admingit
/
Splunk_deploy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
Splunk_deploy/deployment-apps/CEIP-RESEAU/local/data/ui/views/indicateursceip_rseauxcopy.xml

7 lines
25 KiB
Raw Permalink Blame History

<dashboard version="2" theme="light" hiddenElements="{&quot;hideEdit&quot;:false,&quot;hideOpenInSearch&quot;:false,&quot;hideExport&quot;:false}">
<label>Indicateurs-CEIP : Réseaux, Cyber, Téléphonie</label>
<description></description>
<definition><![CDATA[{"visualizations":{"viz_single_2":{"type":"splunk.singlevalue","options":{"drilldown":"none","majorColor":"#0877a6"},"dataSources":{"primary":"ds_search_2"},"title":"Volume total d'alarmes \"cleared avant acquitement\""},"viz_single_5":{"type":"splunk.singlevalue","options":{"drilldown":"none","majorColor":"#53a051"},"dataSources":{"primary":"ds_search_5"},"showProgressBar":true,"title":"Temps acquittement moyen d'une alarme"},"viz_chart_1":{"type":"splunk.pie","dataSources":{"primary":"ds_search_6"},"title":"Répartition des alarmes acquittées en + ou - 60 minutes","options":{"labelDisplay":"valuesAndPercentage"}},"viz_single_6":{"type":"splunk.singlevalue","options":{"drilldown":"none","majorColor":"#4fa484"},"dataSources":{"primary":"ds_search_7"},"showProgressBar":true,"title":"Volume total d'alarmes"},"viz_single_7":{"type":"splunk.singlevalue","options":{"drilldown":"none","majorColor":"#0877a6"},"dataSources":{"primary":"ds_search_8"},"showProgressBar":true,"title":"Volume total d'alarmes \"cleared avant acquittement\""},"viz_single_10":{"type":"splunk.singlevalue","options":{"drilldown":"none","majorColor":"#53a051"},"dataSources":{"primary":"ds_search_11"},"showProgressBar":true,"title":"Temps acquittement moyen d'une alarme"},"viz_chart_2":{"type":"splunk.pie","dataSources":{"primary":"ds_search_12"},"showProgressBar":true,"title":"Répartition des alarmes acquittées en + ou - 60 minutes","options":{"labelDisplay":"valuesAndPercentage"}},"viz_twDJysq5":{"type":"splunk.singlevalue","dataSources":{"primary":"ds_wxhTzjmL"},"title":"Volume total d'alarmes non prises en compte","options":{"majorColor":"#af575a"}},"viz_091wpMFC":{"type":"splunk.singlevalue","dataSources":{"primary":"ds_6W9VWZxk"},"title":"Volume total d'alarmes non prises en compte","options":{"majorColor":"#af575a"}},"viz_a2PJGKz3":{"type":"splunk.markdown","options":{"markdown":"*Ce tableau de bord représente les métriques des CEIP: Réseaux, Cyber, Téléphonie (périmètre TIC). Tous les contextes présents sur la TIC (Hydraulique, Nucléaire, Thermique) sont pris en compte dans ces métriques. Le contexte PaH n'est pas pris en compte car il se trouve sur un rebond différent (en attente du déploiement du splunk PaH).*"}},"viz_MXHldmuI":{"type":"splunk.markdown","options":{"markdown":"**Alarmes critiques + majeures (24h/24-7j/7)**","fontColor":"#0877a6"}},"viz_cvUx4StX":{"type":"splunk.rectangle","options":{"fillColor":"transparent","strokeColor":"#62b3b2","strokeWidth":5}},"viz_SfwMnrss":{"type":"splunk.markdown","options":{"markdown":"**Alarmes critiques + majeures HO**","fontColor":"#0877a6"}},"viz_00j4Vqdq":{"type":"splunk.rectangle","options":{"fillColor":"transparent","strokeColor":"#4fa484","strokeWidth":5}},"viz_4Wp4smHi":{"type":"splunk.singlevalue","dataSources":{"primary":"ds_L31ypjwZ"},"title":"Volume total d'alarmes","options":{"majorColor":"#4fa484"}},"viz_potoMHzv":{"type":"splunk.singlevalue","dataSources":{"primary":"ds_SVpoxaY5"},"title":"Volume total d'alarmes acquittées","options":{"majorColor":"#dc4e41"}},"viz_JXiJfeYz":{"type":"splunk.singlevalue","dataSources":{"primary":"ds_bMdfQdt0"},"title":"Volume total d'alarmes acquittées","options":{"majorColor":"#dc4e41"}}},"dataSources":{"ds_search_1":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" Severity=\"Critical\" OR Severity=\"Major\"\n| dedup id\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Cyber\" OR Owner=\"CEIP Reseau\" OR Owner=\"CEIP Telephonie\"\n| stats count as \"Total number of alarm\"","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_search_2":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\"\n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000 maxopenevents=10000000\n| search (NOT Acknowledged=true) Cleared=true Severity=\"Critical\" OR Severity=\"Major\" Creation_Date=*\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Cyber\" OR Owner=\"CEIP Reseau\" OR Owner=\"CEIP Telephonie\"\n\n| stats count","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}},"name":"caa_247"},"ds_search_3":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" | search