You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
144 lines
6.9 KiB
144 lines
6.9 KiB
<form>
|
|
<label>Mur Image</label>
|
|
<fieldset submitButton="false">
|
|
<input type="time" token="tk_time">
|
|
<label>Période</label>
|
|
<default>
|
|
<earliest>-7d@h</earliest>
|
|
<latest>now</latest>
|
|
</default>
|
|
</input>
|
|
<input type="dropdown" token="tk_contexte">
|
|
<label>Contexte</label>
|
|
<choice value="*">Tous</choice>
|
|
<choice value=""TIH*"">Hydro</choice>
|
|
<choice value=""CNPE*"">Nuc</choice>
|
|
<default>*</default>
|
|
</input>
|
|
</fieldset>
|
|
<row>
|
|
<panel>
|
|
<title>Historique perte PA</title>
|
|
<table>
|
|
<search>
|
|
<query>index="spectrum_tic"
|
|
| transaction id keepevicted=true keeporphans=true
|
|
| lookup spectrum_devices_dynamic.csv IP AS Network_Address OUTPUT Location
|
|
| search Location=$tk_contexte$
|
|
| search (Model_Name="PA2*" OR Model_Name="PIAF*") "Alarm_Title"="*PING KO*"
|
|
| eval begin = strftime(_time,"%Y-%m-%d %H:%M:%S") | eval end = strftime(_time+duration,"%Y-%m-%d %H:%M:%S")
|
|
| eval duree=tostring(duration, "duration")
|
|
| table begin, end, "Model_Name",duration,duree
|
|
| sort -duration | head 5
|
|
| fields begin, end, "Model_Name",duree</query>
|
|
<earliest>$tk_time.earliest$</earliest>
|
|
<latest>$tk_time.latest$</latest>
|
|
</search>
|
|
<option name="drilldown">none</option>
|
|
<option name="refresh.display">progressbar</option>
|
|
</table>
|
|
</panel>
|
|
<panel>
|
|
<title>Equipements Avec/Sans alarmes critiques</title>
|
|
<chart>
|
|
<search>
|
|
<query>index="Spectrum_tic"
|
|
| transaction id keepevicted=true keeporphans=true startswith="Creation_Date" endswith="Cleared" maxopentxn=100000
|
|
| search Severity=Critical Acknowledged=false (NOT Cleared=true)
|
|
| lookup spectrum_devices_dynamic.csv IP AS Network_Address OUTPUT Owner
|
|
| search Owner="CEIP Reseau" Location=$tk_contexte$
|
|
| rex field="Model_Name" "(?<name>.*)_((Fa)|(Gi))?[0-9]/[0-9]+(/[0-9]+)?"
|
|
| eval name = if(isnull(name),Model_Name,name)
|
|
| stats count by name | stats count as "Eqts avec Alarme"
|
|
| appendcols [| inputlookup spectrum_devices_dynamic.csv
|
|
| search Owner="CEIP Reseau" Location=$tk_contexte$
|
|
| stats count as "Nb_eqt_total"]
|
|
| eval "Eqts sans Alarmes" = 'Nb_eqt_total' - 'Eqts avec Alarme'
|
|
| fields "Eqts avec Alarme" "Eqts sans Alarmes" | transpose</query>
|
|
<earliest>-30d@d</earliest>
|
|
<latest>now</latest>
|
|
</search>
|
|
<option name="charting.chart">pie</option>
|
|
<option name="charting.drilldown">none</option>
|
|
<option name="refresh.display">progressbar</option>
|
|
</chart>
|
|
</panel>
|
|
<panel>
|
|
<title>Equipements ayant généré le plus d'alarmes</title>
|
|
<chart>
|
|
<search>
|
|
<query>index=spectrum_tic "Creation_Date"=*
|
|
| transaction id keepevicted=true keeporphans=true
|
|
| lookup spectrum_devices_dynamic.csv IP AS Network_Address OUTPUT Owner Location
|
|
| search Owner="CEIP Reseau" Location=$tk_contexte$
|
|
| rex field=Model_Name "(?<devname>.*)_[0-9](/[0-9])?(/[0-9]{2})?"
