admingit
/
Splunk_Deploiement
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '48f78a7a26'
${ noResults }
Splunk_Deploiement/dashboards/trackme_trackMe_remote_acco...

514 lines
12 KiB
Raw Blame History

<dashboard version="2" theme="dark">
<label>TrackMe - Splunk Remote Accounts Status Overview</label>
<description></description>
<definition><![CDATA[
{
"title": "TrackMe - Splunk Remote Accounts Status Overview",
"description": "",
"inputs": {
"input_TtwBw5Ye": {
"options": {
"items": [
{
"label": "All",
"value": "*"
},
{
"label": "Failure",
"value": "failure"
},
{
"label": "Success",
"value": "success"
}
],
"defaultValue": "*",
"token": "tk_status"
},
"title": "Filter table on Status:",
"type": "input.dropdown"
},
"input_LpXj9z03": {
"options": {
"items": [
{
"label": "False",
"value": "account, app_namespace, host, status, message"
},
{
"label": "True",
"value": "account, app_namespace, host, status, message, rbac_roles, timeout*, token_rotation_enablement, token_rotation_frequency"
}
],
"token": "tk_show_allfields",
"defaultValue": "account, app_namespace, host, status, message"
},
"title": "Show Detailed Config",
"type": "input.dropdown"
}
},
"defaults": {
"dataSources": {
"ds.search": {
"options": {
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
}
}
}
},
"visualizations": {
"viz_28VB9M4d": {
"context": {
"majorColorEditorConfig": [
{
"to": 1,
"value": "#e85b79"
},
{
"from": 1,
"value": "#45d4ba"
}
]
},
"dataSources": {
"primary": "ds_iLucdxbU"
},
"description": "",
"options": {
"majorColor": "> majorValue | rangeValue(majorColorEditorConfig)"
},
"title": "# Successfully connected Remote Accounts",
"type": "splunk.singlevalue"
},
"viz_FUEI8OpS": {
"options": {
"preserveAspectRatio": true,
"src": "../../static/app/trackme/icons/trackme.png"
},
"type": "splunk.image"
},
"viz_K39k1shE": {
"context": {
"majorColorEditorConfig": [
{
"to": 1,
"value": "#4fa484"
},
{
"from": 1,
"value": "#e85b79"
}
]
},
"dataSources": {
"primary": "ds_J3Ns07IG"
},
"options": {
"majorColor": "> majorValue | rangeValue(majorColorEditorConfig)",
"trendColor": "#45d4ba"
},
"title": "# Failing Remote Accounts",
"type": "splunk.singlevalue"
},
"viz_chart_1": {
"dataSources": {
"primary": "ds_VbAZ0by4"
},
"options": {
"collapseThreshold": 0.01,
"labelDisplay": "valuesAndPercentage",
"seriesColorsByField": {
"failure": "#e85b79",
"success": "#45d4ba"
},
"showDonutHole": true
},
"title": "Remote Accounts Statuses",
"type": "splunk.pie"
},
"viz_cvPBsXSu": {
"context": {
"overall_ops_pctColumnFormatEditorConfig": {
"number": {
"thousandSeparated": false,
"unitPosition": "after"
}
},
"overall_ops_pctRowColorsEditorConfig": [
{
"to": 100,
"value": "#FE3A3A"
},
{
"from": 100,
"value": "#45d4ba"
}
],
"statusColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
},
"statusRowColorsEditorConfig": [
{
"match": "success",
"value": "#45d4ba"
},
{
"match": "failure",
"value": "#e85b79"
}
]
},
"dataSources": {
"primary": "ds_NjWl6NcX"
},
"options": {
"columnFormat": {
"overall_ops_pct": {
"data": "> table | seriesByName(\"overall_ops_pct\") | formatByType(overall_ops_pctColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"overall_ops_pct\") | rangeValue(overall_ops_pctRowColorsEditorConfig)"
},
"status": {
"data": "> table | seriesByName(\"status\") | formatByType(statusColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"status\") | matchValue(statusRowColorsEditorConfig)"
}
}
},
"title": "Detailed Remote Accounts Statuses",
"type": "splunk.table"
},
"viz_jn3W19To": {
"context": {
"statusColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
},
"statusRowColorsEditorConfig": [
{
"match": "failure",
"value": "#e85b79"
},
{
"match": "success",
"value": "#45D4BA"
}
]
},
"dataSources": {
"primary": "ds_I7q4oaTU"
},
"options": {
"columnFormat": {
"status": {
"data": "> table | seriesByName(\"status\") | formatByType(statusColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"status\") | matchValue(statusRowColorsEditorConfig)"
}
}
},
"title": "Status by Remote Account",
"type": "splunk.table"
},
"viz_qdTyM4tG": {
"type": "splunk.markdown",
"options": {
"markdown": ""
}
},
"viz_FDlLUqfD": {
"type": "splunk.markdown",
"options": {
"markdown": "## About this dashboard:\n\nThis dashboard uses a TrackMe generating custom command `trackmetestremoteaccounts`.\n\nThe command calls internal API endpoints to perform a connectivity and authenticaton verification of the configure Splunk Remote Accounts.\n\nIf a Splunk Remote Account is reported as in failure, this means that it is disconnected for some reasons, review the message to identify the root cause.\n\nConsult our documentation for more information."
