admingit
/
Splunk_deploy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bf0075621d'
${ noResults }
Splunk_deploy/deployment-apps/CEIP-RESEAU/local/data/ui/views/indicateursceip__info.xml

7 lines
25 KiB
Raw Blame History

<dashboard version="2" theme="light" hiddenElements="{&quot;hideEdit&quot;:false,&quot;hideOpenInSearch&quot;:false,&quot;hideExport&quot;:false}">
<label>Indicateurs-CEIP : Info</label>
<description></description>
<definition><![CDATA[{"visualizations":{"viz_single_2":{"type":"splunk.singlevalue","options":{"drilldown":"none","majorColor":"#0877a6"},"dataSources":{"primary":"ds_search_2"},"title":"Volume total d'alarmes \"cleared avant acquitement\""},"viz_single_5":{"type":"splunk.singlevalue","options":{"drilldown":"none","majorColor":"#53a051"},"dataSources":{"primary":"ds_search_5"},"showProgressBar":true,"title":"Temps acquittement moyen d'une alarme"},"viz_chart_1":{"type":"splunk.pie","dataSources":{"primary":"ds_search_6"},"title":"Répartition des alarmes acquittées en + ou - 60 minutes","options":{"labelDisplay":"valuesAndPercentage"}},"viz_single_6":{"type":"splunk.singlevalue","options":{"drilldown":"none","majorColor":"#4fa484"},"dataSources":{"primary":"ds_search_7"},"showProgressBar":true,"title":"Volume total d'alarmes"},"viz_single_7":{"type":"splunk.singlevalue","options":{"drilldown":"none","majorColor":"#0877a6"},"dataSources":{"primary":"ds_search_8"},"showProgressBar":true,"title":"Volume total d'alarmes \"cleared avant acquittement\""},"viz_single_10":{"type":"splunk.singlevalue","options":{"drilldown":"none","majorColor":"#53a051"},"dataSources":{"primary":"ds_search_11"},"showProgressBar":true,"title":"Temps acquittement moyen d'une alarme"},"viz_chart_2":{"type":"splunk.pie","dataSources":{"primary":"ds_search_12"},"showProgressBar":true,"title":"Répartition des alarmes acquittées en + ou - 60 minutes","options":{"labelDisplay":"valuesAndPercentage"}},"viz_twDJysq5":{"type":"splunk.singlevalue","dataSources":{"primary":"ds_wxhTzjmL"},"title":"Volume total d'alarmes non prises en compte","options":{"majorColor":"#af575a"}},"viz_091wpMFC":{"type":"splunk.singlevalue","dataSources":{"primary":"ds_6W9VWZxk"},"title":"Volume total d'alarmes non prises en compte","options":{"majorColor":"#af575a"}},"viz_a2PJGKz3":{"type":"splunk.markdown","options":{"markdown":"*Ce tableau de bord représente les métriques du mois de Juin 2024 :CEIP Info. Tous les contextes présents sur la TIC (Hydraulique, Nucléaire, Thermique) sont pris en compte dans ces métriques. Le contexte PaH n'est pas pris en compte car il se trouve sur un rebond différent (en attente du déploiement du splunk PaH).*"}},"viz_MXHldmuI":{"type":"splunk.markdown","options":{"markdown":"**Alarmes critiques + majeures (24h/24-7j/7)**","fontColor":"#0877a6"}},"viz_cvUx4StX":{"type":"splunk.rectangle","options":{"fillColor":"transparent","strokeColor":"#62b3b2","strokeWidth":5}},"viz_SfwMnrss":{"type":"splunk.markdown","options":{"markdown":"**Alarmes critiques + majeures HO**","fontColor":"#0877a6"}},"viz_00j4Vqdq":{"type":"splunk.rectangle","options":{"fillColor":"transparent","strokeColor":"#4fa484","strokeWidth":5}},"viz_4Wp4smHi":{"type":"splunk.singlevalue","dataSources":{"primary":"ds_L31ypjwZ"},"title":"Volume total d'alarmes","options":{"majorColor":"#4fa484"}},"viz_potoMHzv":{"type":"splunk.singlevalue","dataSources":{"primary":"ds_SVpoxaY5"},"title":"Volume total d'alarmes acquittées","options":{"majorColor":"#dc4e41"}},"viz_MnAJAQDj":{"type":"splunk.singlevalue","dataSources":{"primary":"ds_IQYLuC9z"},"title":"Volume total d'alarmes acquittées","options":{"majorColor":"#dc4e41"}}},"dataSources":{"ds_search_1":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" Severity=\"Critical\" OR Severity=\"Major\"\n| dedup id\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Info\" \n| stats count as \"Total number of alarm\"","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_search_2":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\"\n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000\n| search (NOT Acknowledged=true) Cleared=true Severity=\"Critical\" OR Severity=\"Major\"\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Info\" \n| stats count","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_search_3":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" | search Severity=\"Critical\" OR