Severity=\"Critical\" OR Severity=\"Major\"\n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000 maxopenevents=10000000\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search ( Owner=\"CEIP Cyber\" OR Owner=\"CEIP Reseau\" OR Owner=\"CEIP Telephonie\") NOT Acknowledged=\"true\"\n|stats count as \"TOTAL\"","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_search_4":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" | search Severity=\"Critical\" OR Severity=\"Major\"\n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000 maxopenevents=10000000\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search (Owner=\"CEIP Cyber\" OR Owner=\"CEIP Reseau\" OR Owner=\"CEIP Telephonie\") Acknowledged=\"true\"\n|stats count as \"TOTAL\"","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_search_5":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" (Creation_Date=* OR Acknowledged=\"true\") | search Severity=\"Critical\" OR Severity=\"Major\"\n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000 maxopenevents=10000000\n | lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Cyber\" OR Owner=\"CEIP Reseau\" OR Owner=\"CEIP Telephonie\" \n| eval ack_time_str = mvindex(Date,0)\n| rex field=ack_time_str \" (?<ack_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| rex field=Creation_Date \" (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| eval ack_time = strptime(ack_time_str,\"%Y-%m-%d %H:%M:%S\")\n| eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400))\n| eval begin_week_day = strftime(begin_day*86400,\"%w\") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day))\n| eval begin_week = floor((begin_day-3)/7)\n| eval ack_day=if(ack_hour>=17,floor((ack_time+7200)/86400)+1,floor((ack_time+7200)/86400))\n| eval ack_week_day = strftime(ack_day*86400,\"%w\") | eval ack_day = if(ack_week_day==0,ack_day+1,if(ack_week_day==6,ack_day+2,ack_day)) \n| eval ack_week = floor((ack_day-3)/7)\n| eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time)\n| eval ack_date = if(ack_hour>=17 OR ack_hour<8 OR ack_week_day==0 OR ack_week_day==6,ack_day*86400+21600,ack_time)\n| eval diffday = ack_day-begin_day\n| eval diffweek = ack_week-begin_week\n| eval ack_duration = round((ack_date-begin_date)-(diffday*54000)-(diffweek*64800))\n| search ack_duration!=0\n| stats avg(ack_duration) as moyenne_s| eval moyenne_s =tostring(round(moyenne_s),\"duration\")\n| eval moyenne_s=replace(moyenne_s,\"\\+\",\" jour(s) \") \n| eval moyenne_s=replace(moyenne_s,\"([0-9]{2}):([0-9]{2}):([0-9]{2})\",\"\\1h\\2m\\3s\")","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_search_6":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" (Creation_Date=* OR Acknowledged=\"true\") | search Severity=\"Critical\" OR Severity=\"Major\"\n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000 maxopenevents=10000000\n | lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Cyber\" OR Owner=\"CEIP Reseau\" OR Owner=\"CEIP Telephonie\" \n| eval ack_time_str = mvindex(Date,0)\n| rex field=ack_time_str \" (?<ack_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| rex field=Creation_Date \" (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| eval ack_time = strptime(ack_time_str,\"%Y-%m-%d %H:%M:%S\")\n| eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400))\n| eval begin_week_day = strftime(begin_day*86400,\"%w\") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day))\n| eval begin_week = floor((begin_day-3)/7)\n| eval ack_day=if(ack_hour>=17,floor((ack_time+7200)/86400)+1,floor((ack_time+7200)/86400))\n| eval ack_week_day = strftime(ack_day*86400,\"%w\") | eval ack_day = if(ack_week_day==0,ack_day+1,if(ack_week_day==6,ack_day+2,ack_day)) \n| eval ack_week = floor((ack_day-3)/7)\n| eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time)\n| eval ack_date = if(ack_hour>=17 OR ack_hour<8 OR ack_week_day==0 OR ack_week_day==6,ack_day*86400+21600,ack_time)\n| eval diffday = ack_day-begin_day\n| eval diffweek = ack_week-begin_week\n| eval ack_duration = round((ack_date-begin_date)-(diffday*54000)-(diffweek*64800))\n| search ack_duration!=0\n|eval ack_duration=if(ack_duration<=3600,\"moins de 60 minutes\",\"plus de 60 minutes\") |stats count by ack_duration","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_search_7":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" Creation_Date=* Severity=\"Critical\" OR Severity=\"Major\" \n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000 maxopenevents=10000000\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Cyber\" OR Owner=\"CEIP Reseau\" OR Owner=\"CEIP Telephonie\"\n| rex field=Creation_Date \" (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| where begin_hour >= 8 and begin_hour <17\n| eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400))\n| eval begin_week_day = strftime(begin_day*86400,\"%w\") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day))\n| where begin_week_day !