From a16f73362234fa2ceba29803ac4e869108b2197d Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 2 Jul 2021 09:35:04 -0400 Subject: [PATCH 001/266] add individual panels --- salt/grafana/panels/cpu_usage_idle.json.jinja | 212 +++++ .../grafana/panels/cpu_usage_tasks.json.jinja | 741 ++++++++++++++++++ salt/grafana/panels/disk_io.json.jinja | 296 +++++++ salt/grafana/panels/disk_used_nsm.json.jinja | 194 +++++ salt/grafana/panels/disk_used_root.json.jinja | 194 +++++ .../panels/elasticsearch_cpu_usage.json.jinja | 212 +++++ .../elasticsearch_documents_count.json.jinja | 123 +++ ...ticsearch_field_data_cache_size.json.jinja | 184 +++++ .../elasticsearch_store_size.json.jinja | 188 +++++ .../elasticsearch_thread_count.json.jinja | 185 +++++ salt/grafana/panels/estimated_eps.json.jinja | 185 +++++ .../panels/influxdb_cpu_usage.json.jinja | 209 +++++ salt/grafana/panels/influxdb_size.json.jinja | 184 +++++ .../panels/influxdb_traffic.json.jinja | 345 ++++++++ salt/grafana/panels/io_wait.json.jinja | 185 +++++ .../panels/kibana_cpu_usage.json.jinja | 209 +++++ salt/grafana/panels/load_average.json.jinja | 466 +++++++++++ .../panels/logstash_cpu_usage.json.jinja | 209 +++++ .../panels/logstash_traffic.json.jinja | 344 ++++++++ .../panels/management_traffic.json.jinja | 365 +++++++++ salt/grafana/panels/memory.json.jinja | 483 ++++++++++++ salt/grafana/panels/memory_used.json.jinja | 271 +++++++ .../grafana/panels/monitor_traffic.json.jinja | 236 ++++++ .../panels/pcap_packet_loss.json.jinja | 189 +++++ salt/grafana/panels/pcap_retention.json.jinja | 189 +++++ .../panels/processes_states.json.jinja | 374 +++++++++ salt/grafana/panels/proxy_traffic.json.jinja | 344 ++++++++ .../grafana/panels/redis_cpu_usage.json.jinja | 213 +++++ .../panels/redis_memory_usage.json.jinja | 197 +++++ salt/grafana/panels/redis_queue.json.jinja | 185 +++++ .../panels/stenographer_cpu_usage.json.jinja | 213 +++++ .../stenographer_memory_usage.json.jinja | 201 +++++ .../panels/suricata_cpu_usage.json.jinja | 212 +++++ .../panels/suricata_memory_usage.json.jinja | 200 +++++ .../panels/suricata_packet_loss.json.jinja | 200 +++++ salt/grafana/panels/system_uptime.json.jinja | 91 +++ salt/grafana/panels/total_threads.json.jinja | 192 +++++ .../panels/zeek_capture_loss.json.jinja | 185 +++++ salt/grafana/panels/zeek_cpu_usage.json.jinja | 212 +++++ .../panels/zeek_memory_usage.json.jinja | 200 +++++ .../panels/zeek_packet_loss.json.jinja | 201 +++++ .../zeek_restarts_healthcheck.json.jinja | 93 +++ 42 files changed, 10111 insertions(+) create mode 100644 salt/grafana/panels/cpu_usage_idle.json.jinja create mode 100644 salt/grafana/panels/cpu_usage_tasks.json.jinja create mode 100644 salt/grafana/panels/disk_io.json.jinja create mode 100644 salt/grafana/panels/disk_used_nsm.json.jinja create mode 100644 salt/grafana/panels/disk_used_root.json.jinja create mode 100644 salt/grafana/panels/elasticsearch_cpu_usage.json.jinja create mode 100644 salt/grafana/panels/elasticsearch_documents_count.json.jinja create mode 100644 salt/grafana/panels/elasticsearch_field_data_cache_size.json.jinja create mode 100644 salt/grafana/panels/elasticsearch_store_size.json.jinja create mode 100644 salt/grafana/panels/elasticsearch_thread_count.json.jinja create mode 100644 salt/grafana/panels/estimated_eps.json.jinja create mode 100644 salt/grafana/panels/influxdb_cpu_usage.json.jinja create mode 100644 salt/grafana/panels/influxdb_size.json.jinja create mode 100644 salt/grafana/panels/influxdb_traffic.json.jinja create mode 100644 salt/grafana/panels/io_wait.json.jinja create mode 100644 salt/grafana/panels/kibana_cpu_usage.json.jinja create mode 100644 salt/grafana/panels/load_average.json.jinja create mode 100644 salt/grafana/panels/logstash_cpu_usage.json.jinja create mode 100644 salt/grafana/panels/logstash_traffic.json.jinja create mode 100644 salt/grafana/panels/management_traffic.json.jinja create mode 100644 salt/grafana/panels/memory.json.jinja create mode 100644 salt/grafana/panels/memory_used.json.jinja create mode 100644 salt/grafana/panels/monitor_traffic.json.jinja create mode 100644 salt/grafana/panels/pcap_packet_loss.json.jinja create mode 100644 salt/grafana/panels/pcap_retention.json.jinja create mode 100644 salt/grafana/panels/processes_states.json.jinja create mode 100644 salt/grafana/panels/proxy_traffic.json.jinja create mode 100644 salt/grafana/panels/redis_cpu_usage.json.jinja create mode 100644 salt/grafana/panels/redis_memory_usage.json.jinja create mode 100644 salt/grafana/panels/redis_queue.json.jinja create mode 100644 salt/grafana/panels/stenographer_cpu_usage.json.jinja create mode 100644 salt/grafana/panels/stenographer_memory_usage.json.jinja create mode 100644 salt/grafana/panels/suricata_cpu_usage.json.jinja create mode 100644 salt/grafana/panels/suricata_memory_usage.json.jinja create mode 100644 salt/grafana/panels/suricata_packet_loss.json.jinja create mode 100644 salt/grafana/panels/system_uptime.json.jinja create mode 100644 salt/grafana/panels/total_threads.json.jinja create mode 100644 salt/grafana/panels/zeek_capture_loss.json.jinja create mode 100644 salt/grafana/panels/zeek_cpu_usage.json.jinja create mode 100644 salt/grafana/panels/zeek_memory_usage.json.jinja create mode 100644 salt/grafana/panels/zeek_packet_loss.json.jinja create mode 100644 salt/grafana/panels/zeek_restarts_healthcheck.json.jinja diff --git a/salt/grafana/panels/cpu_usage_idle.json.jinja b/salt/grafana/panels/cpu_usage_idle.json.jinja new file mode 100644 index 000000000..88f246b2c --- /dev/null +++ b/salt/grafana/panels/cpu_usage_idle.json.jinja @@ -0,0 +1,212 @@ +{ + "aliasColors": {}, + "bars": false, + "cacheTimeout": null, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "unit": "percent" + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 4, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Usage Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_idle" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "* -1 + 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ] + }, + { + "alias": "Usage Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_usage_idle" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "* -1 + 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - CPU", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/cpu_usage_tasks.json.jinja b/salt/grafana/panels/cpu_usage_tasks.json.jinja new file mode 100644 index 000000000..014e10ee7 --- /dev/null +++ b/salt/grafana/panels/cpu_usage_tasks.json.jinja @@ -0,0 +1,741 @@ +{ + "aliasColors": { + "Interrupt": "#70DBED", + "Nice": "#629E51", + "SoftIRQ": "#EA6460", + "System": "#BF1B00", + "User": "#1F78C1", + "Wait": "#F2C96D", + "cpu.mean": "#629E51" + }, + "dashLength": 10, + "datasource": "InfluxDB", + "editable": true, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 4, + "grid": {}, + "gridPos": { + "h": 5, + "w": 8, + "x": 0, + "y": 10 + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "pluginVersion": "7.5.4", + "pointradius": 5, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "targets": [ + { + "alias": "System Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(\"usage_system\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_system" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ] + }, + { + "alias": "User Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(\"usage_user\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_user" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ] + }, + { + "alias": "Nice Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(\"usage_nice\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_nice" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ] + }, + { + "alias": "Interrupt Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(\"usage_irq\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": true, + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_irq" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ] + }, + { + "alias": "Wait Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(\"usage_iowait\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": true, + "refId": "E", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_iowait" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ] + }, + { + "alias": "SoftIRQ Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(\"usage_softirq\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": true, + "refId": "F", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_softirq" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ] + }, + { + "alias": "System Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "so_long_term", + "query": "SELECT