}
},
"viz_e740WEz8": {
"context": {
"statusColumnFormatEditorConfig": {
"string": {
"unitPosition": "after"
}
},
"statusRowColorsEditorConfig": [
{
"match": "success",
"value": "#45d4ba"
},
{
"match": "failure",
"value": "#e85b79"
},
{
"match": "disabled",
"value": "#A9A9A9"
},
{
"match": "disabled",
"value": "#A9A9A9"
},
{
"match": "pending",
"value": "#f8be44"
},
{
"match": "late",
"value": "#FF964F"
},
{
"match": "undeterminated",
"value": "#F6540B"
}
]
},
"dataSources": {
"primary": "ds_wgCfjkbl"
},
"options": {
"columnFormat": {
"rotation_status": {
"data": "> table | seriesByName(\"rotation_status\") | formatByType(statusColumnFormatEditorConfig)",
"rowColors": "> table | seriesByName(\"rotation_status\") | matchValue(statusRowColorsEditorConfig)"
}
}
},
"title": "Bearer Tokens Rotation Information",
"type": "splunk.table",
"description": "TrackMe automatically attempts to rotate bearer tokens for Splunk Remote Accounts, this table shows the key information related to this processus:"
},
"viz_reJRiebr": {
"type": "splunk.events",
"dataSources": {
"primary": "ds_iUXUCeKY"
},
"title": "Tokens Rotation Logs (past 30 days)",
"description": "The processus for the rotation of the Splunk Remote Accounts is orchestrated by the General Health Tracker, which executes daily: (index=_internal sourcetype=trackme:rest_api endpoint=maintain_remote_account)"
}
},
"dataSources": {
"ds_I7q4oaTU": {
"name": "accounts_overview",
"options": {
"extend": "ds_Y4xHTfIQ",
"query": "| fields account, status \n| fields - _raw, _time\n| sort 0 account"
},
"type": "ds.chain"
},
"ds_J3Ns07IG": {
"name": "disconnected_accounts",
"options": {
"extend": "ds_Y4xHTfIQ",
"query": "| stats count(eval(status=\"failure\")) as count_disconnected"
},
"type": "ds.chain"
},
"ds_NjWl6NcX": {
"name": "table_tenants",
"options": {
"extend": "ds_Y4xHTfIQ",
"query": "| table account, app_namespace, host, port, status, message, *\n| fields - _raw, _time\n| search status=\"$tk_status$\"\n| rex field=status mode=sed \"s/\\\"success/\\\"🟢 success/g\"\n| rex field=status mode=sed \"s/\\\"failure/\\\"❌ failure/g\"\n| fields $tk_show_allfields$"
},
"type": "ds.chain"
},
"ds_VbAZ0by4": {
"name": "tenants_count_by_status",
"options": {
"extend": "ds_Y4xHTfIQ",
"query": "| stats count by status"
},
"type": "ds.chain"
},
"ds_Y4xHTfIQ": {
"name": "remote_accounts_statuses_main",
"options": {
"query": "| trackmetestremoteaccounts accounts=*\n``` lookup bearer tokens rotation metadata ```\n| lookup trackme_remote_account_token_expiration account OUTPUT last_message as rotation_last_message, mtime as rotation_mtime, remote_bearer_token_id\n\n``` investigate tokens rotation ```\n| eval token_age_sec=now()-rotation_mtime\n| eval time_since_last_rotation=tostring(round(now()-rotation_mtime), \"duration\")\n| eval rotation_mtime=strftime(rotation_mtime, \"%c %Z\")\n| eval token_max_age_expected_sec=token_rotation_frequency*86400\n| eval rotation_status = case(\ntoken_rotation_enablement!