,now"
},
"title": "Global Time Range:"
},
"input_kquudf7q": {
"options": {
"items": ">frame(label, value) | prepend(formattedStatics) | objects()",
"defaultValue": "*",
"token": "tk_tenant"
},
"title": "Tenant:",
"type": "input.dropdown",
"dataSources": {
"primary": "ds_yHwHGBpa"
},
"context": {
"formattedConfig": {
"number": {
"prefix": ""
}
},
"formattedStatics": ">statics | formatByType(formattedConfig)",
"statics": [
[
"All"
],
[
"*"
]
],
"label": ">primary | seriesByName(\"tenant_id\") | renameSeries(\"label\") | formatByType(formattedConfig)",
"value": ">primary | seriesByName(\"tenant_id\") | renameSeries(\"value\") | formatByType(formattedConfig)"
}
},
"input_xdlNmvhR": {
"options": {
"items": [
{
"label": "All",
"value": "*"
},
{
"label": "splk-dsm",
"value": "splk-dsm"
},
{
"label": "splk-dhm",
"value": "splk-dhm"
}
],
"defaultValue": "*",
"token": "tk_component"
},
"title": "Component:",
"type": "input.dropdown"
}
},
"layout": {
"type": "absolute",
"options": {
"display": "auto-scale",
"width": 1330,
"height": 3400
},
"structure": [
{
"item": "viz_table_1",
"type": "block",
"position": {
"x": 10,
"y": 2760,
"w": 1310,
"h": 600
}
},
{
"item": "viz_dtUfQMrD",
"type": "block",
"position": {
"x": 10,
"y": 2320,
"w": 1310,
"h": 430
}
},
{
"item": "viz_NmxZjn2m",
"type": "block",
"position": {
"x": 1190,
"y": -90,
"w": 120,
"h": 300
}
},
{
"item": "viz_QmsYbcgT",
"type": "block",
"position": {
"x": 10,
"y": 1490,
"w": 1310,
"h": 720
}
},
{
"item": "viz_WWQmnNzo",
"type": "block",
"position": {
"x": 10,
"y": 1040,
"w": 1310,
"h": 430
}
},
{
"item": "viz_2O9rRdJE",
"type": "block",
"position": {
"x": 10,
"y": 30,
"w": 1310,
"h": 920
}
},
{
"item": "viz_NUqP7Fjk",
"type": "line",
"position": {
"from": {
"x": 7,
"y": 16
},
"to": {
"x": 1323,
"y": 15
}
}
},
{
"item": "viz_XMHDnORn",
"type": "line",
"position": {
"from": {
"x": 9,
"y": 968
},
"to": {
"x": 1322,
"y": 968
}
}
},
{
"item": "viz_IuV33TS1",
"type": "block",
"position": {
"x": 10,
"y": 980,
"w": 510,
"h": 40
}
},
{
"item": "viz_IiBC8GdB",
"type": "block",
"position": {
"x": 10,
"y": 2260,
"w": 510,
"h": 40
}
},
{
"item": "viz_eCsTg4eC",
"type": "line",
"position": {
"from": {
"x": 10,
"y": 2246
},
"to": {
"x": 1325,
"y": 2245
}
}
}
],
"globalInputs": [
"input_global_trp",
"input_kquudf7q",
"input_xdlNmvhR"
]
},
"title": "TrackMe - Adaptive delay threshold audit (global audit)",
"defaults": {
"dataSources": {
"ds.search": {
"options": {
"queryParameters": {
"latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}
}
}
}
},
"description": "This dashboards audits the activity and behaviour of the adaptive delay thresholding for TrackMe feeds components"
}
]]> </definition>
<meta type="hiddenElements"><![CDATA[
{
"hideEdit": false,
"hideOpenInSearch": false,
"hideExport": false
}
]]> </meta>
</dashboard>

531
dashboards/trackme_trackMe_audit_adaptive_delay_treshold_adjustments.xml
Unescape View File

@ -1,531 +0,0 @@
<dashboard version="2" theme="dark">
<label>TrackMe - Adaptive delay threshold audit (adjustments audit)</label>
<description>This dashboards audits the activity and behaviour of the adaptive delay thresholding for TrackMe feeds components, focusing on the adjustments made by TrackMe</description>
<definition><![CDATA[
{
"dataSources": {
"ds_search_1": {
"type": "ds.search",
"options": {
"query": "`trackme_audit_idx` tenant_id=$tk_tenant$ object_category=$tk_component$ object=\"*$tk_object$*\" \"automated adaptive delay update\"\n| table _time, tenant_id, object_category, object, action, change_type, comment, object_attrs\n| sort - 0 _time \n| trackmeprettyjson fields=comment \n| spath input=comment\n| trackmeprettyjson fields=object_attrs\n| spath input=object_attrs \n| rename results.adaptive_delay as adaptive_delay results.current_max_lag_event_sec as max_lag_event_sec\n| $tk_threshold_direction$\n| eval adaptive_delay=(adaptive_delay/3600) \n| eval max_lag_event_sec=(max_lag_event_sec/3600) \n| eval diff=(adaptive_delay-max_lag_event_sec) \n| eval direction=case(diff<=0.0, \"Threshold Lowered\", diff>=0.1, \"Threshold Raised\")\n| eval object=mvdedup(object)\n| eval time=strftime(_time, \"%c\")\n| table time object data_index data_sourcetype max_lag_event_sec adaptive_delay diff direction \n| rename max_lag_event_sec as \"Previous Threshold\" adaptive_delay as \"New Threshold\" diff as \"Adjustment\" direction as \"Status\" data_index as \"Index\" data_sourcetype as \"Sourcetype\"",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "adjustments_table"
},
"ds_UpugjNjy": {
"type": "ds.search",
"options": {
"query": "index=_internal sourcetype=trackme:custom_commands:trackmesplkadaptivedelay tenant_id=$tk_tenant$ component=$tk_component$\n| rex field=sourcetype \"trackme:custom_commands:(?<command>.*)\"\n| timechart count minspan=5m count limit=0 by log_level",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "events_by_log_level"
},
"ds_yHwHGBpa": {
"type": "ds.search",
"options": {
"query": "| inputlookup trackme_virtual_tenants | eval keyid=_key\n| where tenant_status=\"enabled\" AND (tenant_dsm_enabled=1 OR tenant_dhm_enabled=1) AND tenant_replica=0\n| stats count by tenant_id\n| sort 0 tenant_id",
"queryParameters": {
"earliest": "-5m",
"latest": "now"
}
},
"name": "populate_tenants"
},
"ds_diTMqSWx": {
"type": "ds.search",
"options": {
"query": "`trackme_audit_idx` tenant_id=$tk_tenant$ object_category=$tk_component$ \"automated adaptive delay update\"\n| table _time, tenant_id, object_category, object, action, comment\n| sort - 0 _time | trackmeprettyjson fields=comment",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "audit_adaptive_table"
},
"ds_o8rZrPBE_ds_UpugjNjy": {
"type": "ds.search",
"options": {
"query": "`trackme_audit_idx` tenant_id=$tk_tenant$ object_category=$tk_component$ object=\"*$tk_object$*\" \"automated adaptive delay update\"\n| table _time, tenant_id, object_category, object, action, change_type, comment\n| sort - 0 _time | trackmeprettyjson fields=comment\n| spath input=comment\n| rename results.adaptive_delay as adaptive_delay, results.current_max_lag_event_sec as max_lag_event_sec\n| $tk_threshold_direction$\n| eval adaptive_delay=(adaptive_delay/3600)\n| timechart span=1h useother=f limit=40 latest(adaptive_delay) as adaptive_delay by object",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "overtime_threshold_definitions"
},
"ds_5CWZWtVu_ds_o8rZrPBE_ds_UpugjNjy": {
"type": "ds.search",
"options": {
"query": "`trackme_audit_idx` tenant_id=$tk_tenant$ object_category=$tk_component$ object=\"*$tk_object$*\" \"automated adaptive delay update\"\n| table _time, tenant_id, object_category, object, action, change_type, comment\n| sort - 0 _time | trackmeprettyjson fields=comment\n| spath input=comment\n| rename results.adaptive_delay as adaptive_delay results.current_max_lag_event_sec as max_lag_event_sec\n| $tk_threshold_direction$\n| eval adaptive_delay=(adaptive_delay/3600)\n| eval max_lag_event_sec=(max_lag_event_sec/3600)\n| eval diff=(adaptive_delay-max_lag_event_sec)\n| eval direction=case(diff<=0.0, \"Lowered Threshold\", diff>=0.1, \"Raised Threshold\")\n| table _time object max_lag_event_sec adaptive_delay diff direction\n| timechart span=1h useother=f limit=40 last(diff) by object",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "overtime_threshold_adjustments"
},
"ds_38boaB5k": {
"type": "ds.search",
"options": {
"query": "`trackme_audit_idx` tenant_id=$tk_tenant$ object_category=$tk_component$ \"automated adaptive delay update\"\n| stats count by object \n| fields object\n| sort 10000 object ",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "populate_objects"
}
},
"visualizations": {
"viz_table_1": {
"type": "splunk.table",
"options": {
"columnFormat": {
"log_level": {
"data": "> table | seriesByName(\"log_level\") | formatByType(log_levelColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"log_level\") | matchValue(log_levelRowColorsEditorConfig)"
},
"Status": {
"data": "> table | seriesByName(\"Status\") | formatByType(StatusColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName('Status') | pick(StatusRowColorsEditorConfig)",
"rowBackgroundColors": "> table | seriesByName(\"Status\") | matchValue(StatusRowBackgroundColorsEditorConfig)"
},
"Adjustment": {
"data": "> table | seriesByName(\"Adjustment\") | formatByType(AdjustmentColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName('Adjustment') | pick(AdjustmentRowColorsEditorConfig)",
"rowBackgroundColors": "> table | seriesByName(\"Adjustment\") | rangeValue(AdjustmentRowBackgroundColorsEditorConfig)"
},
"Index": {
"data": "> table | seriesByName(\"Index\") | formatByType(IndexColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName('Index') | pick(IndexRowColorsEditorConfig)",
"rowBackgroundColors": "> table | seriesByName(\"Index\") | matchValue(IndexRowBackgroundColorsEditorConfig)"
}
},
"count": 100
},
"context": {
"log_levelColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
},
"log_levelRowColorsEditorConfig": [
{
"match": "WARNING",
"value": "#DD9900"
},
{
"match": "INFO",
"value": "#00CDAF"
},
{
"match": "ERROR",
"value": "#FF677B"
},
{
"match": "DEBUG",
"value": "#009CEB"
}
],
"StatusColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
},
"StatusRowColorsEditorConfig": [
"#ffffff"
],
"StatusRowBackgroundColorsEditorConfig": [
{
"match": "Threshold Lowered",
"value": "#45d4ba"
},
{
"match": "Threshold Raised",
"value": "#e85b79"
}
],
"AdjustmentColumnFormatEditorConfig": {
"number": {
"thousandSeparated": false,
"unitPosition": "after",
"unit": "Hours"
}
},
"AdjustmentRowColorsEditorConfig": [
"#ffffff"
],
"AdjustmentRowBackgroundColorsEditorConfig": [
{
"value": "#45d4ba",
"to": 0
},
{
"value": "#e85b79",
"from": 0
}
],
"IndexColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
},
"IndexRowColorsEditorConfig": [
"#ffffff"
],
"IndexRowBackgroundColorsEditorConfig": [
{
"match": "",
"value": "#5C33FF"
}
]
},
"dataSources": {
"primary": "ds_search_1"
},
"title": "Delay threshold adjustment summary table",
"description": "This shows on a per object basis the delay treshold adjustments"
},
"viz_NmxZjn2m": {
"type": "splunk.image",
"options": {
"preserveAspectRatio": true,
"src": "../../static/app/trackme/icons/trackme.png"
}
},
"viz_WWQmnNzo": {
"type": "splunk.column",
"dataSources": {
"primary": "ds_o8rZrPBE_ds_UpugjNjy"
},
"title": "Thesholds values defined over time",
"description": "This chart shows the values in hours defined by the adaptive threshold backend",
"options": {
"dataValuesDisplay": "all",
"xAxisTitleVisibility": "hide",
"yAxisTitleText": "Threshold (hours)"
}
},
"viz_XMHDnORn": {
"type": "abslayout.line",
"options": {
"strokeDasharray": 4
}
},
"viz_IuV33TS1": {
"type": "splunk.markdown",
"options": {
"markdown": "# Adaptive threshold - Values affection"
}
},
"viz_IiBC8GdB": {
"type": "splunk.markdown",
"options": {
"markdown": "# Adaptive threshold - Per object adjustments table"
}
},
"viz_eCsTg4eC": {
"type": "abslayout.line",
"options": {
"strokeDasharray": 4
}
},
"viz_kO1eWbMD": {
"type": "abslayout.line",
"options": {
"strokeDasharray": 4
}
},
"viz_sXg5MxlA": {
"type": "splunk.markdown",
"options": {
"markdown": "# Adaptive threshold - Adjustments"
}
},
"viz_xvoBZnIV": {
"type": "splunk.column",
"dataSources": {
"primary": "ds_5CWZWtVu_ds_o8rZrPBE_ds_UpugjNjy"
},
"title": "Thesholds values variations over time (increase or decrease)",
"description": "This chart shows the variation of the threshold adjustments (in hours)",
"options": {
"dataValuesDisplay": "all",
"xAxisTitleVisibility": "hide",
"yAxisTitleText": "Threshold (hours)"
}
}
},
"inputs": {
"input_global_trp": {
"type": "input.timerange",
"options": {
"token": "global_time",
"defaultValue": "-24h@h,now"
},
"title": "Global Time Range:"
},
"input_kquudf7q": {
"options": {
"items": ">frame(label, value) | prepend(formattedStatics) | objects()",
"defaultValue": "*",
"token": "tk_tenant"
},
"title": "Tenant:",
"type": "input.dropdown",
"dataSources": {
"primary": "ds_yHwHGBpa"
},
"context": {
"formattedConfig": {
"number": {
"prefix": ""
}
},
"formattedStatics": ">statics | formatByType(formattedConfig)",
"statics": [
[
"All"
],
[
"*"
]
],
"label": ">primary | seriesByName(\"tenant_id\") | renameSeries(\"label\") | formatByType(formattedConfig)",
"value": ">primary | seriesByName(\"tenant_id\") | renameSeries(\"value\") | formatByType(formattedConfig)"
}
},
"input_xdlNmvhR": {
"options": {
"items": [
{
"label": "All",
"value": "*"
},
{
"label": "splk-dsm",
"value": "splk-dsm"
},
{
"label": "splk-dhm",
"value": "splk-dhm"
}
],
"defaultValue": "*",
"token": "tk_component"
},
"title": "Component:",
"type": "input.dropdown"
},
"input_RmMD0viP": {
"options": {
"items": [
{
"label": "All",
"value": "search adaptive_delay=*"
},
{
"label": "Threshold Raised",
"value": "where adaptive_delay > max_lag_event_sec"
},
{
"label": "Threshold Lowered",
"value": "where adaptive_delay < max_lag_event_sec"
}
],
"defaultValue": "search adaptive_delay=*",
"token": "tk_threshold_direction"
},
"title": "Threshold Movement:",
"type": "input.dropdown"
},
"input_eoNRWtyI": {
"options": {
"items": ">frame(label, value) | prepend(formattedStatics) | objects()",
"defaultValue": "*",
"token": "tk_object"
},
"title": "Object:",
"type": "input.dropdown",
"dataSources": {
"primary": "ds_38boaB5k"
},
"context": {
"formattedConfig": {
"number": {
"prefix": ""
}
},
"formattedStatics": ">statics | formatByType(formattedConfig)",
"statics": [
[
"All"
],
[
"*"
]
],
"label": ">primary | seriesByName(\"object\") | renameSeries(\"label\") | formatByType(formattedConfig)",
"value": ">primary | seriesByName(\"object\") | renameSeries(\"value\") | formatByType(formattedConfig)"
}
}
},
"layout": {
"type": "absolute",
"options": {
"display": "auto-scale",
"width": 2660,
"height": 1650
},
"structure": [
{
"item": "viz_table_1",
"type": "block",
"position": {
"x": 10,
"y": 710,
"w": 2638,
"h": 900
}
},
{
"item": "viz_NmxZjn2m",
"type": "block",
"position": {
"x": 2530,
"y": -90,
"w": 120,
"h": 300
}
},
{
"item": "viz_WWQmnNzo",
"type": "block",
"position": {
"x": 10,
"y": 170,
"w": 1310,
"h": 430
}
},
{
"item": "viz_XMHDnORn",
"type": "line",
"position": {
"from": {
"x": 12,
"y": 107
},
"to": {
"x": 1325,
"y": 107
}
}
},
{
"item": "viz_IuV33TS1",
"type": "block",
"position": {
"x": 10,
"y": 120,
"w": 510,
"h": 40
}
},
{
"item": "viz_IiBC8GdB",
"type": "block",
"position": {
"x": 10,
"y": 660,
"w": 650,
"h": 40
}
},
{
"item": "viz_eCsTg4eC",
"type": "line",
"position": {
"from": {
"x": 16,
"y": 637
},
"to": {
"x": 2643,
"y": 633
}
}
},
{
"item": "viz_kO1eWbMD",
"type": "line",
"position": {
"from": {
"x": 1336,
"y": 107
},
"to": {
"x": 2649,
"y": 107
}
}
},
{
"item": "viz_sXg5MxlA",
"type": "block",
"position": {
"x": 1350,
"y": 120,
"w": 510,
"h": 40
}
},
{
"item": "viz_xvoBZnIV",
"type": "block",
"position": {
"x": 1340,
"y": 170,
"w": 1310,
"h": 430
}
}
],
"globalInputs": [
"input_global_trp",
"input_kquudf7q",
"input_xdlNmvhR",
"input_RmMD0viP",
"input_eoNRWtyI"
]
},
"title": "TrackMe - Adaptive delay threshold audit (adjustments audit)",
"defaults": {
"dataSources": {
"ds.search": {
"options": {
"queryParameters": {
"latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}
}
}
}
},
"description": "This dashboards audits the activity and behaviour of the adaptive delay thresholding for TrackMe feeds components, focusing on the adjustments made by TrackMe"
}
]]> </definition>
<meta type="hiddenElements"><![CDATA[
{
"hideEdit": false,
"hideOpenInSearch": false,
"hideExport": false
}
]]> </meta>
</dashboard>