Severity=\"Major\"\n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search ( Owner=\"CEIP Info\") NOT Acknowledged=\"true\"\n|stats count as \"TOTAL\"","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_search_4":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" | search Severity=\"Critical\" OR Severity=\"Major\"\n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search (Owner=\"CEIP Info\") Acknowledged=\"true\"\n|stats count as \"TOTAL\"","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_search_5":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" (Creation_Date=* OR Acknowledged=\"true\") | search Severity=\"Critical\" OR Severity=\"Major\"\n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000\n | lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Info\" \n| eval ack_time_str = mvindex(Date,0)\n| rex field=ack_time_str \" (?<ack_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| rex field=Creation_Date \" (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| eval ack_time = strptime(ack_time_str,\"%Y-%m-%d %H:%M:%S\")\n| eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400))\n| eval begin_week_day = strftime(begin_day*86400,\"%w\") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day))\n| eval begin_week = floor((begin_day-3)/7)\n| eval ack_day=if(ack_hour>=17,floor((ack_time+7200)/86400)+1,floor((ack_time+7200)/86400))\n| eval ack_week_day = strftime(ack_day*86400,\"%w\") | eval ack_day = if(ack_week_day==0,ack_day+1,if(ack_week_day==6,ack_day+2,ack_day)) \n| eval ack_week = floor((ack_day-3)/7)\n| eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time)\n| eval ack_date = if(ack_hour>=17 OR ack_hour<8 OR ack_week_day==0 OR ack_week_day==6,ack_day*86400+21600,ack_time)\n| eval diffday = ack_day-begin_day\n| eval diffweek = ack_week-begin_week\n| eval ack_duration = round((ack_date-begin_date)-(diffday*54000)-(diffweek*64800))\n| search ack_duration!=0\n| stats avg(ack_duration) as moyenne_s| eval moyenne_s =tostring(round(moyenne_s),\"duration\")\n| eval moyenne_s=replace(moyenne_s,\"\\+\",\" jour(s) \") \n| eval moyenne_s=replace(moyenne_s,\"([0-9]{2}):([0-9]{2}):([0-9]{2})\",\"\\1h\\2m\\3s\")","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_search_6":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" (Creation_Date=* OR Acknowledged=\"true\") | search Severity=\"Critical\" OR Severity=\"Major\"\n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000\n | lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Info\" \n| eval ack_time_str = mvindex(Date,0)\n| rex field=ack_time_str \" (?<ack_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| rex field=Creation_Date \" (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| eval ack_time = strptime(ack_time_str,\"%Y-%m-%d %H:%M:%S\")\n| eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400))\n| eval begin_week_day = strftime(begin_day*86400,\"%w\") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day))\n| eval begin_week = floor((begin_day-3)/7)\n| eval ack_day=if(ack_hour>=17,floor((ack_time+7200)/86400)+1,floor((ack_time+7200)/86400))\n| eval ack_week_day = strftime(ack_day*86400,\"%w\") | eval ack_day = if(ack_week_day==0,ack_day+1,if(ack_week_day==6,ack_day+2,ack_day)) \n| eval ack_week = floor((ack_day-3)/7)\n| eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time)\n| eval ack_date = if(ack_hour>=17 OR ack_hour<8 OR ack_week_day==0 OR ack_week_day==6,ack_day*86400+21600,ack_time)\n| eval diffday = ack_day-begin_day\n| eval diffweek = ack_week-begin_week\n| eval ack_duration = round((ack_date-begin_date)-(diffday*54000)-(diffweek*64800))\n| search ack_duration!=0\n|eval ack_duration=if(ack_duration<=3600,\"moins de 60 minutes\",\"plus de 60 minutes\") |stats count by ack_duration","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_search_7":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" Creation_Date=* Severity=\"Critical\" OR Severity=\"Major\" \n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Info\" \n| rex field=Creation_Date \" (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| where begin_hour >= 8 and begin_hour <17\n| eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400))\n| eval begin_week_day = strftime(begin_day*86400,\"%w\") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day))\n| where begin_week_day !=0 and begin_week_day!