|
|
| eval Model_Name = if(isnotnull(devname),devname,Model_Name)
|
|
| stats count as "Nb Alarmes" by "Model_Name","Network_Address"
|
|
| fields Model_Name "Nb Alarmes"
|
|
| sort -"Nb Alarmes" | head 5</query>
|
|
<earliest>$tk_time.earliest$</earliest>
|
|
<latest>$tk_time.latest$</latest>
|
|
</search>
|
|
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
|
|
<option name="charting.chart">column</option>
|
|
<option name="charting.drilldown">none</option>
|
|
<option name="refresh.display">progressbar</option>
|
|
</chart>
|
|
</panel>
|
|
</row>
|
|
<row>
|
|
<panel>
|
|
<title>Alarmes les plus fréquentes</title>
|
|
<table>
|
|
<search>
|
|
<query>index="Spectrum_tic" Creation_Date=* Acknowledged=false Severity=*
|
|
| lookup spectrum_devices_dynamic.csv IP AS Network_Address OUTPUT Owner Location
|
|
| search Owner="CEIP Reseau" Location=$tk_contexte$
|
|
| stats count by Severity,Network_Address,Model_Name,Alarm_Title,Location | sort -count | head 5</query>
|
|
<earliest>$tk_time.earliest$</earliest>
|
|
<latest>$tk_time.latest$</latest>
|
|
</search>
|
|
<option name="drilldown">none</option>
|
|
<option name="refresh.display">progressbar</option>
|
|
<format type="color" field="Severity">
|
|
<colorPalette type="map">{"Critical":#DC4E41,"Major":#F1813F,"Minor":#F8BE34}</colorPalette>
|
|
</format>
|
|
</table>
|
|
</panel>
|
|
</row>
|
|
<row>
|
|
<panel>
|
|
<title>Logs les plus fréquents (4 derniéres heures)</title>
|
|
<table>
|
|
<search>
|
|
<query>host="*"
|
|
| eval network_name=case(index=="eexp","eexp",index=="rth","rth",index=="rth_ge","rth",index=="rth_med","rth",index=="rms","rms",index=="rms_ge","rms",index=="rms_med","rms",index=="rmstel","rmstel",index=="rtdpih","rtdpih",index=="spp","spp")
|
|
| lookup spectrum_devices_dynamic.csv IP AS host OUTPUTNEW Model_type,Hostname,Owner,Location
|
|
| search Model_type="*Cisco*" Location=$tk_contexte$
|
|
| rex "%[A-Z_]+-(?<severity>[0-9])-[A-Z_]+"
|
|
| search severity<=4 AND NOT UPDOWN AND NOT "*RADIUS-4-RADIUS*" AND NOT "*SYS-2-PRIVCFG_ENCRYPT*"
|
|
| eval log = _raw
|
|
| eval log = replace (log,"\([0-9a-f]+-[0-9a-f]+-[0-9a-f]+-[0-9a-f]+\)","")
|
|
| eval log = replace (log,"(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)","<IP>")
|
|
| eval log = replace (log,"[0-9a-fA-F]{4}[\\.:][0-9a-fA-F]{4}[\\.:][0-9a-fA-F]{4}","<Mac>")
|
|
| eval log = replace (log,"(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\.[0-9]{3})?","<Heure>")
|
|
| eval log = replace (log,"((Mon|Tue|Wed|Thu|Fri|Sat|Sun) )?(J[Aa][Nn]|F[Ee][Bb]|M[Aa][Rr]|A[Pp][Rr]|M[Aa][Yy]|J[Uu][Nn]|J[Uu][Ll]|A[Uu][Gg]|S[Ee][Pp]|O[Cc][Tt]|N[Oo][Vv]|D[Ee][Cc]) +(3[01]|[0-2]?[0-9]) ([1-2][0-9]{3})?","<Date>")
|
|
| eval log = replace (log,"[1-2][0-9]{3}-(1[0-2]|0?[0-9])-(3[01]|[0-2]?[0-9])","<Date>")
|
|
| eval log = replace (log,"[Uu][Nn][Ii][Tt][Ee][Pp]\\\\[A-Za-z0-9_]+","<Login>")
|
|
| eval log = replace (log,"[\-A-Z_0-9\.]{4,5}H(\.)?[A-Z0-9]{3}(\.)?RZ[0-9]{2}(\.)?[A-Z]{2}[0-9]{2}(\.rms_step\.dpih\.fr|\.edf\.fr)?","<device name>")
|
|
| eval log = replace (log,"<device name>_[0-9]/[0-9]/[0-9]{1,2}","<device name>_<Interface>")
|
|
| eval log = replace (log,"(Fa(stEthernet)?|Gi(gabitEthernet)?|Te(ngigabitEthernet)?) ?[0-9]+/[0-9]+/?[0-9]*","<Interface>")
|
|
| eval log = replace (log,"logged command:.*","logged command:<Cmd>")
|
|
| eval log = replace (log,"([ ,:;=])[0-9]+([ ,:;])","\1<Num>\2")
|
|
| eval log = replace (log,"([\[\(])[0-9]+([\]\)])","\1<Num>\2")
|
|
| eval log = replace (log," [0-9]+$"," <Num>")
|
|
| top 1 log by host, Hostname, index | fields host Hostname index log count | sort -count | head 5</query>
|
|
<earliest>-4h@m</earliest>
|
|
<latest>now</latest>
|
|
</search>
|
|
<option name="drilldown">none</option>
|
|
<option name="refresh.display">progressbar</option>
|
|
</table>
|
|
</panel>
|
|
</row>
|
|
</form> |