659
dashboards/trackme_trackMe_audit_data_sampling.xml
Unescape View File

@ -1,659 +0,0 @@
<dashboard version="2" theme="dark">
<label>TrackMe - Data sampling and events formats recognition audit</label>
<description>This auditing dashboard investigates the Data sampling feature results for the splk-dsm component</description>
<definition><![CDATA[
{
"title": "TrackMe - Data sampling and events formats recognition audit",
"description": "This auditing dashboard investigates the Data sampling feature results for the splk-dsm component",
"inputs": {
"input_TgtFblSG": {
"dataSources": {
"primary": "ds_Pw0K27lq"
},
"options": {
"defaultValue": "*",
"items": [
{
"label": "All",
"value": "*"
}
],
"token": "tk_object"
},
"title": "Objects:",
"type": "input.dropdown"
},
"input_global_trp": {
"options": {
"defaultValue": "-24h@h,now",
"token": "global_time"
},
"title": "Period:",
"type": "input.timerange"
},
"input_uHIQHlyb": {
"context": {
"formattedConfig": {
"number": {
"prefix": ""
}
},
"formattedStatics": ">statics | formatByType(formattedConfig)",
"label": ">primary | seriesByName(\"tenant_id\") | renameSeries(\"label\") | formatByType(formattedConfig)",
"statics": [],
"value": ">primary | seriesByName(\"tenant_id\") | renameSeries(\"value\") | formatByType(formattedConfig)"
},
"dataSources": {
"primary": "ds_Mg04DNO6"
},
"options": {
"items": ">frame(label, value) | prepend(formattedStatics) | objects()",
"token": "tk_tenant_id"
},
"title": "tenant_id:",
"type": "input.dropdown"
},
"input_oTEsZboP": {
"options": {
"items": [
{
"label": "Any",
"value": "*"
},
{
"label": "Red",
"value": "red"
},
{
"label": "Orange",
"value": "orange"
},
{
"label": "Green",
"value": "green"
}
],
"defaultValue": "*",
"token": "tk_table_state"
},
"title": "Filter table state:",
"type": "input.dropdown"
}
},
"defaults": {
"dataSources": {
"ds.search": {
"options": {
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
}
}
}
},
"visualizations": {
"viz_0VdLX51C": {
"context": {
"log_levelColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
},
"log_levelRowColorsEditorConfig": [
{
"match": "WARN",
"value": "#ad3f20"
},
{
"match": "INFO",
"value": "#207865"
},
{
"match": "ERROR",
"value": "#78062a"
},
{
"match": "DEBUG",
"value": "#003E80"
}
]
},
"dataSources": {
"primary": "ds_UUNZ1UyX"
},
"description": "The Data Sampling relies on the executor command, which logs its activity in the _internal index",
"options": {
"columnFormat": {
"log_level": {
"data": "> table | seriesByName(\"log_level\") | formatByType(log_levelColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"log_level\") | matchValue(log_levelRowColorsEditorConfig)"
}
}
},
"title": "Data Sampling executor traces",
"type": "splunk.table"
},
"viz_1KpygY1l": {
"dataSources": {
"primary": "ds_5DyDRYLq"
},
"description": "",
"options": {
"majorColor": "> majorValue | rangeValue(majorColorEditorConfig)",
"backgroundColor": "transparent"
},
"type": "splunk.singlevalue",
"context": {
"majorColorEditorConfig": [
{
"value": "#e85b79",
"to": 1
},
{
"value": "#e85b79",
"from": 1
}
]
}
},
"viz_29HlXL59": {
"options": {
"preserveAspectRatio": true,
"src": "../../static/app/trackme/icons/trackme.png"
},
"type": "splunk.image"
},
"viz_NrwggSYV": {
"dataSources": {
"primary": "ds_bR5fXLDt"
},
"description": "",
"options": {
"backgroundColor": "transparent"
},
"type": "splunk.singlevalue"
},
"viz_QUYYEwXs": {
"options": {
"markdown": "count red"
},
"type": "splunk.markdown"
},
"viz_QpszSdhB": {
"options": {
"markdown": "count green"
},
"type": "splunk.markdown"
},
"viz_RLPXFcGI": {
"dataSources": {
"primary": "ds_XY84LN0B"
},
"description": "",
"options": {
"majorColor": "> majorValue | rangeValue(majorColorEditorConfig)",
"backgroundColor": "transparent"
},
"type": "splunk.singlevalue",
"context": {
"majorColorEditorConfig": [
{
"value": "#45d4ba",
"to": 1
},
{
"value": "#45d4ba",
"from": 1
}
]
}
},
"viz_SSK3aVIG": {
"options": {
"markdown": "count orange"
},
"type": "splunk.markdown"
},
"viz_a1weqXVe": {
"options": {
"markdown": "Number of objects in the sampling collection"
},
"type": "splunk.markdown"
},
"viz_bkulEsvV": {
"dataSources": {
"primary": "ds_DgZ9kw8T"
},
"description": "",
"options": {
"backgroundColor": "transparent"
},
"type": "splunk.singlevalue"
},
"viz_cBYvB8Yy": {
"dataSources": {
"primary": "ds_lj3w1XsH"
},
"description": "",
"options": {
"majorColor": "> majorValue | rangeValue(majorColorEditorConfig)",
"backgroundColor": "transparent"
},
"type": "splunk.singlevalue",
"context": {
"majorColorEditorConfig": [
{
"value": "#fb865c",
"to": 1
},
{
"value": "#fb865c",
"from": 1
}
]
}
},
"viz_dJ5VhJet": {
"options": {
"markdown": "Number of objects with Sampling disabled"
},
"type": "splunk.markdown"
},
"viz_dOpjvgGS": {
"dataSources": {
"primary": "ds_K19CzomZ"
},
"description": "",
"options": {
"backgroundColor": "transparent"
},
"type": "splunk.singlevalue"
},
"viz_kkzyyTTf": {
"context": {
"data_sample_anomaly_reasonColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
},
"data_sample_anomaly_reasonRowColorsEditorConfig": [
{
"match": "normal",
"value": "#45d4ba"
}
],
"data_sample_featureColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
},
"data_sample_featureRowColorsEditorConfig": [
{
"match": "disabled",
"value": "#555555"
},
{
"match": "enabled",
"value": "#207865"
}
],
"data_sample_status_colourColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
},
"data_sample_status_colourRowColorsEditorConfig": [
{
"match": "green",
"value": "#45d4ba"
},
{
"match": "red",
"value": "#e85b79"
},
{
"match": "orange",
"value": "#fb865c"
}
]
},
"dataSources": {
"primary": "ds_GmbiRmaY"
},
"description": "Consolatited view - This table shows the consolidated status of the Data Sampling feature per entity",
"eventHandlers": [],
"options": {
"columnFormat": {
"data_sample_anomaly_reason": {
"data": "> table | seriesByName(\"data_sample_anomaly_reason\") | formatByType(data_sample_anomaly_reasonColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"data_sample_anomaly_reason\") | matchValue(data_sample_anomaly_reasonRowColorsEditorConfig)"
},
"data_sample_feature": {
"data": "> table | seriesByName(\"data_sample_feature\") | formatByType(data_sample_featureColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"data_sample_feature\") | matchValue(data_sample_featureRowColorsEditorConfig)"
},
"data_sample_status_colour": {
"data": "> table | seriesByName(\"data_sample_status_colour\") | formatByType(data_sample_status_colourColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"data_sample_status_colour\") | matchValue(data_sample_status_colourRowColorsEditorConfig)"
},
"object": {
"width": 450
},
"object_category": {
"width": 150
}
},
"count": 50
},
"title": "Data Sampling overview",
"type": "splunk.table"
},
"viz_sQRatSih": {
"options": {
"markdown": "Number of objects with Sampling enabled"
},
"type": "splunk.markdown"
}
},
"dataSources": {
"ds_0iOI8jft": {
"name": "count_by_status",
"options": {
"query": "| inputlookup trackme_dsm_data_sampling_tenant_$tk_tenant_id$ \n| eval key=_key | fields - raw_sample\n| lookup trackme_dsm_tenant_$tk_tenant_id$ object OUTPUT monitored_state\n| where monitored_state=\"enabled\"\n| where data_sample_feature=\"enabled\"\n| stats count(eval(data_sample_status_colour==\"green\")) as count_green, count(eval(data_sample_status_colour==\"orange\")) as count_orange, count(eval(data_sample_status_colour==\"red\")) as count_red"
},
"type": "ds.search"
},
"ds_5DyDRYLq": {
"name": "count_red",
"options": {
"extend": "ds_0iOI8jft",
"query": "fields count_red"
},
"type": "ds.chain"
},
"ds_8GZdWK3Q": {
"name": "no_red_state",
"options": {
"query": "| inputlookup trackme_dsm_data_sampling_tenant_$tk_tenant_id$ \n| eval key=_key | fields - raw_sample\n| lookup trackme_dsm_tenant_$tk_tenant_id$ object OUTPUT monitored_state\n| where monitored_state=\"enabled\"\n| where data_sample_status_colour=\"red\"\n| stats dc(object) as dcount"
},
"type": "ds.search"
},
"ds_DgZ9kw8T": {
"name": "no_sampling_disabled",
"options": {
"query": "| inputlookup trackme_dsm_data_sampling_tenant_$tk_tenant_id$ \n| eval key=_key | fields - raw_sample\n| lookup trackme_dsm_tenant_$tk_tenant_id$ object OUTPUT monitored_state\n| where monitored_state=\"enabled\"\n| where data_sample_feature=\"disabled\"\n| stats dc(object) as dcount"
},
"type": "ds.search"
},
"ds_GmbiRmaY": {
"name": "table_sampling",
"options": {
"query": "| inputlookup trackme_dsm_data_sampling_tenant_$tk_tenant_id$ \n| eval key=_key | fields - raw_sample\n| lookup trackme_dsm_tenant_$tk_tenant_id$ object OUTPUT monitored_state\n| where monitored_state=\"enabled\"\n| table object, data_sample_mtime, data_sample_feature, data_sample_status_colour, data_sample_anomaly_reason, current_detected_format, current_detected_format_dcount\n| sort 0 - data_sample_mtime\n| eval data_sample_mtime=strftime(data_sample_mtime, \"%c\")\n| search object=\"$tk_object$\"\n| search data_sample_status_colour=\"$tk_table_state$\"",
"queryParameters": {
"earliest": "-5m",
"latest": "now"
}
},
"type": "ds.search"
},
"ds_K19CzomZ": {
"name": "no_objects",
"options": {
"query": "| inputlookup trackme_dsm_data_sampling_tenant_$tk_tenant_id$ \n| eval key=_key | fields - raw_sample\n| lookup trackme_dsm_tenant_$tk_tenant_id$ object OUTPUT monitored_state\n| where monitored_state=\"enabled\"\n| stats dc(object) as dcount"
},
"type": "ds.search"
},
"ds_Mg04DNO6": {
"name": "populate_tenants",
"options": {
"query": "| trackmeload mode=expanded | table _raw | spath | fields - _raw | fillnull tenant_replica | search tenant_dsm_enabled=1 AND tenant_replica!=1 | table tenant_id \n| sort 0 tenant_id",
"queryParameters": {
"earliest": "-24h@h",
"latest": "now"
}
},
"type": "ds.search"
},
"ds_Pw0K27lq": {
"name": "populate_objects",
"options": {
"query": "| inputlookup trackme_dsm_data_sampling_tenant_$tk_tenant_id$\n| stats c by object \n| table object \n| sort 0 object",
"queryParameters": {
"earliest": "-5m",
"latest": "now"
}
},
"type": "ds.search"
},
"ds_UUNZ1UyX": {
"name": "executor_traces",
"options": {
"query": "index=_internal sourcetype=trackme:custom_commands:trackmesamplingexecutor tenant_id=\"$tk_tenant_id$\"\n| sort - _time\n| eval time=strftime(_time, \"%c\")\n| table time, log_level, _raw",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"type": "ds.search"
},
"ds_XY84LN0B": {
"name": "count_green",
"options": {
"extend": "ds_0iOI8jft",
"query": "fields count_green"
},
"type": "ds.chain"
},
"ds_bR5fXLDt": {
"name": "no_sampling_enabled",
"options": {
"query": "| inputlookup trackme_dsm_data_sampling_tenant_$tk_tenant_id$ \n| eval key=_key | fields - raw_sample\n| lookup trackme_dsm_tenant_$tk_tenant_id$ object OUTPUT monitored_state\n| where monitored_state=\"enabled\"\n| where data_sample_feature=\"enabled\"\n| stats dc(object) as dcount"
},
"type": "ds.search"
},
"ds_lj3w1XsH": {
"name": "count_orange",
"options": {
"extend": "ds_0iOI8jft",
"query": "fields count_orange"
},
"type": "ds.chain"
}
},
"layout": {
"globalInputs": [
"input_global_trp",
"input_uHIQHlyb",
"input_TgtFblSG",
"input_oTEsZboP"
],
"layoutDefinitions": {
"layout_1": {
"options": {
"height": 1650,
"width": 2660
},
"structure": [
{
"item": "viz_29HlXL59",
"position": {
"h": 60,
"w": 120,
"x": 2530,
"y": 40
},
"type": "block"
},
{
"item": "viz_kkzyyTTf",
"position": {
"h": 1130,
"w": 2660,
"x": 0,
"y": 160
},
"type": "block"
},
{
"item": "viz_dOpjvgGS",
"position": {
"h": 90,
"w": 170,
"x": 130,
"y": 20
},
"type": "block"
},
{
"item": "viz_a1weqXVe",
"position": {
"h": 50,
"w": 300,
"x": 70,
"y": 100
},
"type": "block"
},
{
"item": "viz_bkulEsvV",
"position": {
"h": 90,
"w": 170,
"x": 560,
"y": 20
},
"type": "block"
},
{
"item": "viz_dJ5VhJet",
"position": {
"h": 50,
"w": 300,
"x": 510,
"y": 100
},
"type": "block"
},
{
"item": "viz_NrwggSYV",
"position": {
"h": 90,
"w": 170,
"x": 1030,
"y": 20
},
"type": "block"
},
{
"item": "viz_sQRatSih",
"position": {
"h": 50,
"w": 300,
"x": 970,
"y": 100
},
"type": "block"
},
{
"item": "viz_RLPXFcGI",
"position": {
"h": 90,
"w": 170,
"x": 1450,
"y": 20
},
"type": "block"
},
{
"item": "viz_cBYvB8Yy",
"position": {
"h": 90,
"w": 170,
"x": 1830,
"y": 20
},
"type": "block"
},
{
"item": "viz_1KpygY1l",
"position": {
"h": 90,
"w": 170,
"x": 2210,
"y": 20
},
"type": "block"
},
{
"item": "viz_QpszSdhB",
"position": {
"h": 30,
"w": 90,
"x": 1490,
"y": 100
},
"type": "block"
},
{
"item": "viz_SSK3aVIG",
"position": {
"h": 30,
"w": 110,
"x": 1870,
"y": 100
},
"type": "block"
},
{
"item": "viz_QUYYEwXs",
"position": {
"h": 30,
"w": 110,
"x": 2260,
"y": 100
},
"type": "block"
}
],
"type": "absolute"
},
"layout_s7i54pGX": {
"type": "grid",
"structure": [
{
"item": "viz_0VdLX51C",
"type": "block",
"position": {
"x": 0,
"y": 0,
"w": 1200,
"h": 1374
}
}
]
}
},
"tabs": {
"items": [
{
"label": "Overview and status",
"layoutId": "layout_1"
},
{
"layoutId": "layout_s7i54pGX",
"label": "Logs backend"
}
]
}
}
}
]]> </definition>
<meta type="hiddenElements"><![CDATA[
{
"hideEdit": false,
"hideOpenInSearch": false,
"hideExport": false
}
]]> </meta>
</dashboard>