=6 \n| eval begin_week = floor((begin_day-3)/7)\n| eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time)\n|stats count as \"Nombre d'alarmes\"","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_search_8":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\"\n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Info\"\n| search (NOT Acknowledged=true) Cleared=true Severity=\"Critical\" OR Severity=\"Major\"\n| rex field=Creation_Date \" (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| where begin_hour >= 8 and begin_hour <17\n| eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400))\n| eval begin_week_day = strftime(begin_day*86400,\"%w\") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day))\n| where begin_week_day !=0 and begin_week_day!=6 \n| eval begin_week = floor((begin_day-3)/7)\n| eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time)\n|stats count as \"Nombre d'alarmes\"","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_search_9":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" Severity=\"Critical\" OR Severity=\"Major\" \n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search ( Owner=\"CEIP Info\") NOT Acknowledged=\"true\"\n| rex field=Creation_Date \" (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| where begin_hour >= 8 and begin_hour <17\n| eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400))\n| eval begin_week_day = strftime(begin_day*86400,\"%w\") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day))\n| where begin_week_day !=0 and begin_week_day!=6 \n| eval begin_week = floor((begin_day-3)/7)\n| eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time)\n|stats count as \"Nombre d'alarmes\"","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_search_10":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" Severity=\"Critical\" OR Severity=\"Major\" \n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search ( Owner=\"CEIP Info\") Acknowledged=\"true\"\n| rex field=Creation_Date \" (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| where begin_hour >= 8 and begin_hour <17\n| eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400))\n| eval begin_week_day = strftime(begin_day*86400,\"%w\") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day))\n| where begin_week_day !=0 and begin_week_day!=6 \n| eval begin_week = floor((begin_day-3)/7)\n| eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time)\n|stats count as \"Nombre d'alarmes\"","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_search_11":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" (Creation_Date=* OR Acknowledged=\"true\") Severity=\"Critical\" OR Severity=\"Major\" \n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Info\" \n| eval ack_time_str = mvindex(Date,0)\n| rex field=ack_time_str \" (?<ack_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| rex field=Creation_Date \" (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| where begin_hour >= 8 and begin_hour <17\n| eval ack_time = strptime(ack_time_str,\"%Y-%m-%d %H:%M:%S\")\n| eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400))\n| eval begin_week_day = strftime(begin_day*86400,\"%w\") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day))\n| where begin_week_day !=0 and begin_week_day!=6 \n| eval begin_week = floor((begin_day-3)/7)\n| eval ack_day=if(ack_hour>=17,floor((ack_time+7200)/86400)+1,floor((ack_time+7200)/86400))\n| eval ack_week_day = strftime(ack_day*86400,\"%w\") | eval ack_day = if(ack_week_day==0,ack_day+1,if(ack_week_day==6,ack_day+2,ack_day)) \n| eval ack_week = floor((ack_day-3)/7)\n| eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time)\n| eval ack_date = if(ack_hour>=17 OR ack_hour<8 OR ack_week_day==0 OR ack_week_day==6,ack_day*86400+21600,ack_time)\n| eval diffday = ack_day-begin_day\n| eval diffweek = ack_week-begin_week\n| eval ack_duration = round((ack_date-begin_date)-(diffday*54000)-(diffweek*64800))\n| search ack_duration!=0\n| stats avg(ack_duration) as moyenne_s| eval moyenne_s =tostring(round(moyenne_s),\"duration\")\n| eval moyenne_s=replace(moyenne_s,\"\\+\",\" jour(s) \") \n| eval moyenne_s=replace(moyenne_s,\"([0-9]{2}):([0-9]{2}):([0-9]{2})\",\"\\1h\\2m\\3s\")","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_search_12":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" (Creation_Date=* OR Acknowledged=\"true\") Severity=\"Critical\" OR Severity=\"Major\" \n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Info\" | eval ack_time_str = mvindex(Date,0)\n| rex field=ack_time_str \" (?