=1, \"disabled\",\ntoken_rotation_enablement=1 AND match(rotation_last_message, \"Bearer token renewal operated at\") AND token_age_sec<token_max_age_expected_sec, \"success\",\ntoken_rotation_enablement=1 AND match(rotation_last_message, \"Bearer token renewal operated at\") AND token_age_sec>=token_max_age_expected_sec, \"late\",\ntoken_rotation_enablement=1 AND isnull(remote_bearer_token_id), \"pending\",\n1=1, \"undeterminated\"\n)",
"queryParameters": {
"earliest": "-5m",
"latest": "now"
}
},
"type": "ds.search"
},
"ds_iLucdxbU": {
"name": "connected_accounts",
"options": {
"extend": "ds_Y4xHTfIQ",
"query": "| stats count(eval(status=\"success\")) as count_connected"
},
"type": "ds.chain"
},
"ds_wgCfjkbl": {
"type": "ds.chain",
"options": {
"query": "table account, token_rotation_enablement, token_rotation_frequency, rotation_last_message, rotation_mtime, time_since_last_rotation, rotation_status",
"extend": "ds_Y4xHTfIQ"
},
"name": "roatation_table_summary"
},
"ds_iUXUCeKY": {
"type": "ds.search",
"options": {
"query": "index=_internal sourcetype=trackme:rest_api endpoint=maintain_remote_account",
"queryParameters": {
"earliest": "-30d@d",
"latest": "now"
}
},
"name": "tokens_rotation_logs"
}
},
"layout": {
"globalInputs": [
"input_TtwBw5Ye",
"input_LpXj9z03"
],
"layoutDefinitions": {
"layout_1": {
"options": {
"height": 1800,
"width": 1920
},
"structure": [
{
"item": "viz_chart_1",
"position": {
"h": 250,
"w": 590,
"x": 590,
"y": 160
},
"type": "block"
},
{
"item": "viz_jn3W19To",
"position": {
"h": 250,
"w": 570,
"x": 1190,
"y": 160
},
"type": "block"
},
{
"item": "viz_K39k1shE",
"position": {
"h": 120,
"w": 570,
"x": 10,
"y": 290
},
"type": "block"
},
{
"item": "viz_28VB9M4d",
"position": {
"h": 120,
"w": 570,
"x": 10,
"y": 160
},
"type": "block"
},
{
"item": "viz_cvPBsXSu",
"position": {
"h": 1370,
"w": 1750,
"x": 10,
"y": 420
},
"type": "block"
},
{
"item": "viz_FUEI8OpS",
"position": {
"h": 60,
"w": 120,
"x": 1630,
"y": 10
},
"type": "block"
},
{
"item": "viz_qdTyM4tG",
"type": "block",
"position": {
"x": 0,
"y": 1440,
"w": 300,
"h": 300
}
},
{
"item": "viz_FDlLUqfD",
"type": "block",
"position": {
"x": 20,
"y": 20,
"w": 1220,
"h": 140
}
}
],
"type": "absolute"
},
"layout_G7KHXSd1": {
"type": "grid",
"structure": [
{
"item": "viz_e740WEz8",
"type": "block",
"position": {
"x": 0,
"y": 0,
"w": 1200,
"h": 1026
}
}
]
},
"layout_pjANVB8c": {
"type": "grid",
"structure": [
{
"item": "viz_reJRiebr",
"type": "block",
"position": {
"x": 0,
"y": 0,
"w": 1200,
"h": 900
}
}
]
}
},
"tabs": {
"items": [
{
"label": "Overview Statuses",
"layoutId": "layout_1"
},
{
"layoutId": "layout_G7KHXSd1",
"label": "Token Rotation Statuses"
},
{
"layoutId": "layout_pjANVB8c",
"label": "Token Rotation Logs"
}
]
}
}
}
]]></definition>
<meta type="hiddenElements"><![CDATA[
{
"hideEdit": false,
"hideOpenInSearch": false,
"hideExport": false
}
]]></meta>
</dashboard>
Reference in new issue View Git Blame Copy Permalink