380
dashboards/trackme_trackMe_audit_ops.xml
Unescape View File

@ -1,380 +0,0 @@
<dashboard version="2" theme="dark">
<label>TrackMe - Tenants Operational Status Overview</label>
<description></description>
<definition><![CDATA[
{
"dataSources": {
"ds_search_ops_status": {
"type": "ds.search",
"options": {
"query": "| `per_tenant_ops_status_raw(*)`\n| lookup trackme_virtual_tenants tenant_id OUTPUT tenant_desc",
"queryParameters": {
"earliest": "-5m",
"latest": "now"
}
},
"name": "ops_status"
},
"ds_search_ops_status_overtime": {
"type": "ds.search",
"options": {
"query": "(`trackme_audit_idx` OR [ | trackmeload | search tenant_idx_settings!=\"global\" | fields tenant_idx_settings | spath input=tenant_idx_settings | stats count by trackme_audit_idx | dedup trackme_audit_idx | rename trackme_audit_idx as index | fields index | format ] ) [ | inputlookup trackme_virtual_tenants | fields tenant_id | format | fields search ] sourcetype=\"trackme:health\""
},
"name": "ops_status_overtime"
},
"ds_search_1": {
"type": "ds.search",
"options": {
"query": "| `per_tenant_ops_status_raw(*)` | table tenant_id, status \n| stats count by status",
"queryParameters": {
"earliest": "-5m",
"latest": "now"
}
},
"name": "tenant_status"
},
"ds_n1FCNS0l": {
"type": "ds.search",
"options": {
"query": "| `per_tenant_ops_status_raw(*)` | table tenant_id, status\n| sort 0 tenant_id"
},
"name": "status_by_tenant"
},
"ds_8HIte7Mj": {
"type": "ds.search",
"options": {
"query": "`per_tenant_ops_summary_activity`"
},
"name": "degradation_over_time"
},
"ds_J2DBgjhE": {
"type": "ds.search",
"options": {
"query": "| `per_tenant_ops_status_raw(*)` | fields tenant_id, status, overall_ops_pct, tenant_last_exec job_component_register | trackmeprettyjson fields=\"job_component_register\""
},
"name": "detailed_job_results"
},
"ds_VbAZ0by4": {
"type": "ds.chain",
"options": {
"extend": "ds_search_ops_status",
"query": "| stats count by status"
},
"name": "tenants_count_by_status"
},
"ds_I7q4oaTU": {
"type": "ds.chain",
"options": {
"extend": "ds_search_ops_status",
"query": "| fields tenant_id, tenant_desc, status\n| sort 0 tenant_id"
},
"name": "tenants_overview"
},
"ds_NjWl6NcX": {
"type": "ds.chain",
"options": {
"extend": "ds_search_ops_status",
"query": "| fields tenant_id, status, overall_ops_pct, tenant_last_exec job_component_register \n| trackmeprettyjson fields=\"job_component_register\"\n| rex field=job_component_register mode=sed \"s/\\\"success/\\\"🟢 success/g\"\n| rex field=job_component_register mode=sed \"s/\\\"failure/\\\"❌ failure/g\""
},
"name": "table_tenants"
},
"ds_QI1wSZxd": {
"type": "ds.chain",
"options": {
"query": "| stats count as active_tenants \n| fields active_tenants",
"extend": "ds_search_ops_status"
},
"name": "single_active_tenants"
},
"ds_gq9ZqVBS": {
"type": "ds.chain",
"options": {
"extend": "ds_search_ops_status",
"query": "| stats count(eval(overall_ops_pct!=\"100\")) as degraded_tenants \n| fields degraded_tenants"
},
"name": "single_degraded_tenants"
}
},
"visualizations": {
"viz_chart_1": {
"type": "splunk.pie",
"dataSources": {
"primary": "ds_VbAZ0by4"
},
"title": "Tenants Operational Status",
"options": {
"collapseThreshold": 0.01,
"showDonutHole": true,
"labelDisplay": "valuesAndPercentage",
"seriesColorsByField": {
"OPERATIONAL": "#45d4ba",
"DEGRADED": "#e85b79"
}
}
},
"viz_jn3W19To": {
"type": "splunk.table",
"title": "Operational Status by tenant",
"dataSources": {
"primary": "ds_I7q4oaTU"
},
"options": {
"columnFormat": {
"status": {
"data": "> table | seriesByName(\"status\") | formatByType(statusColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"status\") | matchValue(statusRowColorsEditorConfig)"
}
}
},
"context": {
"statusColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
},
"statusRowColorsEditorConfig": [
{
"match": "DEGRADED",
"value": "#e85b79"
},
{
"match": "OPERATIONAL",
"value": "#45D4BA"
}
]
}
},
"viz_6upLcH5E": {
"type": "splunk.column",
"title": "Over time tenants degradation events",
"description": "Degradation events happen when the register component reports a failure on a TrackMe job",
"dataSources": {
"primary": "ds_8HIte7Mj"
},
"options": {
"stackMode": "stacked",
"dataValuesDisplay": "all"
}
},
"viz_K39k1shE": {
"type": "splunk.singlevalue",
"dataSources": {
"primary": "ds_gq9ZqVBS"
},
"title": "# Degraded Tenants",
"options": {
"majorColor": "> majorValue | rangeValue(majorColorEditorConfig)",
"trendColor": "#45d4ba"
},
"context": {
"majorColorEditorConfig": [
{
"value": "#4fa484",
"to": 1
},
{
"value": "#e85b79",
"from": 1
}
]
}
},
"viz_28VB9M4d": {
"type": "splunk.singlevalue",
"dataSources": {
"primary": "ds_QI1wSZxd"
},
"title": "# Active Tenants",
"description": "",
"options": {
"majorColor": "> majorValue | rangeValue(majorColorEditorConfig)"
},
"context": {
"majorColorEditorConfig": [
{
"value": "#e85b79",
"to": 1
},
{
"value": "#45d4ba",
"from": 1
}
]
}
},
"viz_cvPBsXSu": {
"type": "splunk.table",
"dataSources": {
"primary": "ds_NjWl6NcX"
},
"options": {
"columnFormat": {
"overall_ops_pct": {
"data": "> table | seriesByName(\"overall_ops_pct\") | formatByType(overall_ops_pctColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"overall_ops_pct\") | rangeValue(overall_ops_pctRowColorsEditorConfig)"
},
"status": {
"data": "> table | seriesByName(\"status\") | formatByType(statusColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"status\") | matchValue(statusRowColorsEditorConfig)"
}
}
},
"context": {
"overall_ops_pctColumnFormatEditorConfig": {
"number": {
"thousandSeparated": false,
"unitPosition": "after"
}
},
"overall_ops_pctRowColorsEditorConfig": [
{
"value": "#FE3A3A",
"to": 100
},
{
"value": "#45d4ba",
"from": 100
}
],
"statusColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
},
"statusRowColorsEditorConfig": [
{
"match": "OPERATIONAL",
"value": "#45d4ba"
},
{
"match": "DEGRADED",
"value": "#e85b79"
}
]
},
"title": "Detailed job component register statuses"
},
"viz_FUEI8OpS": {
"type": "splunk.image",
"options": {
"preserveAspectRatio": true,
"src": "../../static/app/trackme/icons/trackme.png"
}
}
},
"inputs": {
"input_global_trp": {
"type": "input.timerange",
"options": {
"token": "global_time",
"defaultValue": "-24h@h,now"
},
"title": "Global Time Range"
}
},
"layout": {
"type": "absolute",
"options": {
"height": 1800,
"width": 1920
},
"structure": [
{
"item": "viz_chart_1",
"type": "block",
"position": {
"x": 590,
"y": 90,
"w": 590,
"h": 250
}
},
{
"item": "viz_jn3W19To",
"type": "block",
"position": {
"x": 1190,
"y": 90,
"w": 570,
"h": 250
}
},
{
"item": "viz_6upLcH5E",
"type": "block",
"position": {
"x": 10,
"y": 350,
"w": 1750,
"h": 330
}
},
{
"item": "viz_K39k1shE",
"type": "block",
"position": {
"x": 10,
"y": 220,
"w": 570,
"h": 120
}
},
{
"item": "viz_28VB9M4d",
"type": "block",
"position": {
"x": 10,
"y": 90,
"w": 570,
"h": 120
}
},
{
"item": "viz_cvPBsXSu",
"type": "block",
"position": {
"x": 10,
"y": 690,
"w": 1750,
"h": 970
}
},
{
"item": "viz_FUEI8OpS",
"type": "block",
"position": {
"x": 1630,
"y": 10,
"w": 120,
"h": 60
}
}
],
"globalInputs": [
"input_global_trp"
]
},
"title": "TrackMe - Tenants Operational Status Overview",
"defaults": {
"dataSources": {
"ds.search": {
"options": {
"queryParameters": {
"latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}
}
}
}
},
"description": ""
}
]]> </definition>
<meta type="hiddenElements"><![CDATA[
{
"hideEdit": false,
"hideOpenInSearch": false,
"hideExport": false
}
]]> </meta>
</dashboard>