<ack_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| rex field=Creation_Date \" (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| where begin_hour >= 8 and begin_hour <17\n| eval ack_time = strptime(ack_time_str,\"%Y-%m-%d %H:%M:%S\")\n| eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400))\n| eval begin_week_day = strftime(begin_day*86400,\"%w\") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day))\n| where begin_week_day !=0 and begin_week_day!=6 \n| eval begin_week = floor((begin_day-3)/7)\n| eval ack_day=if(ack_hour>=17,floor((ack_time+7200)/86400)+1,floor((ack_time+7200)/86400))\n| eval ack_week_day = strftime(ack_day*86400,\"%w\") | eval ack_day = if(ack_week_day==0,ack_day+1,if(ack_week_day==6,ack_day+2,ack_day)) \n| eval ack_week = floor((ack_day-3)/7)\n| eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time)\n| eval ack_date = if(ack_hour>=17 OR ack_hour<8 OR ack_week_day==0 OR ack_week_day==6,ack_day*86400+21600,ack_time)\n| eval diffday = ack_day-begin_day\n| eval diffweek = ack_week-begin_week\n| eval ack_duration = round((ack_date-begin_date)-(diffday*54000)-(diffweek*64800))\n| search ack_duration!=0\n|eval ack_duration=if(ack_duration<=3600,\"moins de 60 minutes\",\"plus de 60 minutes\") |stats count by ack_duration","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_a8add3Jw_ds_search_3":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" | search Severity=\"Critical\" OR Severity=\"Major\"\n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search ( Owner=\"CEIP Info\" ) NOT Acknowledged=\"true\"\n|stats count as \"TOTAL\"","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_wxhTzjmL":{"type":"ds.search","options":{"queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"},"query":"index=\"idx_tic_spectrum\"\n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000\n| search (NOT Acknowledged=true) NOT Cleared=true (Severity=\"Critical\" OR Severity=\"Major\")\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Info\" \n| stats count"},"name":"Search_1"},"ds_6W9VWZxk":{"type":"ds.search","options":{"queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"},"query":"index=\"idx_tic_spectrum\"\n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Info\"\n| search (NOT Acknowledged=true) NOT Cleared=true (Severity=\"Critical\" OR Severity=\"Major\")\n| rex field=Creation_Date \" (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| where begin_hour >= 8 and begin_hour <17\n| eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400))\n| eval begin_week_day = strftime(begin_day*86400,\"%w\") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day))\n| where begin_week_day !=0 and begin_week_day!=6 \n| eval begin_week = floor((begin_day-3)/7)\n| eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time)\n|stats count as \"Nombre d'alarmes\""},"name":"Search_2"},"ds_L31ypjwZ":{"type":"ds.search","options":{"queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"},"query":"index=\"idx_tic_spectrum\"\n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000 \n| search Severity=\"Critical\" OR Severity=\"Major\"\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Info\"\n| stats count"},"name":"Search_3"},"ds_SVpoxaY5":{"type":"ds.search","options":{"queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"},"query":"index=\"idx_tic_spectrum\" \n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000\n| search Severity=\"Critical\" OR Severity=\"Major\"\n|search Acknowledged=\"true\"\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search (Owner=\"CEIP Info\") \n|stats count as \"TOTAL\""},"name":"Search_4"},"ds_YhV0CcUw_ds_search_2":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\"\n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000\n| search (NOT Acknowledged=true) Cleared=true Severity=\"Critical\" OR Severity=\"Major\"\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Info\" \n| stats count","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_XuHtFNhm_ds_search_5":{"type":"ds.search","options":{"query":"index=\"idx_tic_spectrum\" (Creation_Date=* OR Acknowledged=\"true\") | search Severity=\"Critical\" OR Severity=\"Major\"\n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000\n | lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search Owner=\"CEIP Info\" \n| eval ack_time_str = mvindex(Date,0)\n| rex field=ack_time_str \" (?