admingit
/
Splunk_Deploiement
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '48f78a7a26'
${ noResults }
Splunk_Deploiement/dashboards/trackme_trackMe_commands_lo...

249 lines
6.2 KiB
Raw Blame History

<dashboard version="2" theme="dark">
<label>TrackMe - logs inspector</label>
<description>This dashboards provides quick access to TrackMe REST API and custom commands logging events</description>
<definition><![CDATA[
{
"dataSources": {
"ds_search_1": {
"type": "ds.search",
"options": {
"query": "index=_internal $tk_command$ log_level=$tk_log_level$ $tk_search$ NOT \"remote_configs_proxy.py\"\n| rex field=sourcetype \"trackme:custom_commands:(?<command>.*)\"\n| eval command=if(sourcetype=\"trackme:rest_api\", \"rest_api\", command)\n| where isnotnull(command)\n| table _time, log_level, command, _raw\n| sort - _time",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "loggging_events"
},
"ds_Gq750aYx": {
"type": "ds.search",
"options": {
"query": "| tstats count where index=_internal (sourcetype=trackme:rest_api OR sourcetype=trackme:custom_commands:*) by sourcetype\n| rex field=\"sourcetype\" \"trackme:custom_commands:(?<command>.*)\"\n| eval command=if(sourcetype=\"trackme:rest_api\", \"rest_api\", command)\n| stats count by sourcetype, command\n| eval sourcetype = \"sourcetype=\\\"\" . sourcetype . \"\\\"\"\n| sort limit=0 command",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "populate_commands"
},
"ds_UpugjNjy": {
"type": "ds.search",
"options": {
"query": "index=_internal $tk_command$ log_level=$tk_log_level$ $tk_search$ NOT \"remote_configs_proxy.py\"\n| rex field=sourcetype \"trackme:custom_commands:(?<command>.*)\"\n| eval command=if(sourcetype=\"trackme:rest_api\", \"rest_api\", command)\n| where isnotnull(command)\n| timechart count minspan=5m count limit=0 by log_level",
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
},
"name": "events_by_log_level"
}
},
"visualizations": {
"viz_table_1": {
"type": "splunk.table",
"options": {
"columnFormat": {
"log_level": {
"data": "> table | seriesByName(\"log_level\") | formatByType(log_levelColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"log_level\") | matchValue(log_levelRowColorsEditorConfig)"
}
},
"count": 100
},
"context": {
"log_levelColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
},
"log_levelRowColorsEditorConfig": [
{
"match": "WARNING",
"value": "#DD9900"
},
{
"match": "INFO",
"value": "#00CDAF"
},
{
"match": "ERROR",
"value": "#FF677B"
},
{
"match": "DEBUG",
"value": "#009CEB"
}
]
},
"dataSources": {
"primary": "ds_search_1"
},
"title": "Logging events"
},
"viz_dtUfQMrD": {
"type": "splunk.column",
"options": {
"stackMode": "stacked",
"seriesColorsByField": "{\"ERROR\": \"#FF677B\", \"WARNING\": \"#DD9900\", \"INFO\": \"#00CDAF\", \"DEBUG\": \"#009CEB\"}"
},
"dataSources": {
"primary": "ds_UpugjNjy"
},
"title": "Events by logging level over time"
},
"viz_NmxZjn2m": {
"type": "splunk.image",
"options": {
"preserveAspectRatio": true,
"src": "../../static/app/trackme/icons/trackme.png"
}
}
},
"inputs": {
"input_global_trp": {
"type": "input.timerange",
"options": {
"token": "global_time",
"defaultValue": "-24h@h,now"
},
"title": "Global Time Range:"
},
"input_Ttw13HLX": {
"options": {
"items": ">frame(label, value) | prepend(formattedStatics) | objects()",
"defaultValue": "(sourcetype=trackme:rest_api OR sourcetype=trackme:custom_commands:*)",
"token": "tk_command"
},
"title": "Select TrackMe context:",
"type": "input.dropdown",
"dataSources": {
"primary": "ds_Gq750aYx"
},
"context": {
"formattedConfig": {
"number": {
"prefix": ""
}
},
"formattedStatics": ">statics | formatByType(formattedConfig)",
"statics": [
[
"All"
],
[
"(sourcetype=trackme:rest_api OR sourcetype=trackme:custom_commands:*)"
]
],
"label": ">primary | seriesByName(\"command\") | renameSeries(\"label\") | formatByType(formattedConfig)",
"value": ">primary | seriesByName(\"sourcetype\") | renameSeries(\"value\") | formatByType(formattedConfig)"
}
},
"input_bUyD9U0q": {
"options": {
"items": [
{
"label": "All",
"value": "*"
},
{
"label": "INFO",
"value": "INFO"
},
{
"label": "ERROR",
"value": "ERROR"
},
{
"label": "WARNING",
"value": "WARNING"
},
{
"label": "DEBUG",
"value": "DEBUG"
}
],
"defaultValue": "*",
"token": "tk_log_level"
},
"title": "Logging level:",
"type": "input.dropdown"
},
"input_ycfwyDO6": {
"options": {
"defaultValue": "*",
"token": "tk_search"
},
"title": "Key word search:",
"type": "input.text"
}
},
"layout": {
"type": "absolute",
"options": {
"display": "auto-scale",
"width": 1920,
"height": 1800
},
"structure": [
{
"item": "viz_table_1",
"type": "block",
"position": {
"x": 0,
"y": 420,
"w": 1920,
"h": 1060
}
},
{
"item": "viz_dtUfQMrD",
"type": "block",
"position": {
"x": 0,
"y": 110,
"w": 1920,
"h": 290
}
},
{
"item": "viz_NmxZjn2m",
"type": "block",
"position": {
"x": 1800,
"y": -90,
"w": 120,
"h": 300
}
}
],
"globalInputs": [
"input_global_trp",
"input_Ttw13HLX",
"input_bUyD9U0q",
"input_ycfwyDO6"
]
},
"title": "TrackMe - logs inspector",
"defaults": {
"dataSources": {
"ds.search": {
"options": {
"queryParameters": {
"latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}
}
}
}
},
"description": "This dashboards provides quick access to TrackMe REST API and custom commands logging events"
}
]]> </definition>
<meta type="hiddenElements"><![CDATA[
{
"hideEdit": false,
"hideOpenInSearch": false,
"hideExport": false
}
]]> </meta>
</dashboard>
Reference in new issue View Git Blame Copy Permalink