275
dashboards/trackme_trackMe_audit_svc_usage.xml
Unescape View File

@ -1,275 +0,0 @@
<dashboard version="2" theme="dark">
<label>TrackMe SVC usage stack</label>
<description></description>
<definition><![CDATA[
{
"visualizations": {
"viz_wEwqDRvv": {
"type": "splunk.line",
"title": "Stack SVC usage per hour",
"dataSources": {
"primary": "ds_6F4mslsR"
},
"options": {
"xAxisTitleText": "",
"yAxisTitleText": "SVCs"
}
},
"viz_CL7Yd48d": {
"type": "splunk.singlevalue",
"title": "Stack SVC Entitlement",
"dataSources": {
"primary": "ds_0HJP5tjw"
},
"options": {
"backgroundColor": "transparent"
}
},
"viz_3dm54Wnf": {
"type": "splunk.line",
"dataSources": {
"primary": "ds_vFBi4bSQ"
},
"title": "Trackme SVC usage",
"description": "SVC usage per hour for TrackMe",
"options": {
"xAxisTitleText": "",
"yAxisTitleText": "SVCs"
}
},
"viz_8NRmlyOE": {
"type": "splunk.line",
"dataSources": {
"primary": "ds_xSjMkQKs"
},
"title": "Percentage of SVCs used by TrackMe",
"description": "This shows the percentage of SVCs used by TrackMe (percentage calculated against the number of SVCs that are actually used, this shows what percentage of used SVCs is used by TrackMe effectively)",
"options": {
"xAxisTitleText": "",
"yAxisTitleText": "SVCs percentage"
}
},
"viz_us5aI0OR": {
"type": "splunk.singlevalue",
"title": "Stack Average daily ingest (GB)",
"dataSources": {
"primary": "ds_HvTFWH2P"
},
"options": {
"backgroundColor": "transparent",
"numberPrecision": 2
}
},
"viz_rN1Rglnc": {
"type": "splunk.singlevalue",
"title": "Average SVC pct used by TrackMe",
"dataSources": {
"primary": "ds_ra2AYETO"
},
"options": {
"backgroundColor": "transparent",
"numberPrecision": 2,
"unit": "%"
}
},
"viz_fGOeP9lm": {
"type": "splunk.singlevalue",
"title": "Percentile95 SVC pct used by TrackMe",
"dataSources": {
"primary": "ds_w5uhHl8D"
},
"options": {
"backgroundColor": "transparent",
"numberPrecision": 2,
"unit": "%"
}
}
},
"dataSources": {
"ds_6F4mslsR": {
"type": "ds.search",
"options": {
"query": "(index=_cmc_summary OR index=summary) source=\"splunk-svc\"\n | stats max(utilized_svc) as utilized_svc\n max(stack_license_svc) as stack_license_svc\n by _time, role, indexer_type\n | stats sum(utilized_svc) as utilized_svc\n latest(stack_license_svc) as stack_license_svc\n by _time | timechart span=1h\n max(utilized_svc) AS utilized_svc\n max(stack_license_svc) AS stack_license_svc\n | trendline sma24(utilized_svc) AS \"average SVC utilization\"\n | eval optimal_threshold=if(stack_license_svc>0, stack_license_svc*.8, null())\n | eval degradation_threshold=stack_license_svc*.9\n | eval degraded=if(stack_license_svc>0 AND utilized_svc>=degradation_threshold,utilized_svc,null())\n | eval elevated=if(stack_license_svc>0 AND utilized_svc>=optimal_threshold AND isnull(degraded),utilized_svc,null())\n | eval utilized_svc=if(isnull(elevated) AND isnull(degraded),utilized_svc,null())\n | eval \"license limit\"=if(stack_license_svc>0,stack_license_svc,null())\n | fields - degradation_threshold stack_license_svc\n | rename optimal_threshold as \"optimal utilization threshold\", utilized_svc as \"utilized SVC\"",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "stack_svc"
},
"ds_0HJP5tjw": {
"type": "ds.search",
"options": {
"query": "(index=_cmc_summary OR index=summary) source=\"splunk-entitlements\"\n | stats latest(svc_license) as svc_license\n | eval display=if(svc_license>0,tostring(svc_license,\"commas\").\" SVC\", \"N/A\")\n | fields display",
"queryParameters": {
"earliest": "-24h@h",
"latest": "now"
}
},
"name": "svc_entitlement"
},
"ds_vFBi4bSQ": {
"type": "ds.search",
"options": {
"query": "(index=_cmc_summary OR index=summary) source=\"splunk-svc-search-attribution\" svc_usage=*\n | fields svc_usage svc_consumer svc_consumption_score search_type search_app search_label search_user search_head_names unified_sid process_type\n | fillnull value=\"\" svc_consumer process_type search_provenances search_type search_app search_label search_user unified_sid search_modes labels search_head_names usage_source\n | search search_app=\"trackme\"\n | stats max(svc_usage) as utilized_svc by _time svc_consumer search_type search_app search_label search_user search_head_names unified_sid process_type\n | timechart span=1h sum(utilized_svc) as sum_svc"
},
"name": "trackme_usage_per_hour"
},
"ds_xSjMkQKs": {
"type": "ds.search",
"options": {
"query": "(index=_cmc_summary OR index=summary) source=\"splunk-svc-search-attribution\" svc_usage=*\n | fields svc_usage svc_consumer svc_consumption_score search_type search_app search_label search_user search_head_names unified_sid process_type\n | fillnull value=\"\" svc_consumer process_type search_provenances search_type search_app search_label search_user unified_sid search_modes labels search_head_names usage_source\n | stats max(svc_usage) as utilized_svc by _time svc_consumer search_type search_app search_label search_user search_head_names unified_sid process_type\n | bucket _time span=1h\n | stats sum(utilized_svc) as svc by _time, search_app\n | eval search_app=if(isnull(search_app) OR search_app=\"\", \"NA\", search_app)\n | eventstats sum(svc) as total_svc by _time\n | eval pct=svc/total_svc*100\n | search search_app=\"trackme\"\n | fields _time search_app pct\n | timechart span=1h first(pct) as pct by search_app\n",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "trackme_pct_stack_usage"
},
"ds_HvTFWH2P": {
"type": "ds.search",
"options": {
"query": "index=_telemetry (host=*.*splunk*.* NOT host=sh*.*splunk*.*) source=*license_usage_summary.log* TERM(\"type=RolloverSummary\") \n| rex field=_raw \"^(?<timestring>\\d\\d-\\d\\d-\\d{4}\\s\\d\\d:\\d\\d:\\d\\d.\\d{3}\\s\\+\\d{4})\" \n| eval _time=strptime(timestring,\"%m-%d-%Y %H:%M:%S.%N%z\") \n| eval z=strftime(now(),\"%z\") \n| eval m=substr(z,-2) \n| eval h=substr(z,2,2) \n| eval mzone=if(z != 0, ((h*60)+m)*(z/abs(z)), 0) \n| eval min_to_utc=-1440-mzone \n| eval rel_time=min_to_utc.\"m\" \n| eval _time=relative_time(_time, rel_time) \n| bin _time span=1d \n| eval slave=if(isnull(slave), \"unknown\", slave)\n| stats latest(b) AS b by slave, pool, _time \n| timechart span=1d sum(b) AS \"volume\" fixedrange=true \n| eval GB=round(volume/1024/1024/1024, 2) \n| stats values(*) as * by _time \n| fields - volume \n| stats avg(GB) as avg_GB \n| eval avg_GB=round(avg_GB, 2)"
},
"name": "stack_ingest"
},
"ds_CMiUQzG8_ds_HvTFWH2P": {
"type": "ds.search",
"options": {
"query": "(index=_cmc_summary OR index=summary) source=\"splunk-svc-search-attribution\" svc_usage=*\n | fields svc_usage svc_consumer svc_consumption_score search_type search_app search_label search_user search_head_names unified_sid process_type\n | fillnull value=\"\" svc_consumer process_type search_provenances search_type search_app search_label search_user unified_sid search_modes labels search_head_names usage_source\n\n | stats max(svc_usage) as utilized_svc by _time svc_consumer search_type search_app search_label search_user search_head_names unified_sid process_type\n | bucket _time span=1h\n | stats sum(utilized_svc) as svc by _time, search_app\n | eval search_app=if(isnull(search_app) OR search_app=\"\", \"NA\", search_app)\n | eventstats sum(svc) as total_svc by _time\n \n | eval pct=svc/total_svc*100\n | search search_app=\"trackme\"\n \n | fields _time search_app pct\n | stats avg(pct) as avg_pct, perc95(pct) as perc95\n"
},
"name": "trackme_pct_single"
},
"ds_ra2AYETO": {
"type": "ds.chain",
"options": {
"extend": "ds_CMiUQzG8_ds_HvTFWH2P",
"query": "| fields avg_pct"
},
"name": "single_pct_avg"
},
"ds_w5uhHl8D": {
"type": "ds.chain",
"options": {
"extend": "ds_CMiUQzG8_ds_HvTFWH2P",
"query": "| fields perc95"
},
"name": "single_pct_perc95"
}
},
"defaults": {
"dataSources": {
"ds.search": {
"options": {
"queryParameters": {
"latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}
}
}
}
},
"inputs": {
"input_global_trp": {
"type": "input.timerange",
"options": {
"token": "global_time",
"defaultValue": "-30d@d,@d"
},
"title": "Global Time Range"
}
},
"layout": {
"type": "absolute",
"options": {
"display": "auto-scale",
"height": 1200
},
"structure": [
{
"item": "viz_wEwqDRvv",
"type": "block",
"position": {
"x": 0,
"y": 130,
"w": 1200,
"h": 310
}
},
{
"item": "viz_CL7Yd48d",
"type": "block",
"position": {
"x": 240,
"y": 10,
"w": 270,
"h": 120
}
},
{
"item": "viz_3dm54Wnf",
"type": "block",
"position": {
"x": 0,
"y": 480,
"w": 1200,
"h": 300
}
},
{
"item": "viz_8NRmlyOE",
"type": "block",
"position": {
"x": 0,
"y": 900,
"w": 1200,
"h": 300
}
},
{
"item": "viz_us5aI0OR",
"type": "block",
"position": {
"x": 670,
"y": 10,
"w": 270,
"h": 120
}
},
{
"item": "viz_rN1Rglnc",
"type": "block",
"position": {
"x": 290,
"y": 790,
"w": 270,
"h": 120
}
},
{
"item": "viz_fGOeP9lm",
"type": "block",
"position": {
"x": 600,
"y": 790,
"w": 270,
"h": 120
}
}
],
"globalInputs": [
"input_global_trp"
]
},
"description": "",
"title": "TrackMe SVC usage stack"
}
]]> </definition>
<meta type="hiddenElements"><![CDATA[
{
"hideEdit": false,
"hideOpenInSearch": false,
"hideExport": false
}
]]> </meta>
</dashboard>