<ack_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| rex field=Creation_Date \" (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| eval ack_time = strptime(ack_time_str,\"%Y-%m-%d %H:%M:%S\")\n| eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400))\n| eval begin_week_day = strftime(begin_day*86400,\"%w\") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day))\n| eval begin_week = floor((begin_day-3)/7)\n| eval ack_day=if(ack_hour>=17,floor((ack_time+7200)/86400)+1,floor((ack_time+7200)/86400))\n| eval ack_week_day = strftime(ack_day*86400,\"%w\") | eval ack_day = if(ack_week_day==0,ack_day+1,if(ack_week_day==6,ack_day+2,ack_day)) \n| eval ack_week = floor((ack_day-3)/7)\n| eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time)\n| eval ack_date = if(ack_hour>=17 OR ack_hour<8 OR ack_week_day==0 OR ack_week_day==6,ack_day*86400+21600,ack_time)\n| eval diffday = ack_day-begin_day\n| eval diffweek = ack_week-begin_week\n| eval ack_duration = round((ack_date-begin_date)-(diffday*54000)-(diffweek*64800))\n| search ack_duration!=0\n| stats avg(ack_duration) as moyenne_s| eval moyenne_s =tostring(round(moyenne_s),\"duration\")\n| eval moyenne_s=replace(moyenne_s,\"\\+\",\" jour(s) \") \n| eval moyenne_s=replace(moyenne_s,\"([0-9]{2}):([0-9]{2}):([0-9]{2})\",\"\\1h\\2m\\3s\")","queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"}}},"ds_IQYLuC9z":{"type":"ds.search","options":{"queryParameters":{"earliest":"$tk_time.earliest$","latest":"$tk_time.latest$"},"query":"index=\"idx_tic_spectrum\" \n| transaction id keepevicted=true keeporphans=true maxopentxn=10000000\n| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\n| search ( Owner=\"CEIP Info\") \n|search Severity=\"Critical\" OR Severity=\"Major\" Acknowledged=\"true\"\n| rex field=Creation_Date \" (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}\"\n| where begin_hour >= 8 and begin_hour <17\n| eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400))\n| eval begin_week_day = strftime(begin_day*86400,\"%w\") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day))\n| where begin_week_day !=0 and begin_week_day!=6 \n| eval begin_week = floor((begin_day-3)/7)\n| eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time)\n|stats count as \"Nombre d'alarmes\""},"name":"Search_5"}},"defaults":{"dataSources":{"ds.search":{"options":{"queryParameters":{}}}}},"inputs":{"input_1":{"type":"input.timerange","title":"Période de temps souhaitée","options":{"token":"tk_time","defaultValue":"2024-04-30T22:00:00.000Z,2024-05-31T22:00:00.000Z"}}},"layout":{"type":"absolute","options":{"submitButton":false,"display":"auto-scale","height":2476},"structure":[{"item":"viz_single_2","type":"block","position":{"x":120,"y":270,"w":380,"h":140}},{"item":"viz_single_5","type":"block","position":{"x":120,"y":690,"w":380,"h":140}},{"item":"viz_chart_1","type":"block","position":{"x":120,"y":830,"w":380,"h":160}},{"item":"viz_single_6","type":"block","position":{"x":600,"y":130,"w":380,"h":140}},{"item":"viz_single_7","type":"block","position":{"x":600,"y":270,"w":380,"h":140}},{"item":"viz_single_10","type":"block","position":{"x":600,"y":690,"w":380,"h":140}},{"item":"viz_chart_2","type":"block","position":{"x":600,"y":830,"w":380,"h":160}},{"item":"viz_twDJysq5","type":"block","position":{"x":120,"y":410,"w":380,"h":140}},{"item":"viz_091wpMFC","type":"block","position":{"x":600,"y":410,"w":380,"h":140}},{"item":"viz_a2PJGKz3","type":"block","position":{"x":0,"y":10,"w":1190,"h":50}},{"item":"viz_MXHldmuI","type":"block","position":{"x":150,"y":70,"w":300,"h":50}},{"item":"viz_cvUx4StX","type":"block","position":{"x":80,"y":110,"w":470,"h":920}},{"item":"viz_SfwMnrss","type":"block","position":{"x":660,"y":70,"w":300,"h":50}},{"item":"viz_00j4Vqdq","type":"block","position":{"x":560,"y":110,"w":470,"h":920}},{"item":"viz_4Wp4smHi","type":"block","position":{"x":120,"y":130,"w":380,"h":140}},{"item":"viz_potoMHzv","type":"block","position":{"x":120,"y":550,"w":380,"h":140}},{"item":"viz_MnAJAQDj","type":"block","position":{"x":600,"y":550,"w":380,"h":140}}],"globalInputs":["input_1"]},"description":"","title":"Indicateurs-CEIP : Info"}]]></definition>
<assets><![CDATA[{}]]></assets>
</dashboard>
Reference in new issue View Git Blame Copy Permalink