=0 and begin_week_day!=6 \n| eval begin_week = floor((begin_day-3)/7)\n| eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time)\n|stats count as \"Nombre d'alarmes\"","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_search_8":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\"\n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000 maxopenevents=10000000\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Cyber\" OR Owner=\"CEIP Reseau\" OR Owner=\"CEIP Telephonie\"\n| search (NOT Acknowledged=true) Cleared=true Severity=\"Critical\" OR Severity=\"Major\"\n| rex field=Creation_Date \" (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| where begin_hour >= 8 and begin_hour <17\n| eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400))\n| eval begin_week_day = strftime(begin_day*86400,\"%w\") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day))\n| where begin_week_day !=0 and begin_week_day!=6 \n| eval begin_week = floor((begin_day-3)/7)\n| eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time)\n|stats count as \"Nombre d'alarmes\"","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_search_9":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" Severity=\"Critical\" OR Severity=\"Major\" \n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000 maxopenevents=10000000\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search ( Owner=\"CEIP Cyber\" OR Owner=\"CEIP Reseau\" OR Owner=\"CEIP Telephonie\") NOT Acknowledged=\"true\"\n| rex field=Creation_Date \" (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| where begin_hour >= 8 and begin_hour <17\n| eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400))\n| eval begin_week_day = strftime(begin_day*86400,\"%w\") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day))\n| where begin_week_day !=0 and begin_week_day!=6 \n| eval begin_week = floor((begin_day-3)/7)\n| eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time)\n|stats count as \"Nombre d'alarmes\"","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_search_10":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" Severity=\"Critical\" OR Severity=\"Major\" \n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000 maxopenevents=10000000\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search ( Owner=\"CEIP Cyber\" OR Owner=\"CEIP Reseau\" OR Owner=\"CEIP Telephonie\") Acknowledged=\"true\"\n| rex field=Creation_Date \" (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| where begin_hour >= 8 and begin_hour <17\n| eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400))\n| eval begin_week_day = strftime(begin_day*86400,\"%w\") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day))\n| where begin_week_day !=0 and begin_week_day!=6 \n| eval begin_week = floor((begin_day-3)/7)\n| eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time)\n|stats count as \"Nombre d'alarmes\"","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_search_11":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" (Creation_Date=* OR Acknowledged=\"true\") Severity=\"Critical\" OR Severity=\"Major\" \n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000 maxopenevents=10000000\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Reseau\" OR Owner=\"CEIP Cyber\" OR Owner=\"CEIP Telephonie\" \n| eval ack_time_str = mvindex(Date,0)\n| rex field=ack_time_str \" (?<ack_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| rex field=Creation_Date \" (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| where begin_hour >= 8 and begin_hour <17\n| eval ack_time = strptime(ack_time_str,\"%Y-%m-%d %H:%M:%S\")\n| eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400))\n| eval begin_week_day = strftime(begin_day*86400,\"%w\") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day))\n| where begin_week_day !=0 and begin_week_day!