277
dashboards/trackme_trackMe_audit_trackers_perf.xml
Unescape View File

@ -1,277 +0,0 @@
<dashboard version="2" theme="dark">
<label>TrackMe - trackers Performance DeepDive</label>
<description>TrackMe relies on various scheduled objects, each object carefuly reports run time metrics for the purposes of controlling their execution and for reporting purposes</description>
<definition><![CDATA[
{
"dataSources": {
"ds_search_1": {
"type": "ds.search",
"options": {
"query": "| mstats avg(trackme.components_register.runtime) as runtime where `trackme_idx_search_filter` tenant_id=\"$tk_tenant_id$\" tracker=\"$tk_tracker$\" by tenant_id, tracker span=1m\n| timechart bins=1000 minspan=10m limit=100 useother=f avg(runtime) as avg_run_time by tracker",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "trackers_perf_overtime"
},
"ds_VvNmlkQC": {
"type": "ds.search",
"options": {
"query": "| mstats avg(trackme.components_register.runtime) as run_time where `trackme_idx_search_filter` tenant_id=\"$tk_tenant_id$\" tracker=\"$tk_tracker$\" by tenant_id, tracker span=5m\n| stats avg(run_time) as avg_run_time, perc95(run_time) as perc95_run_time, max(run_time) as max_run_time, latest(run_time) as latest_run_time, sparkline(avg(run_time),) As avg_sparkline by tenant_id, tracker \n| foreach avg_run_time perc95_run_time max_run_time latest_run_time [ eval <<FIELD>> = round('<<FIELD>>', 3) ]\n| sort 0 tenant_id, tracker",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "trackers_perf_table"
},
"ds_Mg04DNO6": {
"type": "ds.search",
"options": {
"query": "| mcatalog values(metric_name) as metrics where `trackme_idx_search_filter` metric_name=\"trackme.components_register.runtime\" by tenant_id, tracker",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "trackers_populate"
},
"ds_4LUsXK1K": {
"type": "ds.chain",
"options": {
"extend": "ds_Mg04DNO6",
"query": "| stats count by tenant_id \n| sort 0 tenant_id"
},
"name": "trackers_populate_tenant_id"
},
"ds_8CDSsoWe": {
"type": "ds.chain",
"options": {
"extend": "ds_Mg04DNO6",
"query": "| search tenant_id=$tk_tenant_id$\n| stats count by tracker\n| sort 0 tracker"
},
"name": "trackers_populate_trackers"
},
"ds_EMTeLajw": {
"type": "ds.search",
"options": {
"query": "| mstats avg(trackme.components_register.runtime) as avg_run_time where `trackme_idx_search_filter` tenant_id=\"$tk_tenant_id$\" tracker=\"$tk_tracker$\" by tenant_id, tracker\n| foreach avg_run_time [ eval <<FIELD>> = round('<<FIELD>>', 3) ]\n| sort - 0 avg_run_time | fields tracker avg_run_time",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "tracker_perf_top"
}
},
"visualizations": {
"viz_chart_1": {
"type": "splunk.line",
"dataSources": {
"primary": "ds_search_1"
},
"options": {
"yAxisAbbreviation": "auto",
"y2AxisAbbreviation": "auto",
"showRoundedY2AxisLabels": false,
"showY2MajorGridLines": true,
"xAxisLabelRotation": 0,
"xAxisTitleVisibility": "show",
"yAxisTitleVisibility": "show",
"y2AxisTitleVisibility": "show",
"yAxisScale": "linear",
"showOverlayY2Axis": 0,
"y2AxisScale": "inherit",
"showSplitSeries": 0,
"showIndependentYRanges": 0,
"legendMode": "standard",
"legendDisplay": "right",
"lineWidth": 2,
"backgroundColor": "#000000",
"legendTruncation": "ellipsisMiddle",
"yAxisTitleText": "runtime (sec)",
"xAxisTitleText": "none",
"dataValuesDisplay": "minmax"
},
"title": "Trackers runtime performance monitor over time",
"description": "All trackers their runtime performance for auditing purposes"
},
"viz_29HlXL59": {
"type": "splunk.image",
"options": {
"preserveAspectRatio": true,
"src": "../../static/app/trackme/icons/trackme.png"
}
},
"viz_3EEh1XOA": {
"type": "splunk.table",
"dataSources": {
"primary": "ds_VvNmlkQC"
},
"title": "Trackers runtime performance table",
"options": {
"count": 30
}
},
"viz_4Z09XAG7": {
"type": "splunk.pie",
"options": {
"showDonutHole": true
},
"dataSources": {
"primary": "ds_EMTeLajw"
},
"showProgressBar": false,
"showLastUpdated": false,
"title": "Prominent trackers by average runtime"
}
},
"inputs": {
"input_global_trp": {
"type": "input.timerange",
"options": {
"token": "global_time",
"defaultValue": "-24h@h,now"
},
"title": "Period:"
},
"input_uHIQHlyb": {
"options": {
"items": ">frame(label, value) | prepend(formattedStatics) | objects()",
"defaultValue": "*",
"token": "tk_tenant_id"
},
"title": "tenant_id:",
"type": "input.dropdown",
"dataSources": {
"primary": "ds_4LUsXK1K"
},
"context": {
"formattedConfig": {
"number": {
"prefix": ""
}
},
"formattedStatics": ">statics | formatByType(formattedConfig)",
"statics": [
[
"All"
],
[
"*"
]
],
"label": ">primary | seriesByName(\"tenant_id\") | renameSeries(\"label\") | formatByType(formattedConfig)",
"value": ">primary | seriesByName(\"tenant_id\") | renameSeries(\"value\") | formatByType(formattedConfig)"
}
},
"input_nAuOVL6b": {
"options": {
"items": ">frame(label, value) | prepend(formattedStatics) | objects()",
"defaultValue": "*",
"token": "tk_tracker"
},
"title": "tracker:",
"type": "input.dropdown",
"dataSources": {
"primary": "ds_8CDSsoWe"
},
"context": {
"formattedConfig": {
"number": {
"prefix": ""
}
},
"formattedStatics": ">statics | formatByType(formattedConfig)",
"statics": [
[
"All"
],
[
"*"
]
],
"label": ">primary | seriesByName(\"tracker\") | renameSeries(\"label\") | formatByType(formattedConfig)",
"value": ">primary | seriesByName(\"tracker\") | renameSeries(\"value\") | formatByType(formattedConfig)"
}
}
},
"layout": {
"type": "absolute",
"options": {
"height": 1800,
"width": 1920
},
"structure": [
{
"item": "viz_chart_1",
"type": "block",
"position": {
"x": 0,
"y": 470,
"w": 1750,
"h": 385
}
},
{
"item": "viz_29HlXL59",
"type": "block",
"position": {
"x": 1630,
"y": 20,
"w": 120,
"h": 60
}
},
{
"item": "viz_3EEh1XOA",
"type": "block",
"position": {
"x": 0,
"y": 880,
"w": 1750,
"h": 880
}
},
{
"item": "viz_4Z09XAG7",
"type": "block",
"position": {
"x": 0,
"y": 90,
"w": 1750,
"h": 360
}
}
],
"globalInputs": [
"input_global_trp",
"input_uHIQHlyb",
"input_nAuOVL6b"
]
},
"title": "TrackMe - trackers Performance DeepDive",
"defaults": {
"dataSources": {
"ds.search": {
"options": {
"queryParameters": {
"latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}
}
}
}
},
"description": "TrackMe relies on various scheduled objects, each object carefuly reports run time metrics for the purposes of controlling their execution and for reporting purposes"
}
]]> </definition>
<meta type="hiddenElements"><![CDATA[
{
"hideEdit": false,
"hideOpenInSearch": false,
"hideExport": false
}
]]> </meta>
</dashboard>

249
dashboards/trackme_trackMe_commands_log_inspector.xml
Unescape View File

@ -1,249 +0,0 @@
<dashboard version="2" theme="dark">
<label>TrackMe - logs inspector</label>
<description>This dashboards provides quick access to TrackMe REST API and custom commands logging events</description>
<definition><![CDATA[
{
"dataSources": {
"ds_search_1": {
"type": "ds.search",
"options": {
"query": "index=_internal $tk_command$ log_level=$tk_log_level$ $tk_search$ NOT \"remote_configs_proxy.py\"\n| rex field=sourcetype \"trackme:custom_commands:(?<command>.*)\"\n| eval command=if(sourcetype=\"trackme:rest_api\", \"rest_api\", command)\n| where isnotnull(command)\n| table _time, log_level, command, _raw\n| sort - _time",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "loggging_events"
},
"ds_Gq750aYx": {
"type": "ds.search",
"options": {
"query": "| tstats count where index=_internal (sourcetype=trackme:rest_api OR sourcetype=trackme:custom_commands:*) by sourcetype\n| rex field=\"sourcetype\" \"trackme:custom_commands:(?<command>.*)\"\n| eval command=if(sourcetype=\"trackme:rest_api\", \"rest_api\", command)\n| stats count by sourcetype, command\n| eval sourcetype = \"sourcetype=\\\"\" . sourcetype . \"\\\"\"\n| sort limit=0 command",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "populate_commands"
},
"ds_UpugjNjy": {
"type": "ds.search",
"options": {
"query": "index=_internal $tk_command$ log_level=$tk_log_level$ $tk_search$ NOT \"remote_configs_proxy.py\"\n| rex field=sourcetype \"trackme:custom_commands:(?<command>.*)\"\n| eval command=if(sourcetype=\"trackme:rest_api\", \"rest_api\", command)\n| where isnotnull(command)\n| timechart count minspan=5m count limit=0 by log_level",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "events_by_log_level"
}
},
"visualizations": {
"viz_table_1": {
"type": "splunk.table",
"options": {
"columnFormat": {
"log_level": {
"data": "> table | seriesByName(\"log_level\") | formatByType(log_levelColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"log_level\") | matchValue(log_levelRowColorsEditorConfig)"
}
},
"count": 100
},
"context": {
"log_levelColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
},
"log_levelRowColorsEditorConfig": [
{
"match": "WARNING",
"value": "#DD9900"
},
{
"match": "INFO",
"value": "#00CDAF"
},
{
"match": "ERROR",
"value": "#FF677B"
},
{
"match": "DEBUG",
"value": "#009CEB"
}
]
},
"dataSources": {
"primary": "ds_search_1"
},
"title": "Logging events"
},
"viz_dtUfQMrD": {
"type": "splunk.column",
"options": {
"stackMode": "stacked",
"seriesColorsByField": "{\"ERROR\": \"#FF677B\", \"WARNING\": \"#DD9900\", \"INFO\": \"#00CDAF\", \"DEBUG\": \"#009CEB\"}"
},
"dataSources": {
"primary": "ds_UpugjNjy"
},
"title": "Events by logging level over time"
},
"viz_NmxZjn2m": {
"type": "splunk.image",
"options": {
"preserveAspectRatio": true,
"src": "../../static/app/trackme/icons/trackme.png"
}
}
},
"inputs": {
"input_global_trp": {
"type": "input.timerange",
"options": {
"token": "global_time",
"defaultValue": "-24h@h,now"
},
"title": "Global Time Range:"
},
"input_Ttw13HLX": {
"options": {
"items": ">frame(label, value) | prepend(formattedStatics) | objects()",
"defaultValue": "(sourcetype=trackme:rest_api OR sourcetype=trackme:custom_commands:*)",
"token": "tk_command"
},
"title": "Select TrackMe context:",
"type": "input.dropdown",
"dataSources": {
"primary": "ds_Gq750aYx"
},
"context": {
"formattedConfig": {
"number": {
"prefix": ""
}
},
"formattedStatics": ">statics | formatByType(formattedConfig)",
"statics": [
[
"All"
],
[
"(sourcetype=trackme:rest_api OR sourcetype=trackme:custom_commands:*)"
]
],
"label": ">primary | seriesByName(\"command\") | renameSeries(\"label\") | formatByType(formattedConfig)",
"value": ">primary | seriesByName(\"sourcetype\") | renameSeries(\"value\") | formatByType(formattedConfig)"
}
},
"input_bUyD9U0q": {
"options": {
"items": [
{
"label": "All",
"value": "*"
},
{
"label": "INFO",
"value": "INFO"
},
{
"label": "ERROR",
"value": "ERROR"
},
{
"label": "WARNING",
"value": "WARNING"
},
{
"label": "DEBUG",
"value": "DEBUG"
}
],
"defaultValue": "*",
"token": "tk_log_level"
},
"title": "Logging level:",
"type": "input.dropdown"
},
"input_ycfwyDO6": {
"options": {
"defaultValue": "*",
"token": "tk_search"
},
"title": "Key word search:",
"type": "input.text"
}
},
"layout": {
"type": "absolute",
"options": {
"display": "auto-scale",
"width": 1920,
"height": 1800
},
"structure": [
{
"item": "viz_table_1",
"type": "block",
"position": {
"x": 0,
"y": 420,
"w": 1920,
"h": 1060
}
},
{
"item": "viz_dtUfQMrD",
"type": "block",
"position": {
"x": 0,
"y": 110,
"w": 1920,
"h": 290
}
},
{
"item": "viz_NmxZjn2m",
"type": "block",
"position": {
"x": 1800,
"y": -90,
"w": 120,
"h": 300
}
}
],
"globalInputs": [
"input_global_trp",
"input_Ttw13HLX",
"input_bUyD9U0q",
"input_ycfwyDO6"
]
},
"title": "TrackMe - logs inspector",
"defaults": {
"dataSources": {
"ds.search": {
"options": {
"queryParameters": {
"latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}
}
}
}
},
"description": "This dashboards provides quick access to TrackMe REST API and custom commands logging events"
}
]]> </definition>
<meta type="hiddenElements"><![CDATA[
{
"hideEdit": false,
"hideOpenInSearch": false,
"hideExport": false
}
]]> </meta>
</dashboard>

