TrackMe - logs inspector This dashboards provides quick access to TrackMe REST API and custom commands logging events .*)\"\n| eval command=if(sourcetype=\"trackme:rest_api\", \"rest_api\", command)\n| where isnotnull(command)\n| table _time, log_level, command, _raw\n| sort - _time", "queryParameters": { "earliest": "$global_time.earliest$", "latest": "$global_time.latest$" } }, "name": "loggging_events" }, "ds_Gq750aYx": { "type": "ds.search", "options": { "query": "| tstats count where index=_internal (sourcetype=trackme:rest_api OR sourcetype=trackme:custom_commands:*) by sourcetype\n| rex field=\"sourcetype\" \"trackme:custom_commands:(?.*)\"\n| eval command=if(sourcetype=\"trackme:rest_api\", \"rest_api\", command)\n| stats count by sourcetype, command\n| eval sourcetype = \"sourcetype=\\\"\" . sourcetype . \"\\\"\"\n| sort limit=0 command", "queryParameters": { "earliest": "$global_time.earliest$", "latest": "$global_time.latest$" } }, "name": "populate_commands" }, "ds_UpugjNjy": { "type": "ds.search", "options": { "query": "index=_internal $tk_command$ log_level=$tk_log_level$ $tk_search$ NOT \"remote_configs_proxy.py\"\n| rex field=sourcetype \"trackme:custom_commands:(?.*)\"\n| eval command=if(sourcetype=\"trackme:rest_api\", \"rest_api\", command)\n| where isnotnull(command)\n| timechart count minspan=5m count limit=0 by log_level", "queryParameters": { "earliest": "$global_time.earliest$", "latest": "$global_time.latest$" } }, "name": "events_by_log_level" } }, "visualizations": { "viz_table_1": { "type": "splunk.table", "options": { "columnFormat": { "log_level": { "data": "> table | seriesByName(\"log_level\") | formatByType(log_levelColumnFormatEditorConfig)", "rowColors": "> table | seriesByName(\"log_level\") | matchValue(log_levelRowColorsEditorConfig)" } }, "count": 100 }, "context": { "log_levelColumnFormatEditorConfig": { "string": { "unitPosition": "after" } }, "log_levelRowColorsEditorConfig": [ { "match": "WARNING", "value": "#DD9900" }, { "match": "INFO", "value": "#00CDAF" }, { "match": "ERROR", "value": "#FF677B" }, { "match": "DEBUG", "value": "#009CEB" } ] }, "dataSources": { "primary": "ds_search_1" }, "title": "Logging events" }, "viz_dtUfQMrD": { "type": "splunk.column", "options": { "stackMode": "stacked", "seriesColorsByField": "{\"ERROR\": \"#FF677B\", \"WARNING\": \"#DD9900\", \"INFO\": \"#00CDAF\", \"DEBUG\": \"#009CEB\"}" }, "dataSources": { "primary": "ds_UpugjNjy" }, "title": "Events by logging level over time" }, "viz_NmxZjn2m": { "type": "splunk.image", "options": { "preserveAspectRatio": true, "src": "../../static/app/trackme/icons/trackme.png" } } }, "inputs": { "input_global_trp": { "type": "input.timerange", "options": { "token": "global_time", "defaultValue": "-24h@h,now" }, "title": "Global Time Range:" }, "input_Ttw13HLX": { "options": { "items": ">frame(label, value) | prepend(formattedStatics) | objects()", "defaultValue": "(sourcetype=trackme:rest_api OR sourcetype=trackme:custom_commands:*)", "token": "tk_command" }, "title": "Select TrackMe context:", "type": "input.dropdown", "dataSources": { "primary": "ds_Gq750aYx" }, "context": { "formattedConfig": { "number": { "prefix": "" } }, "formattedStatics": ">statics | formatByType(formattedConfig)", "statics": [ [ "All" ], [ "(sourcetype=trackme:rest_api OR sourcetype=trackme:custom_commands:*)" ] ], "label": ">primary | seriesByName(\"command\") | renameSeries(\"label\") | formatByType(formattedConfig)", "value": ">primary | seriesByName(\"sourcetype\") | renameSeries(\"value\") | formatByType(formattedConfig)" } }, "input_bUyD9U0q": { "options": { "items": [ { "label": "All", "value": "*" }, { "label": "INFO", "value": "INFO" }, { "label": "ERROR", "value": "ERROR" }, { "label": "WARNING", "value": "WARNING" }, { "label": "DEBUG", "value": "DEBUG" } ], "defaultValue": "*", "token": "tk_log_level" }, "title": "Logging level:", "type": "input.dropdown" }, "input_ycfwyDO6": { "options": { "defaultValue": "*", "token": "tk_search" }, "title": "Key word search:", "type": "input.text" } }, "layout": { "type": "absolute", "options": { "display": "auto-scale", "width": 1920, "height": 1800 }, "structure": [ { "item": "viz_table_1", "type": "block", "position": { "x": 0, "y": 420, "w": 1920, "h": 1060 } }, { "item": "viz_dtUfQMrD", "type": "block", "position": { "x": 0, "y": 110, "w": 1920, "h": 290 } }, { "item": "viz_NmxZjn2m", "type": "block", "position": { "x": 1800, "y": -90, "w": 120, "h": 300 } } ], "globalInputs": [ "input_global_trp", "input_Ttw13HLX", "input_bUyD9U0q", "input_ycfwyDO6" ] }, "title": "TrackMe - logs inspector", "defaults": { "dataSources": { "ds.search": { "options": { "queryParameters": { "latest": "$global_time.latest$", "earliest": "$global_time.earliest$" } } } } }, "description": "This dashboards provides quick access to TrackMe REST API and custom commands logging events" } ]]>