mean(\"usage_system\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "G", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_usage_system" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ] + }, + { + "alias": "User Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "so_long_term", + "query": "SELECT mean(\"usage_user\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "H", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_usage_user" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ] + }, + { + "alias": "Nice Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "so_long_term", + "query": "SELECT mean(\"usage_nice\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "I", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_usage_nice" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ] + }, + { + "alias": "Interrupt Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "so_long_term", + "query": "SELECT mean(\"usage_irq\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "J", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_usage_irq" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ] + }, + { + "alias": "Wait Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "so_long_term", + "query": "SELECT mean(\"usage_iowait\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "K", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_usage_iowait" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ] + }, + { + "alias": "SoftIRQ Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "so_long_term", + "query": "SELECT mean(\"usage_softirq\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "L", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_usage_softirq" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ] + } + ], + "thresholds": [], + "timeRegions": [], + "title": "{{ SERVERNAME }} - CPU Usage", + "tooltip": { + "msResolution": true, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "label": "Percent(%)", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + }, + "bars": false, + "dashes": false, + "error": false, + "fillGradient": 0, + "hiddenSeries": false, + "percentage": false, + "points": false, + "stack": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/disk_io.json.jinja b/salt/grafana/panels/disk_io.json.jinja new file mode 100644 index 000000000..dde4a55a4 --- /dev/null +++ b/salt/grafana/panels/disk_io.json.jinja @@ -0,0 +1,296 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 5, + "w": 8, + "x": 0, + "y": 35 + }, + "hiddenSeries": false, + "id": 13, + "legend": { + "avg": false, + "current": true, + "max": false, + "min": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Read Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "diskio", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "read_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [], + "type": "non_negative_difference" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Write Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "diskio", + "orderByTime": "ASC", + "policy": "default", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "write_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [], + "type": "non_negative_difference" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Read Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": true, + "measurement": "diskio", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_read_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [], + "type": "non_negative_difference" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Write Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": true, + "measurement": "diskio", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_write_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [], + "type": "non_negative_difference" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - Disk I/O", + "tooltip": { + "msResolution": true, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/disk_used_nsm.json.jinja b/salt/grafana/panels/disk_used_nsm.json.jinja new file mode 100644 index 000000000..cce953ecb --- /dev/null +++ b/salt/grafana/panels/disk_used_nsm.json.jinja @@ -0,0 +1,194 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 4, + "x": 4, + "y": 5 + }, + "hiddenSeries": false, + "id": 74, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Used Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "disk", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "used_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "path", + "operator": "=", + "value": "/nsm" + } + ] + }, + { + "alias": "Used Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "disk", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_used_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "path", + "operator": "=", + "value": "/nsm" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - Disk Used(/nsm)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/disk_used_root.json.jinja b/salt/grafana/panels/disk_used_root.json.jinja new file mode 100644 index 000000000..c4c76ada3 --- /dev/null +++ b/salt/grafana/panels/disk_used_root.json.jinja @@ -0,0 +1,194 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 4, + "x": 0, + "y": 5 + }, + "hiddenSeries": false, + "id": 73, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Used Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "disk", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "used_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "path", + "operator": "=", + "value": "/" + } + ] + }, + { + "alias": "Used Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "disk", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_used_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "path", + "operator": "=", + "value": "/" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - Disk Used(/)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/elasticsearch_cpu_usage.json.jinja b/salt/grafana/panels/elasticsearch_cpu_usage.json.jinja new file mode 100644 index 000000000..a8a9230f4 --- /dev/null +++ b/salt/grafana/panels/elasticsearch_cpu_usage.json.jinja @@ -0,0 +1,212 @@ +{ + "aliasColors": {}, + "bars": false, + "cacheTimeout": null, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 4, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 35, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Usage Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_cpu", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + " /{{ CPUS }}" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-elasticsearch" + } + ] + }, + { + "alias": "Usage Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "docker_container_cpu", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_usage_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + " /{{ CPUS }}" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-elasticsearch" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - ES CPU Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/elasticsearch_documents_count.json.jinja b/salt/grafana/panels/elasticsearch_documents_count.json.jinja new file mode 100644 index 000000000..91c33396d --- /dev/null +++ b/salt/grafana/panels/elasticsearch_documents_count.json.jinja @@ -0,0 +1,123 @@ +{ + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 4, + "x": 8, + "y": 40 + }, + "id": 33, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": true, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "elasticsearch_indices", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "docs_count" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + } + ], + "thresholds": "", + "title": "{{ SERVERNAME }} - ES Documents", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" +} diff --git a/salt/grafana/panels/elasticsearch_field_data_cache_size.json.jinja b/salt/grafana/panels/elasticsearch_field_data_cache_size.json.jinja new file mode 100644 index 000000000..39ac53c91 --- /dev/null +++ b/salt/grafana/panels/elasticsearch_field_data_cache_size.json.jinja @@ -0,0 +1,184 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 4, + "x": 20, + "y": 40 + }, + "hiddenSeries": false, + "id": 63, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Size Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "elasticsearch_indices", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "fielddata_memory_size_in_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Size Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "elasticsearch_indices", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_fielddata_memory_size_in_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - ES Fielddata Cache Size", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "decbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/elasticsearch_store_size.json.jinja b/salt/grafana/panels/elasticsearch_store_size.json.jinja new file mode 100644 index 000000000..fc9d8c435 --- /dev/null +++ b/salt/grafana/panels/elasticsearch_store_size.json.jinja @@ -0,0 +1,188 @@ +{ + "aliasColors": {}, + "bars": false, + "cacheTimeout": null, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 4, + "x": 12, + "y": 40 + }, + "hiddenSeries": false, + "id": 34, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Size Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "elasticsearch_indices", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "store_size_in_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Size Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "elasticsearch_indices", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_store_size_in_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - ES Store Size", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "decbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/elasticsearch_thread_count.json.jinja b/salt/grafana/panels/elasticsearch_thread_count.json.jinja new file mode 100644 index 000000000..cae6a4450 --- /dev/null +++ b/salt/grafana/panels/elasticsearch_thread_count.json.jinja @@ -0,0 +1,185 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 4, + "x": 16, + "y": 40 + }, + "hiddenSeries": false, + "id": 65, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Count Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "elasticsearch_jvm", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "threads_count" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Count Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "elasticsearch_jvm", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_threads_count" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - ES Thread Count", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/estimated_eps.json.jinja b/salt/grafana/panels/estimated_eps.json.jinja new file mode 100644 index 000000000..7680f471d --- /dev/null +++ b/salt/grafana/panels/estimated_eps.json.jinja @@ -0,0 +1,185 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "description": "", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 8, + "x": 8, + "y": 35 + }, + "hiddenSeries": false, + "id": 76, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": false + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "EPS Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "consumptioneps", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "eps" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "EPS Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "consumptioneps", + "orderByTime": "ASC", + "policy": "so_long_term", + "queryType": "randomWalk", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_eps" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - Estimated EPS", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "EPS", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/influxdb_cpu_usage.json.jinja b/salt/grafana/panels/influxdb_cpu_usage.json.jinja new file mode 100644 index 000000000..5c7adff02 --- /dev/null +++ b/salt/grafana/panels/influxdb_cpu_usage.json.jinja @@ -0,0 +1,209 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 4, + "x": 8, + "y": 5 + }, + "hiddenSeries": false, + "id": 41, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Usage Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_cpu", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + " /{{ CPUS }}" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-influxdb" + } + ] + }, + { + "alias": "Usage Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "docker_container_cpu", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_usage_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + " /{{ CPUS }}" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-influxdb" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - InfluxDB CPU Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 2, + "format": "percent", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/influxdb_size.json.jinja b/salt/grafana/panels/influxdb_size.json.jinja new file mode 100644 index 000000000..6a749245c --- /dev/null +++ b/salt/grafana/panels/influxdb_size.json.jinja @@ -0,0 +1,184 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 4, + "x": 16, + "y": 30 + }, + "hiddenSeries": false, + "id": 69, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Size Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "influxsize", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "kbytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Size Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "influxsize", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_kbytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - InfluxDB Size", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "deckbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/influxdb_traffic.json.jinja b/salt/grafana/panels/influxdb_traffic.json.jinja new file mode 100644 index 000000000..50002a2a0 --- /dev/null +++ b/salt/grafana/panels/influxdb_traffic.json.jinja @@ -0,0 +1,345 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "description": "", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 8, + "x": 8, + "y": 25 + }, + "hiddenSeries": false, + "id": 49, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Inbound Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_net", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "rx_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-influxdb" + } + ] + }, + { + "alias": "Outbound Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_net", + "orderByTime": "ASC", + "policy": "default", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "tx_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-influxdb" + } + ] + }, + { + "alias": "Inbound Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "docker_container_net", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_rx_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-influxdb" + } + ] + }, + { + "alias": "Outbound Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "docker_container_net", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_tx_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-influxdb" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - InfluxDB Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bps", + "label": "Bits/Sec", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/io_wait.json.jinja b/salt/grafana/panels/io_wait.json.jinja new file mode 100644 index 000000000..1c73443a4 --- /dev/null +++ b/salt/grafana/panels/io_wait.json.jinja @@ -0,0 +1,185 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 