284
dashboards/trackme_trackMe_internal_scheduling.xml
Unescape View File

@ -1,284 +0,0 @@
<form version="1.1" theme="dark" hideEdit="true">
<label>TrackMe - Internal scheduling audit</label>
<!-- main search for scheduling cost -->
<search id="scheduling_mainsearch" ref="trackme_internal_scheduling_ui_main_search"></search>
<search id="scheduling_table" ref="trackme_internal_scheduling_ui_main_table">
<earliest>$timerange_scheduled.earliest$</earliest>
<latest>$timerange_scheduled.latest$</latest>
</search>
<fieldset submitButton="false"></fieldset>
<row>
<panel>
<title>Scheduling summary</title>
<single>
<search ref="trackme_internal_scheduling_ui_summary"></search>
<option name="colorBy">value</option>
<option name="colorMode">none</option>
<option name="drilldown">all</option>
<option name="numberPrecision">0</option>
<option name="rangeColors">["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"]</option>
<option name="rangeValues">[0,30,70,100]</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="underLabel">AVERAGE NUMBER OF SCHEDULED SEARCHES PER 5 MIN</option>
<option name="unit">Scheduled searches / 5 min</option>
<option name="unitPosition">after</option>
<option name="useColors">0</option>
<option name="useThousandSeparators">1</option>
</single>
<single>
<search base="scheduling_mainsearch">
<query>fields avg_run_time</query>
</search>
<option name="colorBy">value</option>
<option name="colorMode">none</option>
<option name="drilldown">all</option>
<option name="numberPrecision">0.00</option>
<option name="rangeColors">["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"]</option>
<option name="rangeValues">[0,30,70,100]</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="underLabel">AVERAGE RUN TIME PER DAY</option>
<option name="unit">sec</option>
<option name="unitPosition">after</option>
<option name="useColors">0</option>
<option name="useThousandSeparators">1</option>
</single>
<single>
<search base="scheduling_mainsearch">
<query>fields max_run_time</query>
</search>
<option name="colorBy">value</option>
<option name="colorMode">none</option>
<option name="drilldown">all</option>
<option name="numberPrecision">0.00</option>
<option name="rangeColors">["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"]</option>
<option name="rangeValues">[0,30,70,100]</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="underLabel">MAX RUN TIME PER DAY</option>
<option name="unit">sec</option>
<option name="unitPosition">after</option>
<option name="useColors">0</option>
<option name="useThousandSeparators">1</option>
</single>
<single>
<search base="scheduling_mainsearch">
<query>fields sum_run_time</query>
</search>
<option name="colorBy">value</option>
<option name="colorMode">none</option>
<option name="drilldown">all</option>
<option name="numberPrecision">0.00</option>
<option name="rangeColors">["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"]</option>
<option name="rangeValues">[0,30,70,100]</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="underLabel">AVERAGE SUM RUN TIME PER DAY</option>
<option name="unit">sec</option>
<option name="unitPosition">after</option>
<option name="useColors">0</option>
<option name="useThousandSeparators">1</option>
</single>
</panel>
</row>
<row>
<panel>
<input type="time" token="timerange_scheduled" searchWhenChanged="true">
<label>Time Range:</label>
<default>
<earliest>-24h@h</earliest>
<latest>now</latest>
</default>
</input>
</panel>
</row>
<row>
<panel>
<title>Count of Scheduler Executions</title>
<table>
<search ref="trackme_internal_scheduling_ui_count">
<earliest>$timerange_scheduled.earliest$</earliest>
<latest>$timerange_scheduled.latest$</latest>
</search>
</table>
</panel>
<panel>
<title>Count of Scheduler Executions Over Time</title>
<chart>
<search ref="trackme_internal_scheduling_ui_count_overtime">
<earliest>$timerange_scheduled.earliest$</earliest>
<latest>$timerange_scheduled.latest$</latest>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">collapsed</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.abbreviation">none</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.abbreviation">none</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.abbreviation">none</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">column</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">stacked</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">none</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.mode">standard</option>
<option name="charting.legend.placement">right</option>
<option name="charting.lineWidth">2</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
</chart>
</panel>
</row>
<row>
<panel>
<title>Trackers run time performance over time</title>
<chart>
<search ref="trackme_internal_scheduling_ui_tracker_perf">
<earliest>$timerange_scheduled.earliest$</earliest>
<latest>$timerange_scheduled.latest$</latest>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.abbreviation">none</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.abbreviation">none</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.abbreviation">none</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">line</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">none</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.mode">standard</option>
<option name="charting.legend.placement">right</option>
<option name="charting.lineWidth">2</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
</chart>
</panel>
</row>
<row>
<panel>
<title>Trackers run time performance summary statistics</title>
<table>
<search ref="trackme_internal_scheduling_ui_tracker_perf_table">
<earliest>$timerange_scheduled.earliest$</earliest>
<latest>$timerange_scheduled.latest$</latest>
</search>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">row</option>
<option name="count">10</option>
<option name="refresh.display">none</option>
<option name="percentagesRow">false</option>
<format type="color" field="avg_sparkline">
<colorPalette type="minMidMax" maxColor="#31A35F" minColor="#353535"></colorPalette>
<scale type="minMidMax"></scale>
</format>
</table>
</panel>
</row>
<row>
<panel>
<title>TrackMe tracker executor logs</title>
<event>
<search ref="trackme_internal_scheduling_ui_executor_logs">
<earliest>$timerange_scheduled.earliest$</earliest>
<latest>$timerange_scheduled.latest$</latest>
</search>
<option name="count">10</option>
<option name="list.drilldown">none</option>
<option name="list.wrap">1</option>
<option name="maxLines">5</option>
<option name="raw.drilldown">none</option>
<option name="rowNumbers">0</option>
<option name="table.drilldown">all</option>
<option name="table.sortDirection">asc</option>
<option name="table.wrap">1</option>
<option name="type">raw</option>
</event>
</panel>
</row>
<row>
<panel>
<title>Trackers - These scheduled reports are responsible for discovering and maintaining data states</title>
<chart>
<search base="scheduling_table">
<query>search "report (savedsearch_name)"="*_tracker_*" | fields "report (savedsearch_name)", avg_run_time</query>
</search>
<option name="charting.chart">pie</option>
<option name="charting.drilldown">all</option>
</chart>
<table>
<search base="scheduling_table">
<query>search "report (savedsearch_name)"="*_tracker_*" | sort "report (savedsearch_name)" | fields - avg_run_time</query>
</search>
<option name="count">100</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="rowNumbers">false</option>
<option name="wrap">true</option>
</table>
</panel>
</row>
<row>
<panel>
<title>Alerts &amp; Miscellaneous - Builtin alerts and various scheduled reports related to the application</title>
<chart>
<search base="scheduling_table">
<query>search "report (savedsearch_name)"!="*_tracker_*" | fields "report (savedsearch_name)", avg_run_time</query>
</search>
<option name="charting.chart">pie</option>
<option name="charting.drilldown">all</option>
</chart>
<table>
<search base="scheduling_table">
<query>search "report (savedsearch_name)"!="*_tracker_*" | sort "report (savedsearch_name)" | fields - avg_run_time</query>
</search>
<option name="count">100</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="rowNumbers">false</option>
<option name="wrap">true</option>
</table>
</panel>
</row>
</form>

234
dashboards/trackme_trackMe_kvstore.xml
Unescape View File

@ -1,234 +0,0 @@
<dashboard version="2" theme="dark">
<label>TrackMe - KVstore collections audit</label>
<description>This dashboard shows the size for all KVstore collections, as well as their number of objects</description>
<definition><![CDATA[
{
"dataSources": {
"ds_6rcal2tp": {
"type": "ds.search",
"options": {
"query": "| rest splunk_server=local /services/server/introspection/kvstore/collectionstats\n| mvexpand data\n| spath input=data\n| rex field=ns \"(?<App>.*)\\.(?<Collection>.*)\"\n| rex field=Collection \".*_(?<tenant_id>.*)$\"\n| eval tenant_id=if(match(Collection, \"(?:kv_trackme_backup_archives_info|kv_trackme_maintenance_mode|kv_trackme_user_pref|kv_trackme_virtual_tenants_entities_summary|kv_trackme_user_uipref)\"), \"common\", tenant_id)\n| where App=\"trackme\"\n| eval dbsize=round(size/1024/1024, 2)\n| eval indexsize=round(totalIndexSize/1024/1024, 2)\n| stats first(count) AS \"Number of Objects\" first(dbsize) AS \"Collection Size (MB)\" by tenant_id, Collection\n| sort tenant_id, Collection",
"queryParameters": {
"earliest": "-5m",
"latest": "now"
}
},
"name": "kvstore_collections_table"
},
"ds_Ux6AXFkI": {
"type": "ds.chain",
"options": {
"extend": "ds_6rcal2tp",
"query": "| search tenant_id=$tk_tenant_id$\n| stats dc(Collection) as dcount"
},
"name": "dcount_collections"
},
"ds_mJ8G3LHO": {
"type": "ds.chain",
"options": {
"extend": "ds_6rcal2tp",
"query": "| search tenant_id=$tk_tenant_id$\n| stats sum(\"Collection Size (MB)\") as total_mb"
},
"name": "sum_collections"
},
"ds_YlggFnPS": {
"type": "ds.chain",
"options": {
"extend": "ds_6rcal2tp",
"query": "| stats count by tenant_id \n| sort 0 tenant_id"
},
"name": "list_tenants"
},
"ds_avugorVn": {
"type": "ds.chain",
"options": {
"extend": "ds_6rcal2tp",
"query": "| search tenant_id=$tk_tenant_id$\n| sort tenant_id, Collection"
},
"name": "table_collections"
},
"ds_KxiIwB4q": {
"type": "ds.chain",
"options": {
"extend": "ds_6rcal2tp",
"query": "| search tenant_id=$tk_tenant_id$\n| stats sum(\"Number of Objects\") as no_records"
},
"name": "no_records"
}
},
"visualizations": {
"viz_table_1": {
"type": "splunk.singlevalue",
"options": {
"unit": "collections",
"backgroundColor": "transparent"
},
"dataSources": {
"primary": "ds_Ux6AXFkI"
},
"showProgressBar": false,
"showLastUpdated": false,
"description": ""
},
"viz_2LxfoWGB": {
"type": "splunk.table",
"options": {
"count": 15
},
"dataSources": {
"primary": "ds_avugorVn"
}
},
"viz_kvM2Jjrl": {
"type": "splunk.singlevalue",
"options": {
"unit": "MB",
"numberPrecision": 3,
"backgroundColor": "transparent"
},
"dataSources": {
"primary": "ds_mJ8G3LHO"
},
"showProgressBar": false,
"showLastUpdated": false,
"description": ""
},
"viz_aMEf9KSl": {
"type": "splunk.image",
"options": {
"preserveAspectRatio": true,
"src": "../../static/app/trackme/icons/trackme.png"
}
},
"viz_tDM7CEie": {
"type": "splunk.singlevalue",
"options": {
"unit": "records",
"backgroundColor": "transparent"
},
"dataSources": {
"primary": "ds_KxiIwB4q"
},
"showProgressBar": false,
"showLastUpdated": false,
"description": ""
}
},
"inputs": {
"input_SFyxNLxE": {
"options": {
"items": ">frame(label, value) | prepend(formattedStatics) | objects()",
"defaultValue": "*",
"token": "tk_tenant_id"
},
"title": "Tenant:",
"type": "input.dropdown",
"dataSources": {
"primary": "ds_YlggFnPS"
},
"context": {
"formattedConfig": {
"number": {
"prefix": ""
}
},
"formattedStatics": ">statics | formatByType(formattedConfig)",
"statics": [
[
"All"
],
[
"*"
]
],
"label": ">primary | seriesByName(\"tenant_id\") | renameSeries(\"label\") | formatByType(formattedConfig)",
"value": ">primary | seriesByName(\"tenant_id\") | renameSeries(\"value\") | formatByType(formattedConfig)"
}
}
},
"layout": {
"type": "absolute",
"options": {
"width": 1920,
"height": 1080
},
"structure": [
{
"item": "viz_table_1",
"type": "block",
"position": {
"x": 10,
"y": 80,
"w": 250,
"h": 60
}
},
{
"item": "viz_2LxfoWGB",
"type": "block",
"position": {
"x": 10,
"y": 140,
"w": 1750,
"h": 920
}
},
{
"item": "viz_kvM2Jjrl",
"type": "block",
"position": {
"x": 320,
"y": 80,
"w": 200,
"h": 60
}
},
{
"item": "viz_aMEf9KSl",
"type": "block",
"position": {
"x": 1630,
"y": 70,
"w": 120,
"h": 60
}
},
{
"item": "viz_tDM7CEie",
"type": "block",
"position": {
"x": 590,
"y": 80,
"w": 200,
"h": 60
}
}
],
"globalInputs": [
"input_SFyxNLxE"
]
},
"title": "TrackMe - KVstore collections audit",
"defaults": {
"dataSources": {
"ds.search": {
"options": {
"queryParameters": {
"latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}
}
}
}
},
"description": "This dashboard shows the size for all KVstore collections, as well as their number of objects"
}
]]> </definition>
<meta type="hiddenElements"><![CDATA[
{
"hideEdit": false,
"hideOpenInSearch": false,
"hideExport": false
}
]]> </meta>
</dashboard>