=6 \n| eval begin_week = floor((begin_day-3)/7)\n| eval ack_day=if(ack_hour>=17,floor((ack_time+7200)/86400)+1,floor((ack_time+7200)/86400))\n| eval ack_week_day = strftime(ack_day*86400,\"%w\") | eval ack_day = if(ack_week_day==0,ack_day+1,if(ack_week_day==6,ack_day+2,ack_day)) \n| eval ack_week = floor((ack_day-3)/7)\n| eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time)\n| eval ack_date = if(ack_hour>=17 OR ack_hour<8 OR ack_week_day==0 OR ack_week_day==6,ack_day*86400+21600,ack_time)\n| eval diffday = ack_day-begin_day\n| eval diffweek = ack_week-begin_week\n| eval ack_duration = round((ack_date-begin_date)-(diffday*54000)-(diffweek*64800))\n| search ack_duration!=0\n| stats avg(ack_duration) as moyenne_s| eval moyenne_s =tostring(round(moyenne_s),\"duration\")\n| eval moyenne_s=replace(moyenne_s,\"\\+\",\" jour(s) \") \n| eval moyenne_s=replace(moyenne_s,\"([0-9]{2}):([0-9]{2}):([0-9]{2})\",\"\\1h\\2m\\3s\")","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_search_12":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" (Creation_Date=* OR Acknowledged=\"true\") Severity=\"Critical\" OR Severity=\"Major\" \n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000 maxopenevents=10000000\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Cyber\" OR Owner=\"CEIP Reseau\" OR Owner=\"CEIP Telephonie\" | eval ack_time_str = mvindex(Date,0)\n| rex field=ack_time_str \" (?<ack_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| rex field=Creation_Date \" (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| where begin_hour >= 8 and begin_hour <17\n| eval ack_time = strptime(ack_time_str,\"%Y-%m-%d %H:%M:%S\")\n| eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400))\n| eval begin_week_day = strftime(begin_day*86400,\"%w\") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day))\n| where begin_week_day !=0 and begin_week_day!=6 \n| eval begin_week = floor((begin_day-3)/7)\n| eval ack_day=if(ack_hour>=17,floor((ack_time+7200)/86400)+1,floor((ack_time+7200)/86400))\n| eval ack_week_day = strftime(ack_day*86400,\"%w\") | eval ack_day = if(ack_week_day==0,ack_day+1,if(ack_week_day==6,ack_day+2,ack_day)) \n| eval ack_week = floor((ack_day-3)/7)\n| eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time)\n| eval ack_date = if(ack_hour>=17 OR ack_hour<8 OR ack_week_day==0 OR ack_week_day==6,ack_day*86400+21600,ack_time)\n| eval diffday = ack_day-begin_day\n| eval diffweek = ack_week-begin_week\n| eval ack_duration = round((ack_date-begin_date)-(diffday*54000)-(diffweek*64800))\n| search ack_duration!=0\n|eval ack_duration=if(ack_duration<=3600,\"moins de 60 minutes\",\"plus de 60 minutes\") |stats count by ack_duration","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_a8add3Jw_ds_search_3":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" | search Severity=\"Critical\" OR Severity=\"Major\"\n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000 maxopenevents=10000000\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search ( Owner=\"CEIP Cyber\" OR Owner=\"CEIP Reseau\" OR Owner=\"CEIP Telephonie\") NOT Acknowledged=\"true\"\n|stats count as \"TOTAL\"","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_wxhTzjmL":{"type":"ds.search","options":{"queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"},"query":"index=\"idx_tic_spectrum\"\n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000 maxopenevents=10000000\n| search (NOT Acknowledged=true) NOT Cleared=true (Severity=\"Critical\" OR Severity=\"Major\")\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Cyber\" OR Owner=\"CEIP Reseau\" OR Owner=\"CEIP Telephonie\"\n| stats count"},"name":"Search_1"},"ds_6W9VWZxk":{"type":"ds.search","options":{"queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"},"query":"index=\"idx_tic_spectrum\"\n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000 maxopenevents=10000000\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Cyber\" OR Owner=\"CEIP Reseau\" OR Owner=\"CEIP Telephonie\"\n| search (NOT Acknowledged=true) NOT Cleared=true (Severity=\"Critical\" OR Severity=\"Major\")\n| rex field=Creation_Date \" (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| where begin_hour >= 8 and begin_hour <17\n| eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400))\n| eval begin_week_day = strftime(begin_day*86400,\"%w\") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day))\n| where begin_week_day !=0 and begin_week_day!