8, + "x": 0, + "y": 30 + }, + "hiddenSeries": false, + "id": 53, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Wait Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_iowait" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Wait Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_usage_iowait" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - IO Wait", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 2, + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/kibana_cpu_usage.json.jinja b/salt/grafana/panels/kibana_cpu_usage.json.jinja new file mode 100644 index 000000000..767a0c012 --- /dev/null +++ b/salt/grafana/panels/kibana_cpu_usage.json.jinja @@ -0,0 +1,209 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 4, + "x": 12, + "y": 0 + }, + "hiddenSeries": false, + "id": 43, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Usage Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_cpu", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + " /{{ CPUS }}" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "container_name", + "operator": "=", + "value": "so-kibana" + }, + { + "condition": "AND", + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Usage Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "docker_container_cpu", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_usage_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + " /{{ CPUS }}" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "container_name", + "operator": "=", + "value": "so-kibana" + }, + { + "condition": "AND", + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - Kibana CPU Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 2, + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/load_average.json.jinja b/salt/grafana/panels/load_average.json.jinja new file mode 100644 index 000000000..db2c6f5c9 --- /dev/null +++ b/salt/grafana/panels/load_average.json.jinja @@ -0,0 +1,466 @@ +{ + "aliasColors": { + "#cpu": "green", + "1 Minute Average": "#EAB839", + "15 Minute Average": "#BF1B00", + "5 Minute Average": "#E0752D" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 5, + "w": 8, + "x": 0, + "y": 15 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + }, + { + "alias": "#cpu Current", + "fill": 0 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "#cpu Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "system", + "orderByTime": "ASC", + "policy": "default", + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "n_cpus" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "1 Minute Average Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "system", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "load1" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "5 Minute Average Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "system", + "orderByTime": "ASC", + "policy": "default", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "load5" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "15 Minute Average Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "system", + "orderByTime": "ASC", + "policy": "default", + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "load15" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "#cpu Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "system", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "E", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_n_cpus" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "1 Minute Average Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "system", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "F", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_load1" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "5 Minute Average Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "system", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "G", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_load5" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "15 Minute Average Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "system", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "H", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_load15" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - Load Average", + "tooltip": { + "msResolution": true, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/logstash_cpu_usage.json.jinja b/salt/grafana/panels/logstash_cpu_usage.json.jinja new file mode 100644 index 000000000..e0cb24f78 --- /dev/null +++ b/salt/grafana/panels/logstash_cpu_usage.json.jinja @@ -0,0 +1,209 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 4, + "x": 12, + "y": 5 + }, + "hiddenSeries": false, + "id": 45, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Usage Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_cpu", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + " /{{ CPUS }}" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-logstash" + } + ] + }, + { + "alias": "Usage Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "docker_container_cpu", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_usage_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + " /{{ CPUS }}" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-logstash" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - Logstash CPU Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 2, + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/logstash_traffic.json.jinja b/salt/grafana/panels/logstash_traffic.json.jinja new file mode 100644 index 000000000..61c2900ea --- /dev/null +++ b/salt/grafana/panels/logstash_traffic.json.jinja @@ -0,0 +1,344 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 8, + "x": 8, + "y": 20 + }, + "hiddenSeries": false, + "id": 47, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Inbound Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_net", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "rx_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-logstash" + } + ] + }, + { + "alias": "Outbound Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_net", + "orderByTime": "ASC", + "policy": "default", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "tx_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-logstash" + } + ] + }, + { + "alias": "Inbound Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "docker_container_net", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_rx_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-logstash" + } + ] + }, + { + "alias": "Outbound Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "docker_container_net", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_tx_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-logstash" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - Logstash Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bps", + "label": "Bits/Sec", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/management_traffic.json.jinja b/salt/grafana/panels/management_traffic.json.jinja new file mode 100644 index 000000000..4cc23903b --- /dev/null +++ b/salt/grafana/panels/management_traffic.json.jinja @@ -0,0 +1,365 @@ +{ + "aliasColors": { + "InBound": "#629E51", + "OutBound": "#5195CE", + "net.non_negative_derivative": "super-light-blue" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 5, + "w": 8, + "x": 8, + "y": 10 + }, + "hiddenSeries": false, + "id": 18, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Inbound Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "net", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes_recv" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=", + "value": "{{ MANINT }}" + } + ] + }, + { + "alias": "Outbound Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "net", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", + "rawQuery": false, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes_sent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=", + "value": "{{ MANINT }}" + } + ] + }, + { + "alias": "Inbound Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "net", + "orderByTime": "ASC", + "policy": "so_long_term", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", + "rawQuery": false, + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_bytes_recv" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=", + "value": "{{ MANINT }}" + } + ] + }, + { + "alias": "Outbound Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "net", + "orderByTime": "ASC", + "policy": "so_long_term", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", + "rawQuery": false, + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_bytes_sent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=", + "value": "{{ MANINT }}" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - Management Traffic", + "tooltip": { + "msResolution": true, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bps", + "label": "Bits/Sec", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/memory.json.jinja b/salt/grafana/panels/memory.json.jinja new file mode 100644 index 000000000..1daf4aba5 --- /dev/null +++ b/salt/grafana/panels/memory.json.jinja @@ -0,0 +1,483 @@ +{ + "aliasColors": { + "Buffered": "#6ED0E0", + "Cached": "#F9934E", + "Free": "#629E51", + "Used": "#58140C" + }, + "dashLength": 10, + "datasource": "InfluxDB", + "editable": true, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 6, + "grid": {}, + "gridPos": { + "h": 5, + "w": 8, + "x": 0, + "y": 40 + }, + "id": 5, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": false, + "hideZero": false, + "max": true, + "min": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "pluginVersion": "7.5.4", + "pointradius": 5, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": true, + "targets": [ + { + "alias": "Used Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "mem", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(\"used\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "used" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Buffered Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "mem", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(\"buffered\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "buffered" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Cached Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "mem", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(\"cached\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "cached" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Free Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "mem", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(\"free\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "free" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Used Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": true, + "measurement": "mem", + "orderByTime": "ASC", + "policy": "so_long_term", + "query": "SELECT mean(\"used\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "E", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_used" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Buffered Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": true, + "measurement": "mem", + "orderByTime": "ASC", + "policy": "so_long_term", + "query": "SELECT mean(\"buffered\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "F", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_buffered" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Cached Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": true, + "measurement": "mem", + "orderByTime": "ASC", + "policy": "so_long_term", + "query": "SELECT mean(\"cached\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "G", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_cached" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Free Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": true, + "measurement": "mem", + "orderByTime": "ASC", + "policy": "so_long_term", + "query": "SELECT mean(\"free\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "H", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_free" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + } + ], + "thresholds": [], + "timeRegions": [], + "title": "{{ SERVERNAME }} - Memory", + "tooltip": { + "msResolution": true, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": "Bytes", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + }, + "bars": false, + "dashes": false, + "decimals": null, + "error": false, + "fillGradient": 0, + "hiddenSeries": false, + "linewidth": 0, + "percentage": false, + "points": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/memory_used.json.jinja b/salt/grafana/panels/memory_used.json.jinja new file mode 100644 index 000000000..5d8902db8 --- /dev/null +++ b/salt/grafana/panels/memory_used.json.jinja @@ -0,0 +1,271 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 8, + "x": 0, + "y": 45 + }, + "hiddenSeries": false, + "id": 67, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Total Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "mem", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "total" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Used Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "mem", + "orderByTime": "ASC", + "policy": "default", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "used" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Total Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "mem", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_total" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Used Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "mem", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_used" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - Memory(Used)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "decbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/monitor_traffic.json.jinja b/salt/grafana/panels/monitor_traffic.json.jinja new file mode 100644 index 000000000..c28615bf0 --- /dev/null +++ b/salt/grafana/panels/monitor_traffic.json.jinja @@ -0,0 +1,236 @@ +{ + "aliasColors": { + "InBound": "#629E51", + "OutBound": "#5195CE", + "net.non_negative_derivative": "light-orange" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 5, + "w": 8, + "x": 8, + "y": 15 + }, + "hiddenSeries": false, + "id": 10, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Inbound Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "net", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MONINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes_recv" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=", + "value": "{{ MONINT }}" + } + ] + }, + { + "alias": "Inbound Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "net", + "orderByTime": "ASC", + "policy": "so_long_term", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MONINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", + "rawQuery": false, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_bytes_recv" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=", + "value": "{{ MONINT }}" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - Monitor Traffic", + "tooltip": { + "msResolution": true, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bps", + "label": "Bits/Sec", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/pcap_packet_loss.json.jinja b/salt/grafana/panels/pcap_packet_loss.json.jinja new file mode 100644 index 000000000..58ae81220 --- /dev/null +++ b/salt/grafana/panels/pcap_packet_loss.json.jinja @@ -0,0 +1,189 @@ +{ + "aliasColors": {}, + "bars": false, + "cacheTimeout": null, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 4, + "x": 20, + "y": 0 + }, + "hiddenSeries": false, + "id": 19, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Loss Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "stenodrop", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "drop" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Loss Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "stenodrop", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_drop" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - PCAP