514
dashboards/trackme_trackMe_remote_accounts_overview.xml
Unescape View File

@ -1,514 +0,0 @@
<dashboard version="2" theme="dark">
<label>TrackMe - Splunk Remote Accounts Status Overview</label>
<description></description>
<definition><![CDATA[
{
"title": "TrackMe - Splunk Remote Accounts Status Overview",
"description": "",
"inputs": {
"input_TtwBw5Ye": {
"options": {
"items": [
{
"label": "All",
"value": "*"
},
{
"label": "Failure",
"value": "failure"
},
{
"label": "Success",
"value": "success"
}
],
"defaultValue": "*",
"token": "tk_status"
},
"title": "Filter table on Status:",
"type": "input.dropdown"
},
"input_LpXj9z03": {
"options": {
"items": [
{
"label": "False",
"value": "account, app_namespace, host, status, message"
},
{
"label": "True",
"value": "account, app_namespace, host, status, message, rbac_roles, timeout*, token_rotation_enablement, token_rotation_frequency"
}
],
"token": "tk_show_allfields",
"defaultValue": "account, app_namespace, host, status, message"
},
"title": "Show Detailed Config",
"type": "input.dropdown"
}
},
"defaults": {
"dataSources": {
"ds.search": {
"options": {
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
}
}
}
},
"visualizations": {
"viz_28VB9M4d": {
"context": {
"majorColorEditorConfig": [
{
"to": 1,
"value": "#e85b79"
},
{
"from": 1,
"value": "#45d4ba"
}
]
},
"dataSources": {
"primary": "ds_iLucdxbU"
},
"description": "",
"options": {
"majorColor": "> majorValue | rangeValue(majorColorEditorConfig)"
},
"title": "# Successfully connected Remote Accounts",
"type": "splunk.singlevalue"
},
"viz_FUEI8OpS": {
"options": {
"preserveAspectRatio": true,
"src": "../../static/app/trackme/icons/trackme.png"
},
"type": "splunk.image"
},
"viz_K39k1shE": {
"context": {
"majorColorEditorConfig": [
{
"to": 1,
"value": "#4fa484"
},
{
"from": 1,
"value": "#e85b79"
}
]
},
"dataSources": {
"primary": "ds_J3Ns07IG"
},
"options": {
"majorColor": "> majorValue | rangeValue(majorColorEditorConfig)",
"trendColor": "#45d4ba"
},
"title": "# Failing Remote Accounts",
"type": "splunk.singlevalue"
},
"viz_chart_1": {
"dataSources": {
"primary": "ds_VbAZ0by4"
},
"options": {
"collapseThreshold": 0.01,
"labelDisplay": "valuesAndPercentage",
"seriesColorsByField": {
"failure": "#e85b79",
"success": "#45d4ba"
},
"showDonutHole": true
},
"title": "Remote Accounts Statuses",
"type": "splunk.pie"
},
"viz_cvPBsXSu": {
"context": {
"overall_ops_pctColumnFormatEditorConfig": {
"number": {
"thousandSeparated": false,
"unitPosition": "after"
}
},
"overall_ops_pctRowColorsEditorConfig": [
{
"to": 100,
"value": "#FE3A3A"
},
{
"from": 100,
"value": "#45d4ba"
}
],
"statusColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
},
"statusRowColorsEditorConfig": [
{
"match": "success",
"value": "#45d4ba"
},
{
"match": "failure",
"value": "#e85b79"
}
]
},
"dataSources": {
"primary": "ds_NjWl6NcX"
},
"options": {
"columnFormat": {
"overall_ops_pct": {
"data": "> table | seriesByName(\"overall_ops_pct\") | formatByType(overall_ops_pctColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"overall_ops_pct\") | rangeValue(overall_ops_pctRowColorsEditorConfig)"
},
"status": {
"data": "> table | seriesByName(\"status\") | formatByType(statusColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"status\") | matchValue(statusRowColorsEditorConfig)"
}
}
},
"title": "Detailed Remote Accounts Statuses",
"type": "splunk.table"
},
"viz_jn3W19To": {
"context": {
"statusColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
},
"statusRowColorsEditorConfig": [
{
"match": "failure",
"value": "#e85b79"
},
{
"match": "success",
"value": "#45D4BA"
}
]
},
"dataSources": {
"primary": "ds_I7q4oaTU"
},
"options": {
"columnFormat": {
"status": {
"data": "> table | seriesByName(\"status\") | formatByType(statusColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"status\") | matchValue(statusRowColorsEditorConfig)"
}
}
},
"title": "Status by Remote Account",
"type": "splunk.table"
},
"viz_qdTyM4tG": {
"type": "splunk.markdown",
"options": {
"markdown": ""
}
},
"viz_FDlLUqfD": {
"type": "splunk.markdown",
"options": {
"markdown": "## About this dashboard:\n\nThis dashboard uses a TrackMe generating custom command `trackmetestremoteaccounts`.\n\nThe command calls internal API endpoints to perform a connectivity and authenticaton verification of the configure Splunk Remote Accounts.\n\nIf a Splunk Remote Account is reported as in failure, this means that it is disconnected for some reasons, review the message to identify the root cause.\n\nConsult our documentation for more information."
}
},
"viz_e740WEz8": {
"context": {
"statusColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
},
"statusRowColorsEditorConfig": [
{
"match": "success",
"value": "#45d4ba"
},
{
"match": "failure",
"value": "#e85b79"
},
{
"match": "disabled",
"value": "#A9A9A9"
},
{
"match": "disabled",
"value": "#A9A9A9"
},
{
"match": "pending",
"value": "#f8be44"
},
{
"match": "late",
"value": "#FF964F"
},
{
"match": "undeterminated",
"value": "#F6540B"
}
]
},
"dataSources": {
"primary": "ds_wgCfjkbl"
},
"options": {
"columnFormat": {
"rotation_status": {
"data": "> table | seriesByName(\"rotation_status\") | formatByType(statusColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"rotation_status\") | matchValue(statusRowColorsEditorConfig)"
}
}
},
"title": "Bearer Tokens Rotation Information",
"type": "splunk.table",
"description": "TrackMe automatically attempts to rotate bearer tokens for Splunk Remote Accounts, this table shows the key information related to this processus:"
},
"viz_reJRiebr": {
"type": "splunk.events",
"dataSources": {
"primary": "ds_iUXUCeKY"
},
"title": "Tokens Rotation Logs (past 30 days)",
"description": "The processus for the rotation of the Splunk Remote Accounts is orchestrated by the General Health Tracker, which executes daily: (index=_internal sourcetype=trackme:rest_api endpoint=maintain_remote_account)"
}
},
"dataSources": {
"ds_I7q4oaTU": {
"name": "accounts_overview",
"options": {
"extend": "ds_Y4xHTfIQ",
"query": "| fields account, status \n| fields - _raw, _time\n| sort 0 account"
},
"type": "ds.chain"
},
"ds_J3Ns07IG": {
"name": "disconnected_accounts",
"options": {
"extend": "ds_Y4xHTfIQ",
"query": "| stats count(eval(status=\"failure\")) as count_disconnected"
},
"type": "ds.chain"
},
"ds_NjWl6NcX": {
"name": "table_tenants",
"options": {
"extend": "ds_Y4xHTfIQ",
"query": "| table account, app_namespace, host, port, status, message, *\n| fields - _raw, _time\n| search status=\"$tk_status$\"\n| rex field=status mode=sed \"s/\\\"success/\\\"🟢 success/g\"\n| rex field=status mode=sed \"s/\\\"failure/\\\"❌ failure/g\"\n| fields $tk_show_allfields$"
},
"type": "ds.chain"
},
"ds_VbAZ0by4": {
"name": "tenants_count_by_status",
"options": {
"extend": "ds_Y4xHTfIQ",
"query": "| stats count by status"
},
"type": "ds.chain"
},
"ds_Y4xHTfIQ": {
"name": "remote_accounts_statuses_main",
"options": {
"query": "| trackmetestremoteaccounts accounts=*\n``` lookup bearer tokens rotation metadata ```\n| lookup trackme_remote_account_token_expiration account OUTPUT last_message as rotation_last_message, mtime as rotation_mtime, remote_bearer_token_id\n\n``` investigate tokens rotation ```\n| eval token_age_sec=now()-rotation_mtime\n| eval time_since_last_rotation=tostring(round(now()-rotation_mtime), \"duration\")\n| eval rotation_mtime=strftime(rotation_mtime, \"%c %Z\")\n| eval token_max_age_expected_sec=token_rotation_frequency*86400\n| eval rotation_status = case(\ntoken_rotation_enablement!=1, \"disabled\",\ntoken_rotation_enablement=1 AND match(rotation_last_message, \"Bearer token renewal operated at\") AND token_age_sec<token_max_age_expected_sec, \"success\",\ntoken_rotation_enablement=1 AND match(rotation_last_message, \"Bearer token renewal operated at\") AND token_age_sec>=token_max_age_expected_sec, \"late\",\ntoken_rotation_enablement=1 AND isnull(remote_bearer_token_id), \"pending\",\n1=1, \"undeterminated\"\n)",
"queryParameters": {
"earliest": "-5m",
"latest": "now"
}
},
"type": "ds.search"
},
"ds_iLucdxbU": {
"name": "connected_accounts",
"options": {
"extend": "ds_Y4xHTfIQ",
"query": "| stats count(eval(status=\"success\")) as count_connected"
},
"type": "ds.chain"
},
"ds_wgCfjkbl": {
"type": "ds.chain",
"options": {
"query": "table account, token_rotation_enablement, token_rotation_frequency, rotation_last_message, rotation_mtime, time_since_last_rotation, rotation_status",
"extend": "ds_Y4xHTfIQ"
},
"name": "roatation_table_summary"
},
"ds_iUXUCeKY": {
"type": "ds.search",
"options": {
"query": "index=_internal sourcetype=trackme:rest_api endpoint=maintain_remote_account",
"queryParameters": {
"earliest": "-30d@d",
"latest": "now"
}
},
"name": "tokens_rotation_logs"
}
},
"layout": {
"globalInputs": [
"input_TtwBw5Ye",
"input_LpXj9z03"
],
"layoutDefinitions": {
"layout_1": {
"options": {
"height": 1800,
"width": 1920
},
"structure": [
{
"item": "viz_chart_1",
"position": {
"h": 250,
"w": 590,
"x": 590,
"y": 160
},
"type": "block"
},
{
"item": "viz_jn3W19To",
"position": {
"h": 250,
"w": 570,
"x": 1190,
"y": 160
},
"type": "block"
},
{
"item": "viz_K39k1shE",
"position": {
"h": 120,
"w": 570,
"x": 10,
"y": 290
},
"type": "block"
},
{
"item": "viz_28VB9M4d",
"position": {
"h": 120,
"w": 570,
"x": 10,
"y": 160
},
"type": "block"
},
{
"item": "viz_cvPBsXSu",
"position": {
"h": 1370,
"w": 1750,
"x": 10,
"y": 420
},
"type": "block"
},
{
"item": "viz_FUEI8OpS",
"position": {
"h": 60,
"w": 120,
"x": 1630,
"y": 10
},
"type": "block"
},
{
"item": "viz_qdTyM4tG",
"type": "block",
"position": {
"x": 0,
"y": 1440,
"w": 300,
"h": 300
}
},
{
"item": "viz_FDlLUqfD",
"type": "block",
"position": {
"x": 20,
"y": 20,
"w": 1220,
"h": 140
}
}
],
"type": "absolute"
},
"layout_G7KHXSd1": {
"type": "grid",
"structure": [
{
"item": "viz_e740WEz8",
"type": "block",
"position": {
"x": 0,
"y": 0,
"w": 1200,
"h": 1026
}
}
]
},
"layout_pjANVB8c": {
"type": "grid",
"structure": [
{
"item": "viz_reJRiebr",
"type": "block",
"position": {
"x": 0,
"y": 0,
"w": 1200,
"h": 900
}
}
]
}
},
"tabs": {
"items": [
{
"label": "Overview Statuses",
"layoutId": "layout_1"
},
{
"layoutId": "layout_G7KHXSd1",
"label": "Token Rotation Statuses"
},
{
"layoutId": "layout_pjANVB8c",
"label": "Token Rotation Logs"
}
]
}
}
}
]]></definition>
<meta type="hiddenElements"><![CDATA[
{
"hideEdit": false,
"hideOpenInSearch": false,
"hideExport": false
}
]]></meta>
</dashboard>