=6 \n| eval begin_week = floor((begin_day-3)/7)\n| eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time)\n|stats count as \"Nombre d'alarmes\""},"name":"Search_2"},"ds_L31ypjwZ":{"type":"ds.search","options":{"queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"},"query":"index=\"idx_tic_spectrum\"\n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000 maxopenevents=10000000 \n| search Severity=\"Critical\" OR Severity=\"Major\"\n| search Creation_Date=* OR Acknowledged=\"true\"\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Cyber\" OR Owner=\"CEIP Reseau\" OR Owner=\"CEIP Telephonie\"\n| stats count"},"name":"Search_3"},"ds_SVpoxaY5":{"type":"ds.search","options":{"queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"},"query":"index=\"idx_tic_spectrum\" \n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000 maxopenevents=10000000\n| search Severity=\"Critical\" OR Severity=\"Major\"\n|search Acknowledged=\"true\"\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search (Owner=\"CEIP Cyber\" OR Owner=\"CEIP Reseau\" OR Owner=\"CEIP Telephonie\") \n|stats count as \"TOTAL\""},"name":"Search_4"},"ds_wXuMrBTE_ds_search_10":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" Severity=\"Critical\" OR Severity=\"Major\" \n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000 maxopenevents=10000000\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search ( Owner=\"CEIP Cyber\" OR Owner=\"CEIP Reseau\" OR Owner=\"CEIP Telephonie\") Acknowledged=\"true\"\n| rex field=Creation_Date \" (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| where begin_hour >= 8 and begin_hour <17\n| eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400))\n| eval begin_week_day = strftime(begin_day*86400,\"%w\") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day))\n| where begin_week_day !=0 and begin_week_day!=6 \n| eval begin_week = floor((begin_day-3)/7)\n| eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time)\n|stats count as \"Nombre d'alarmes\"","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_bMdfQdt0":{"type":"ds.search","options":{"queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"},"query":"index=\"idx_tic_spectrum\" \n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000 maxopenevents=10000000\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search ( Owner=\"CEIP Cyber\" OR Owner=\"CEIP Reseau\" OR Owner=\"CEIP Telephonie\")\n|search (Severity=\"Critical\" OR Severity=\"Major\") Acknowledged=\"true\"\n| rex field=Creation_Date \" (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| where begin_hour >= 8 and begin_hour <17\n| eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400))\n| eval begin_week_day = strftime(begin_day*86400,\"%w\") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day))\n| where begin_week_day !=0 and begin_week_day!=6 \n| eval begin_week = floor((begin_day-3)/7)\n| eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time)\n|stats count as \"Nombre d'alarmes\""},"name":"Search_5"}},"defaults":{"dataSources":{"ds.search":{"options":{"queryParameters":{}}}}},"inputs":{"input_1":{"type":"input.timerange","title":"Période de temps souhaitée","options":{"token":"tk_time","defaultValue":"-30d@d,now"}}},"layout":{"type":"absolute","options":{"submitButton":false,"display":"auto-scale","height":2476},"structure":[{"item":"viz_cvUx4StX","type":"block","position":{"x":80,"y":70,"w":470,"h":960}},{"item":"viz_00j4Vqdq","type":"block","position":{"x":560,"y":70,"w":470,"h":960}},{"item":"viz_single_6","type":"block","position":{"x":600,"y":130,"w":380,"h":140}},{"item":"viz_single_2","type":"block","position":{"x":120,"y":270,"w":380,"h":140}},{"item":"viz_single_5","type":"block","position":{"x":120,"y":690,"w":380,"h":140}},{"item":"viz_chart_1","type":"block","position":{"x":120,"y":830,"w":380,"h":160}},{"item":"viz_single_7","type":"block","position":{"x":600,"y":270,"w":380,"h":140}},{"item":"viz_single_10","type":"block","position":{"x":600,"y":690,"w":380,"h":140}},{"item":"viz_chart_2","type":"block","position":{"x":600,"y":830,"w":380,"h":160}},{"item":"viz_twDJysq5","type":"block","position":{"x":120,"y":410,"w":380,"h":140}},{"item":"viz_091wpMFC","type":"block","position":{"x":600,"y":410,"w":380,"h":140}},{"item":"viz_a2PJGKz3","type":"block","position":{"x":0,"y":10,"w":1190,"h":50}},{"item":"viz_MXHldmuI","type":"block","position":{"x":150,"y":70,"w":300,"h":50}},{"item":"viz_SfwMnrss","type":"block","position":{"x":660,"y":70,"w":300,"h":50}},{"item":"viz_4Wp4smHi","type":"block","position":{"x":120,"y":130,"w":380,"h":140}},{"item":"viz_potoMHzv","type":"block","position":{"x":120,"y":550,"w":380,"h":140}},{"item":"viz_JXiJfeYz","type":"block","position":{"x":600,"y":550,"w":380,"h":140}}],"globalInputs":["input_1"]},"description":"","title":"Indicateurs-CEIP : Réseaux, Cyber, Téléphonie"}]]></definition>
<assets><![CDATA[{}]]></assets>
</dashboard>
Reference in new issue View Git Blame Copy Permalink