Packet Loss", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/pcap_retention.json.jinja b/salt/grafana/panels/pcap_retention.json.jinja new file mode 100644 index 000000000..7800f99df --- /dev/null +++ b/salt/grafana/panels/pcap_retention.json.jinja @@ -0,0 +1,189 @@ +{ + "aliasColors": {}, + "bars": false, + "cacheTimeout": null, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "unit": "s" + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 4, + "x": 20, + "y": 15 + }, + "hiddenSeries": false, + "id": 22, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Oldest Pcap Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "pcapage", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "seconds" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Oldest Pcap Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "pcapage", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_seconds" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - PCAP Retention", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 2, + "format": "s", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/processes_states.json.jinja b/salt/grafana/panels/processes_states.json.jinja new file mode 100644 index 000000000..274d86d89 --- /dev/null +++ b/salt/grafana/panels/processes_states.json.jinja @@ -0,0 +1,374 @@ +{ + "aliasColors": { + "Blocked": "#BF1B00", + "Running": "#7EB26D" + }, + "dashLength": 10, + "datasource": "InfluxDB", + "editable": true, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 7, + "grid": {}, + "gridPos": { + "h": 5, + "w": 8, + "x": 0, + "y": 20 + }, + "id": 14, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "pluginVersion": "7.5.4", + "pointradius": 5, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": true, + "targets": [ + { + "alias": "Blocked Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "processes", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "blocked" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Running Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "processes", + "orderByTime": "ASC", + "policy": "default", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "running" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Sleep Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "processes", + "orderByTime": "ASC", + "policy": "default", + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "sleeping" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Blocked Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": true, + "measurement": "processes", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_blocked" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Running Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": true, + "measurement": "processes", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "E", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_running" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Sleep Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": true, + "measurement": "processes", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "F", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_sleeping" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + } + ], + "thresholds": [], + "timeRegions": [], + "title": "{{ SERVERNAME }} - Processes", + "tooltip": { + "msResolution": true, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + }, + "bars": false, + "dashes": false, + "error": false, + "fillGradient": 0, + "hiddenSeries": false, + "linewidth": 0, + "percentage": false, + "points": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/proxy_traffic.json.jinja b/salt/grafana/panels/proxy_traffic.json.jinja new file mode 100644 index 000000000..a962d4d02 --- /dev/null +++ b/salt/grafana/panels/proxy_traffic.json.jinja @@ -0,0 +1,344 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 8, + "x": 8, + "y": 30 + }, + "hiddenSeries": false, + "id": 51, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Inbound Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_net", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "rx_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-aptcacherng" + } + ] + }, + { + "alias": "Outbound Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_net", + "orderByTime": "ASC", + "policy": "default", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "tx_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-aptcacherng" + } + ] + }, + { + "alias": "Inbound Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "docker_container_net", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_rx_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-aptcacherng" + } + ] + }, + { + "alias": "Outbound Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "docker_container_net", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_tx_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-aptcacherng" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - Proxy Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bps", + "label": "Bits/Sec", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/redis_cpu_usage.json.jinja b/salt/grafana/panels/redis_cpu_usage.json.jinja new file mode 100644 index 000000000..779251d4d --- /dev/null +++ b/salt/grafana/panels/redis_cpu_usage.json.jinja @@ -0,0 +1,213 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 4, + "x": 20, + "y": 35 + }, + "hiddenSeries": false, + "id": 59, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Usage Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_cpu", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(\"usage_percent\") /{{ CPUS }} FROM \"docker_container_cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "/{{ CPUS }}" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-redis" + } + ] + }, + { + "alias": "Usage Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "docker_container_cpu", + "orderByTime": "ASC", + "policy": "so_long_term", + "query": "SELECT mean(\"usage_percent\") /{{ CPUS }} FROM \"docker_container_cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_usage_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "/{{ CPUS }}" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-redis" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - Redis CPU Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 2, + "format": "percent", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/redis_memory_usage.json.jinja b/salt/grafana/panels/redis_memory_usage.json.jinja new file mode 100644 index 000000000..c7ec96754 --- /dev/null +++ b/salt/grafana/panels/redis_memory_usage.json.jinja @@ -0,0 +1,197 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 4, + "x": 16, + "y": 35 + }, + "hiddenSeries": false, + "id": 61, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Usage Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_mem", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-redis" + } + ] + }, + { + "alias": "Usage Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "docker_container_mem", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_usage" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-redis" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - Redis Memory Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "decbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/redis_queue.json.jinja b/salt/grafana/panels/redis_queue.json.jinja new file mode 100644 index 000000000..723fdf887 --- /dev/null +++ b/salt/grafana/panels/redis_queue.json.jinja @@ -0,0 +1,185 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "description": "", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 4, + "x": 20, + "y": 30 + }, + "hiddenSeries": false, + "id": 55, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Queue Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "redisqueue", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "unparsed" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Queue Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "redisqueue", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_unparsed" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - Redis