admingit
/
Splunk_deploy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
Splunk_deploy/deployment-apps/CEIP-RESEAU/local/data/ui/views/projet_alex.xml

106 lines
4.4 KiB
Raw Permalink Blame History

<form theme="dark">
<label>Log équipement réseaux LPV</label>
<description>| inputlookup wu_devices_dynamic.csv
| search device_path = *centre* OR device_path = *chassezac* AND device_type_name = *cisco*
| rex field=_raw "%[A-Z0-9]+-(?&lt;severity_level&gt;[0-7])-[A-Z0-9_]+:"
| table device_path, device_type_name, device_ip_address, "%SEC-6-IPACCESSLOGNP"</description>
<fieldset submitButton="false" autoRun="true"></fieldset>
<row>
<panel>
<title>Switch infos critiques Le Puy En Velay</title>
<input type="multiselect" token="multiselect_token" searchWhenChanged="true">
<label>GU</label>
<choice value="chassezac">chassezac</choice>
<choice value="Loire">Loire</choice>
<choice value="Montpezat">Montpezat</choice>
<choice value="clermont">Clermont</choice>
<delimiter> OR </delimiter>
<search>
<query/>
</search>
<valuePrefix>device_path="*</valuePrefix>
<valueSuffix>*"</valueSuffix>
</input>
<input type="multiselect" token="device_type" searchWhenChanged="true">
<label>Type équipement</label>
<choice value="switch">switch</choice>
<choice value="router">router</choice>
<valuePrefix>device_type_name="*</valuePrefix>
<valueSuffix>*"</valueSuffix>
<delimiter> OR </delimiter>
</input>
<input type="multiselect" token="multiselect_marque" searchWhenChanged="true">
<label>Marque</label>
<choice value="Hirschmann">Hirshmann</choice>
<choice value="Cisco">Cisco</choice>
<choice value="*">ALL</choice>
<valuePrefix>device_type_name="*</valuePrefix>
<valueSuffix>*"</valueSuffix>
<delimiter> OR </delimiter>
</input>
<input type="time" token="filter_period">
<label>Période</label>
<default>
<earliest>-24h@h</earliest>
<latest>now</latest>
</default>
</input>
<input type="text" token="nom">
<label>nom</label>
<default>*</default>
<prefix>nom="*</prefix>
<suffix>*"</suffix>
<initialValue>*</initialValue>
</input>
<table>
<search>
<query>index="rth" OR index="rth_ge" OR index="rth_med" OR index="rms" OR index="rms_ge" OR index="rms_med"
| lookup wu_devices_dynamic.csv device_ip_address as host
| search $multiselect_token$
| search $device_type$
| search $multiselect_marque$
| rex field=_raw "%[A-Z0-9]+-(?&lt;severity_level&gt;[0-7])-[A-Z0-9_]+:"
| search severity_level = "*1*" OR severity_level = "*2*" OR severity_level = "*3*"
| stats sum(linecount) as nblog, values(device_type_name) as type, values(device_name) as nom,
values(severity_level) as lvlCritique,
values(device_path) as lieu by host
| table lieu, nom, type, host, nblog, lvlCritique</query>
<earliest>$filter_period.earliest$</earliest>
<latest>$filter_period.latest$</latest>
</search>
<option name="drilldown">cell</option>
<option name="refresh.display">preview</option>
<drilldown>
<link target="_blank">search?q=index ="rms" OR index="rth" | lookup wu_devices_dynamic.csv device_ip_address as host | search severity_id = $row.lvlCritique$ AND $row.host$</link>
</drilldown>
</table>
</panel>
<panel>
<title>nombre de log par lieu</title>
<chart>
<title>nombre de log</title>
<search>
<query>index ="rms" OR index="rth" source = udp:514
sourcetype = cisco:ios
| addinfo
| lookup wu_devices_dynamic.csv device_ip_address as host
| search $multiselect_token$
| search $device_type$
| search $multiselect_marque$
| rex field=_raw "%[A-Z0-9]+-(?&lt;severity_level&gt;[0-7])-[A-Z0-9_]+:"
| search severity_level = "*1*" OR severity_level = "*2*" OR severity_level = "*3*" OR severity_level = "*4*" OR severity_level = "*5*" OR severity_level = "*6*"
| stats sum(linecount) as nblog, values(device_type_name) as type, values(device_name) as nom by host
| table nom, type, host, nblog,</query>
<earliest>$filter_period.earliest$</earliest>
<latest>$filter_period.latest$</latest>
<refresh>30s</refresh>
<refreshType>delay</refreshType>
</search>
<option name="charting.chart">column</option>
<option name="charting.drilldown">all</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
</row>
</form>
Reference in new issue View Git Blame Copy Permalink