408
dashboards/trackme_trackMe_sla.xml
Unescape View File

@ -1,408 +0,0 @@
<dashboard version="2" theme="dark">
<label>TrackMe - Quality Of Service Auditing - SLA compliance reporting</label>
<description></description>
<definition><![CDATA[
{
"dataSources": {
"ds_Mg04DNO6": {
"type": "ds.search",
"options": {
"query": "| mcatalog values(metric_name) as metrics where `trackme_idx_search_filter` metric_name=trackme.sla.object_state by tenant_id, object_category, object\n| fields tenant_id, object_category, object",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "populate_tenants"
},
"ds_4LUsXK1K": {
"type": "ds.chain",
"options": {
"extend": "ds_Mg04DNO6",
"query": "| stats count by tenant_id \n| sort 0 tenant_id"
},
"name": "populate_tenant_id"
},
"ds_KWAYq9tR": {
"type": "ds.chain",
"options": {
"extend": "ds_Mg04DNO6",
"query": "| search tenant_id=\"$tk_tenant_id$\"\n| stats count by object_category\n| sort 0 object_category"
},
"name": "populate_object_category"
},
"ds_RiJ5iY8a": {
"type": "ds.chain",
"options": {
"extend": "ds_Mg04DNO6",
"query": "| search tenant_id=\"$tk_tenant_id$\" object_category=\"$tk_object_category$\"\n| stats c by object\n| sort 0 object"
},
"name": "populate_object"
},
"ds_OXKeKxE8": {
"type": "ds.search",
"options": {
"query": "| mstats latest(trackme.sla.object_state) as object_state where `trackme_idx_search_filter` tenant_id=$tk_tenant_id$ object_category=\"$tk_object_category$\" object=\"$tk_object$\" priority=\"$tk_priority$\" monitored_state=\"enabled\" [ | inputlookup trackme_virtual_tenants | eval keyid=_key | table tenant_id ] by tenant_id, object_category, object, priority, monitored_state span=1m\n| eval current_state=case(\n object_state = 1, \"green\",\n object_state = 2, \"red\",\n object_state = 3, \"orange\",\n object_state = 4, \"blue\",\n object_state = 5, \"unknown\"\n )\n| fields _time tenant_id, object_category, object, current_state, priority, monitored_state\n| stats first(current_state) as current_state, first(priority) as priority, first(monitored_state) as monitored_state by _time, tenant_id, object_category, object\n| streamstats last(_time) as \"prev_time\", last(current_state) as prev_state current=f by tenant_id, object_category, object\n| where NOT [ | trackmereturnmaintenancedb tenant_id=$tk_tenant_id$ | table search_str | return $search_str ]\n| eval range_duration=_time-prev_time, green_time=case(current_state=\"green\" OR current_state=\"blue\", range_duration), not_green_time=case(current_state!=\"green\" AND current_state!=\"blue\", range_duration)\n| stats sum(range_duration) as range_duration, sum(green_time) as green_time, sum(not_green_time) as not_green_time, latest(priority) as priority, latest(monitored_state) as monitored_state by tenant_id, object_category, object\n| where isnum(range_duration)\n| eval green_time=if(isnum(green_time), green_time, 0), not_green_time=if(isnum(not_green_time), not_green_time, 0), percent_sla=round(green_time/range_duration*100, 2)\n| foreach range_duration green_time not_green_time [ eval <<FIELD>> = tostring('<<FIELD>>', \"duration\") ]\n| search priority=\"$tk_priority$\" AND monitored_state=\"enabled\"\n| fields tenant_id, object, object_category, percent_sla, priority, monitored_state, range_duration, green_time, not_green_time\n| rename range_duration as \"total duration\", green_time as \"duration green\", not_green_time as \"duration not green\"",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "table_sla"
},
"ds_Q8G1MpD1": {
"type": "ds.chain",
"options": {
"extend": "ds_OXKeKxE8",
"query": "| stats avg(percent_sla) as avg"
},
"name": "single_sla"
}
},
"visualizations": {
"viz_29HlXL59": {
"type": "splunk.image",
"options": {
"preserveAspectRatio": true,
"src": "../../static/app/trackme/icons/trackme.png"
}
},
"viz_kkzyyTTf": {
"type": "splunk.table",
"options": {
"count": 50,
"columnFormat": {
"tenant_id": {
"width": 150
},
"object_category": {
"width": 150
},
"object": {
"width": 450
},
"percent_sla": {
"data": "> table | seriesByName(\"percent_sla\") | formatByType(percent_slaColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"percent_sla\") | rangeValue(percent_slaRowColorsEditorConfig)",
"width": 150
},
"priority": {
"data": "> table | seriesByName(\"priority\") | formatByType(priorityColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"priority\") | matchValue(priorityRowColorsEditorConfig)",
"width": 100
},
"monitored_state": {
"data": "> table | seriesByName(\"monitored_state\") | formatByType(monitored_stateColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"monitored_state\") | matchValue(monitored_stateRowColorsEditorConfig)",
"width": 150
},
"total duration": {
"width": 185
},
"duration green": {
"width": 185
},
"duration not green": {
"width": 185
}
}
},
"dataSources": {
"primary": "ds_OXKeKxE8"
},
"context": {
"percent_slaColumnFormatEditorConfig": {
"number": {
"thousandSeparated": false,
"unitPosition": "after",
"unit": "%",
"precision": 2
}
},
"percent_slaRowColorsEditorConfig": [
{
"value": "#dc4e41",
"to": 50
},
{
"value": "#dc4e41",
"from": 50,
"to": 80
},
{
"value": "#f1813f",
"from": 80,
"to": 90
},
{
"value": "#45D4BA",
"from": 90
}
],
"priorityColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
},
"priorityRowColorsEditorConfig": [
{
"match": "low",
"value": "#5C33FF"
},
{
"match": "medium",
"value": "#207865"
},
{
"match": "high",
"value": "#AD3F20"
}
],
"monitored_stateColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
},
"monitored_stateRowColorsEditorConfig": [
{
"match": "disabled",
"value": "#78062a"
},
{
"match": "enabled",
"value": "#207865"
}
]
},
"eventHandlers": [
{
"type": "drilldown.linkToDashboard",
"options": {
"app": "trackme",
"dashboard": "trackMe_sla_flip",
"tokens": [
{
"token": "tk_tenant_id",
"value": "row.tenant_id.value"
},
{
"token": "tk_object_category",
"value": "row.object_category.value"
},
{
"token": "tk_object",
"value": "row.object.value"
}
]
}
}
],
"title": "SLA percentage per tenant / object",
"description": "Click on a row to see flipping events for this object"
},
"viz_ACR5b0DN": {
"type": "splunk.singlevalueradial",
"options": {
"unit": "%",
"numberPrecision": 2,
"majorColor": "> majorValue | rangeValue(majorColorEditorConfig)",
"backgroundColor": "transparent"
},
"dataSources": {
"primary": "ds_Q8G1MpD1"
},
"context": {
"majorColorEditorConfig": [
{
"to": 50,
"value": "#dc4e41"
},
{
"from": 50,
"to": 90,
"value": "#f1813f"
},
{
"from": 90,
"value": "#45D4BA"
}
]
}
}
},
"inputs": {
"input_global_trp": {
"type": "input.timerange",
"options": {
"token": "global_time",
"defaultValue": "-90d@d,now"
},
"title": "Period:"
},
"input_uHIQHlyb": {
"options": {
"items": ">frame(label, value) | prepend(formattedStatics) | objects()",
"token": "tk_tenant_id"
},
"title": "tenant_id:",
"type": "input.dropdown",
"dataSources": {
"primary": "ds_4LUsXK1K"
},
"context": {
"formattedConfig": {
"number": {
"prefix": ""
}
},
"formattedStatics": ">statics | formatByType(formattedConfig)",
"statics": [],
"label": ">primary | seriesByName(\"tenant_id\") | renameSeries(\"label\") | formatByType(formattedConfig)",
"value": ">primary | seriesByName(\"tenant_id\") | renameSeries(\"value\") | formatByType(formattedConfig)"
}
},
"input_nAuOVL6b": {
"options": {
"items": [
{
"label": "All",
"value": "*"
}
],
"defaultValue": "*",
"token": "tk_object_category"
},
"title": "object_category:",
"type": "input.dropdown",
"dataSources": {
"primary": "ds_KWAYq9tR"
},
"context": {}
},
"input_qszD4uG4": {
"options": {
"items": ">frame(label, value) | prepend(formattedStatics) | objects()",
"defaultValue": "*",
"token": "tk_object"
},
"title": "object:",
"type": "input.dropdown",
"dataSources": {
"primary": "ds_RiJ5iY8a"
},
"context": {
"formattedConfig": {
"number": {
"prefix": ""
}
},
"formattedStatics": ">statics | formatByType(formattedConfig)",
"statics": [
[
"All"
],
[
"*"
]
],
"label": ">primary | seriesByName(\"object\") | renameSeries(\"label\") | formatByType(formattedConfig)",
"value": ">primary | seriesByName(\"object\") | renameSeries(\"value\") | formatByType(formattedConfig)"
}
},
"input_YueZVL1a": {
"options": {
"items": [
{
"label": "All",
"value": "*"
},
{
"label": "high",
"value": "high"
},
{
"label": "medium",
"value": "medium"
},
{
"label": "low",
"value": "low"
}
],
"defaultValue": "*",
"token": "tk_priority"
},
"title": "priority:",
"type": "input.dropdown"
}
},
"layout": {
"type": "absolute",
"options": {
"height": 1080,
"width": 1920
},
"structure": [
{
"item": "viz_29HlXL59",
"type": "block",
"position": {
"x": 1630,
"y": 30,
"w": 120,
"h": 60
}
},
{
"item": "viz_kkzyyTTf",
"type": "block",
"position": {
"x": 0,
"y": 160,
"w": 1750,
"h": 900
}
},
{
"item": "viz_ACR5b0DN",
"type": "block",
"position": {
"x": 820,
"y": 10,
"w": 250,
"h": 150
}
}
],
"globalInputs": [
"input_global_trp",
"input_uHIQHlyb",
"input_nAuOVL6b",
"input_YueZVL1a",
"input_qszD4uG4"
]
},
"title": "TrackMe - Quality Of Service Auditing - SLA compliance reporting",
"defaults": {
"dataSources": {
"ds.search": {
"options": {
"queryParameters": {
"latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}
}
}
}
},
"description": ""
}
]]> </definition>
<meta type="hiddenElements"><![CDATA[
{
"hideEdit": false,
"hideOpenInSearch": false,
"hideExport": false
}
]]> </meta>
</dashboard>

322
dashboards/trackme_trackMe_sla_flip.xml
Unescape View File

@ -1,322 +0,0 @@
<dashboard version="2" theme="dark">
<label>TrackMe - Quality Of Service Auditing - SLA compliance reporting (drilldow view)</label>
<description>The SLA percentage represents the percentage of time an object has spent in green state, which complies with monitoring rules and quality of service</description>
<definition><![CDATA[
{
"dataSources": {
"ds_Mg04DNO6": {
"type": "ds.search",
"options": {
"query": "| mcatalog values(metric_name) as metrics where `trackme_idx_search_filter` metric_name=trackme.sla.object_state [ | trackmeload mode=expanded | table _raw | spath | fields - _raw | fillnull tenant_replica | search tenant_dsm_enabled=1 AND tenant_replica!=1 | table tenant_id ] by tenant_id, object_category, object\n| fields tenant_id, object_category, object",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "populate_tenants"
},
"ds_4LUsXK1K": {
"type": "ds.chain",
"options": {
"extend": "ds_Mg04DNO6",
"query": "| stats count by tenant_id \n| sort 0 tenant_id"
},
"name": "populate_tenant_id"
},
"ds_KWAYq9tR": {
"type": "ds.chain",
"options": {
"extend": "ds_Mg04DNO6",
"query": "| search tenant_id=\"$tk_tenant_id$\"\n| stats count by object_category\n| sort 0 object_category"
},
"name": "populate_object_category"
},
"ds_RiJ5iY8a": {
"type": "ds.chain",
"options": {
"extend": "ds_Mg04DNO6",
"query": "| search tenant_id=\"$tk_tenant_id$\" object_category=\"$tk_object_category$\"\n| stats c by object\n| sort 0 object"
},
"name": "populate_object"
},
"ds_OXKeKxE8": {
"type": "ds.search",
"options": {
"query": "`trackme_idx(\"$tk_tenant_id$\")` sourcetype=\"trackme:flip\" tenant_id=\"$tk_tenant_id$\" object_category=\"$tk_object_category$\" object=\"$tk_object$\" | eval separator = \"-->\" | dedup _time object object_category object_previous_state object_state | table _time object object_category object_previous_state separator object_state result | rename separator as \" \" | `trackme_eval_noicons_flip` | fields _time object object_category object_previous_state \" \" object_state | sort - limit=0 _time",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "table_flip"
},
"ds_Q8G1MpD1": {
"type": "ds.chain",
"options": {
"extend": "ds_OXKeKxE8",
"query": "| timechart minspan=15m bins=1000 count as flip_events"
},
"name": "overtime_flip"
},
"ds_w1veXQwY": {
"type": "ds.chain",
"options": {
"extend": "ds_OXKeKxE8",
"query": "| stats count"
},
"name": "single_flip"
}
},
"visualizations": {
"viz_29HlXL59": {
"type": "splunk.image",
"options": {
"preserveAspectRatio": true,
"src": "../../static/app/trackme/icons/trackme.png"
}
},
"viz_kkzyyTTf": {
"type": "splunk.table",
"options": {
"count": 50,
"columnFormat": {
"tenant_id": {
"width": 150
},
"object_category": {
"width": 150
},
"object": {
"width": 450
},
"percent_sla": {
"data": "> table | seriesByName(\"percent_sla\") | formatByType(percent_slaColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"percent_sla\") | rangeValue(percent_slaRowColorsEditorConfig)",
"width": 150
},
"priority": {
"data": "> table | seriesByName(\"priority\") | formatByType(priorityColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"priority\") | matchValue(priorityRowColorsEditorConfig)",
"width": 100
},
"monitored_state": {
"data": "> table | seriesByName(\"monitored_state\") | formatByType(monitored_stateColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"monitored_state\") | matchValue(monitored_stateRowColorsEditorConfig)",
"width": 150
},
"total duration": {
"width": 185
},
"duration green": {
"width": 185
},
"duration not green": {
"width": 185
}
}
},
"dataSources": {
"primary": "ds_OXKeKxE8"
},
"context": {
"percent_slaColumnFormatEditorConfig": {
"number": {
"thousandSeparated": false,
"unitPosition": "after",
"unit": "%",
"precision": 2
}
},
"percent_slaRowColorsEditorConfig": [
{
"value": "#D41F1F",
"to": 20
},
{
"value": "#D94E17",
"from": 20,
"to": 40
},
{
"value": "#CBA700",
"from": 40,
"to": 60
},
{
"value": "#669922",
"from": 60,
"to": 80
},
{
"value": "#118832",
"from": 80
}
],
"priorityColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
},
"priorityRowColorsEditorConfig": [
{
"match": "low",
"value": "#5C33FF"
},
{
"match": "medium",
"value": "#207865"
},
{
"match": "high",
"value": "#AD3F20"
}
],
"monitored_stateColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
},
"monitored_stateRowColorsEditorConfig": [
{
"match": "disabled",
"value": "#78062a"
},
{
"match": "enabled",
"value": "#207865"
}
]
},
"title": "Flipping statuses events table",
"description": "These events occur when an object changes from a state to another"
},
"viz_cZ5CiteD": {
"type": "splunk.column",
"dataSources": {
"primary": "ds_Q8G1MpD1"
},
"showProgressBar": false,
"showLastUpdated": false,
"title": "Flipping statuses events over time",
"description": "These events occur when an object changes from a state to another",
"options": {
"dataValuesDisplay": "all",
"xAxisTitleText": "flipping events count",
"yAxisTitleText": "count"
}
},
"viz_DKb2WaAF": {
"type": "splunk.singlevalue",
"options": {
"backgroundColor": "transparent",
"majorColor": "#62b3b2"
},
"dataSources": {
"primary": "ds_w1veXQwY"
},
"title": "",
"description": ""
},
"viz_9SCh8JZI": {
"type": "splunk.markdown",
"options": {
"markdown": "Number of flipping events detected"
}
}
},
"inputs": {
"input_global_trp": {
"type": "input.timerange",
"options": {
"token": "global_time",
"defaultValue": "-90d@d,now"
},
"title": "Period:"
}
},
"layout": {
"type": "absolute",
"options": {
"height": 1080,
"width": 1920
},
"structure": [
{
"item": "viz_29HlXL59",
"type": "block",
"position": {
"x": 1630,
"y": 10,
"w": 120,
"h": 60
}
},
{
"item": "viz_kkzyyTTf",
"type": "block",
"position": {
"x": 0,
"y": 440,
"w": 1750,
"h": 620
}
},
{
"item": "viz_cZ5CiteD",
"type": "block",
"position": {
"x": 0,
"y": 120,
"w": 1750,
"h": 290
}
},
{
"item": "viz_DKb2WaAF",
"type": "block",
"position": {
"x": 730,
"y": 10,
"w": 190,
"h": 90
}
},
{
"item": "viz_9SCh8JZI",
"type": "block",
"position": {
"x": 710,
"y": 90,
"w": 230,
"h": 40
}
}
],
"globalInputs": [
"input_global_trp"
]
},
"title": "TrackMe - Quality Of Service Auditing - SLA compliance reporting (drilldow view)",
"defaults": {
"dataSources": {
"ds.search": {
"options": {
"queryParameters": {
"latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}
}
}
}
},
"description": "The SLA percentage represents the percentage of time an object has spent in green state, which complies with monitoring rules and quality of service"
}
]]> </definition>
<meta type="hiddenElements"><![CDATA[
{
"hideEdit": false,
"hideOpenInSearch": false,
"hideExport": false
}
]]> </meta>
</dashboard>

1110
dashboards/trackme_trackMe_template_services_monitoring.xml
View File

File diff suppressed because it is too large Load Diff

4
dashboards/trackme_triggered_alerts.xml
Unescape View File

@ -1,4 +0,0 @@
<?xml version="1.0"?>
<view template="pages/page_with_flag.html" type="html" isDashboard="False" packageName="end-user-xp">
<label>Triggered Alerts - Splunk</label>
</view>
Write Preview
Loading…
Cancel
Save