Queue", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/stenographer_cpu_usage.json.jinja b/salt/grafana/panels/stenographer_cpu_usage.json.jinja new file mode 100644 index 000000000..ba718b48e --- /dev/null +++ b/salt/grafana/panels/stenographer_cpu_usage.json.jinja @@ -0,0 +1,213 @@ +{ + "aliasColors": {}, + "dashLength": 10, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "gridPos": { + "h": 5, + "w": 4, + "x": 20, + "y": 5 + }, + "id": 28, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "pluginVersion": "7.5.4", + "pointradius": 2, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "targets": [ + { + "alias": "Usage Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_cpu", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + " /{{ CPUS }}" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-steno" + } + ] + }, + { + "alias": "Usage Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "docker_container_cpu", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_usage_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + " /{{ CPUS }}" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-steno" + } + ] + } + ], + "thresholds": [], + "timeRegions": [], + "title": "{{ SERVERNAME }} - Steno CPU Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + }, + "bars": false, + "cacheTimeout": null, + "dashes": false, + "fillGradient": 0, + "hiddenSeries": false, + "percentage": false, + "points": false, + "stack": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/stenographer_memory_usage.json.jinja b/salt/grafana/panels/stenographer_memory_usage.json.jinja new file mode 100644 index 000000000..195fc06e7 --- /dev/null +++ b/salt/grafana/panels/stenographer_memory_usage.json.jinja @@ -0,0 +1,201 @@ +{ + "aliasColors": {}, + "dashLength": 10, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "gridPos": { + "h": 5, + "w": 4, + "x": 20, + "y": 10 + }, + "id": 25, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "pluginVersion": "7.5.4", + "pointradius": 2, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "targets": [ + { + "alias": "Usage Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_mem", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-steno" + } + ] + }, + { + "alias": "Usage Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "docker_container_mem", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_usage" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-steno" + } + ] + } + ], + "thresholds": [], + "timeRegions": [], + "title": "{{ SERVERNAME }} - Steno Memory Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "decbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + }, + "bars": false, + "cacheTimeout": null, + "dashes": false, + "fillGradient": 0, + "hiddenSeries": false, + "percentage": false, + "points": false, + "stack": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/suricata_cpu_usage.json.jinja b/salt/grafana/panels/suricata_cpu_usage.json.jinja new file mode 100644 index 000000000..ed6fb881e --- /dev/null +++ b/salt/grafana/panels/suricata_cpu_usage.json.jinja @@ -0,0 +1,212 @@ +{ + "aliasColors": {}, + "bars": false, + "cacheTimeout": null, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 4, + "x": 16, + "y": 5 + }, + "hiddenSeries": false, + "id": 27, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Usage Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_cpu", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + " /{{ CPUS }}" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-suricata" + } + ] + }, + { + "alias": "Usage Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "docker_container_cpu", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_usage_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + " /{{ CPUS }}" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-suricata" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - Suri CPU Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/suricata_memory_usage.json.jinja b/salt/grafana/panels/suricata_memory_usage.json.jinja new file mode 100644 index 000000000..90d2bf038 --- /dev/null +++ b/salt/grafana/panels/suricata_memory_usage.json.jinja @@ -0,0 +1,200 @@ +{ + "aliasColors": {}, + "bars": false, + "cacheTimeout": null, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 4, + "x": 16, + "y": 10 + }, + "hiddenSeries": false, + "id": 24, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Usage Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_mem", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-suricata" + } + ] + }, + { + "alias": "Usage Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "docker_container_mem", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_usage" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-suricata" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - Suri Memory Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "decbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/suricata_packet_loss.json.jinja b/salt/grafana/panels/suricata_packet_loss.json.jinja new file mode 100644 index 000000000..d8391424b --- /dev/null +++ b/salt/grafana/panels/suricata_packet_loss.json.jinja @@ -0,0 +1,200 @@ +{ + "aliasColors": {}, + "bars": false, + "cacheTimeout": null, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 4, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 21, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Loss Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "suridrop", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "drop" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [ + "* 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Loss Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "suridrop", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_drop" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [ + "* 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - Suricata Packet Loss", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/system_uptime.json.jinja b/salt/grafana/panels/system_uptime.json.jinja new file mode 100644 index 000000000..971768aa6 --- /dev/null +++ b/salt/grafana/panels/system_uptime.json.jinja @@ -0,0 +1,91 @@ +{ + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(255, 255, 255)", + "value": null + } + ] + }, + "mappings": [], + "decimals": 2, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 4, + "x": 4, + "y": 0 + }, + "id": 39, + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "lastNotNull" + ], + "fields": "" + }, + "orientation": "auto", + "text": {}, + "textMode": "auto", + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto" + }, + "pluginVersion": "7.5.4", + "targets": [ + { + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "system", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "uptime" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + } + ], + "timeFrom": null, + "timeShift": null, + "title": "{{ SERVERNAME }} - System Uptime", + "type": "stat" +} diff --git a/salt/grafana/panels/total_threads.json.jinja b/salt/grafana/panels/total_threads.json.jinja new file mode 100644 index 000000000..f06fa4de5 --- /dev/null +++ b/salt/grafana/panels/total_threads.json.jinja @@ -0,0 +1,192 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 5, + "w": 8, + "x": 0, + "y": 25 + }, + "hiddenSeries": false, + "id": 15, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Threads Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "processes", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "total_threads" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Threads Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "processes", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_total_threads" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - Total Threads", + "tooltip": { + "msResolution": true, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/zeek_capture_loss.json.jinja b/salt/grafana/panels/zeek_capture_loss.json.jinja new file mode 100644 index 000000000..2840163bf --- /dev/null +++ b/salt/grafana/panels/zeek_capture_loss.json.jinja @@ -0,0 +1,185 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 4, + "x": 16, + "y": 25 + }, + "hiddenSeries": false, + "id": 71, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": true, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Loss Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "zeekcaptureloss", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "loss" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Loss Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": true, + "measurement": "zeekcaptureloss", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_loss" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - Zeek Capture Loss", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percent", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/zeek_cpu_usage.json.jinja b/salt/grafana/panels/zeek_cpu_usage.json.jinja new file mode 100644 index 000000000..29fe89244 --- /dev/null +++ b/salt/grafana/panels/zeek_cpu_usage.json.jinja @@ -0,0 +1,212 @@ +{ + "aliasColors": {}, + "bars": false, + "cacheTimeout": null, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 4, + "x": 16, + "y": 20 + }, + "hiddenSeries": false, + "id": 26, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Usage Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_cpu", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + " /{{ CPUS }}" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-zeek" + } + ] + }, + { + "alias": "Usage Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "docker_container_cpu", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_usage_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + " /{{ CPUS }}" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-zeek" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - Zeek CPU Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/zeek_memory_usage.json.jinja b/salt/grafana/panels/zeek_memory_usage.json.jinja new file mode 100644 index 000000000..6e890f7b1 --- /dev/null +++ b/salt/grafana/panels/zeek_memory_usage.json.jinja @@ -0,0 +1,200 @@ +{ + "aliasColors": {}, + "bars": false, + "cacheTimeout": null, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 4, + "x": 20, + "y": 20 + }, + "hiddenSeries": false, + "id": 23, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Usage Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_mem", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-zeek" + } + ] + }, + { + "alias": "Usage Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "docker_container_mem", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_usage" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-zeek" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - Zeek Memory Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "decbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/zeek_packet_loss.json.jinja b/salt/grafana/panels/zeek_packet_loss.json.jinja new file mode 100644 index 000000000..a91872f8f --- /dev/null +++ b/salt/grafana/panels/zeek_packet_loss.json.jinja @@ -0,0 +1,201 @@ +{ + "aliasColors": {}, + "bars": false, + "cacheTimeout": null, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 4, + "x": 20, + "y": 25 + }, + "hiddenSeries": false, + "id": 20, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Loss Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "zeekdrop", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "drop" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [ + "* 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + }, + { + "alias": "Loss Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "zeekdrop", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_drop" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [ + "* 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "{{ SERVERNAME }} - Zeek Packet Loss", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/zeek_restarts_healthcheck.json.jinja b/salt/grafana/panels/zeek_restarts_healthcheck.json.jinja new file mode 100644 index 000000000..881827b11 --- /dev/null +++ b/salt/grafana/panels/zeek_restarts_healthcheck.json.jinja @@ -0,0 +1,93 @@ +{ + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 4, + "x": 16, + "y": 15 + }, + "id": 37, + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "sum" + ], + "fields": "" + }, + "orientation": "auto", + "text": {}, + "textMode": "auto", + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto" + }, + "pluginVersion": "7.5.4", + "targets": [ + { + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "healthcheck", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "zeek_restart" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "{{ SERVERNAME }}" + } + ] + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Zeek Restarts via Healthcheck", + "type": "stat" +} From 98505a9a3fec2b109b2d2832227bbf98558125f5 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 6 Jul 2021 10:08:36 -0400 Subject: [PATCH 002/266] beginning of managing individual panels in grafana --- .../standalone/common_standalone.json.jinja | 152 +++++ salt/grafana/dashboards/template.json | 130 ++++ salt/grafana/defaults.yaml | 20 +- salt/grafana/init.sls | 125 +--- salt/grafana/panels/cpu_docker_combined.json | 594 ++++++++++++++++++ ...ge_idle.json.jinja => cpu_usage_idle.json} | 6 +- 6 files changed, 904 insertions(+), 123 deletions(-) create mode 100644 salt/grafana/dashboards/standalone/common_standalone.json.jinja create mode 100644 salt/grafana/dashboards/template.json create mode 100644 salt/grafana/panels/cpu_docker_combined.json rename salt/grafana/panels/{cpu_usage_idle.json.jinja => cpu_usage_idle.json} (97%) diff --git a/salt/grafana/dashboards/standalone/common_standalone.json.jinja b/salt/grafana/dashboards/standalone/common_standalone.json.jinja new file mode 100644 index 000000000..d43fd857b --- /dev/null +++ b/salt/grafana/dashboards/standalone/common_standalone.json.jinja @@ -0,0 +1,152 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "This Dashboard provides a general overview of Standalone Mode", + "editable": true, + "gnetId": 2381, + "graphTooltip": 0, + "id": 6, + "iteration": 1625018989654, + "links": [], + "panels": [ + +{% for panel in PANELS -%} + {%- import_json "grafana/panels/" ~ panel ~ ".json" as panel %} +{{ panel }}, +{%- endfor %} + + ], + "refresh": "30s", + "schemaVersion": 27, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "auto": true, + "auto_count": 30, + "auto_min": "10s", + "current": { + "selected": false, + "text": "10s", + "value": "10s" + }, + "description": null, + "error": null, + "hide": 0, + "label": null, + "name": "Interval", + "options": [ + { + "selected": false, + "text": "auto", + "value": "$__auto_interval_Interval" + }, + { + "selected": true, + "text": "10s", + "value": "10s" + }, + { + "selected": false, + "text": "1m", + "value": "1m" + }, + { + "selected": false, + "text": "10m", + "value": "10m" + }, + { + "selected": false, + "text": "30m", + "value": "30m" + }, + { + "selected": false, + "text": "1h", + "value": "1h" + }, + { + "selected": false, + "text": "6h", + "value": "6h" + }, + { + "selected": false, + "text": "12h", + "value": "12h" + }, + { + "selected": false, + "text": "1d", + "value": "1d" + }, + { + "selected": false, + "text": "7d", + "value": "7d" + }, + { + "selected": false, + "text": "14d", + "value": "14d" + }, + { + "selected": false, + "text": "30d", + "value": "30d" + } + ], + "query": "10s, 1m,10m,30m,1h,6h,12h,1d,7d,14d,30d", + "refresh": 3, + "skipUrlSync": false, + "type": "interval" + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "Standalone Mode - {{ SERVERNAME }} Overview", + "uid": "{{ UID }}", + "version": 17 +} diff --git a/salt/grafana/dashboards/template.json b/salt/grafana/dashboards/template.json new file mode 100644 index 000000000..f1ec5d8ff --- /dev/null +++ b/salt/grafana/dashboards/template.json @@ -0,0 +1,130 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "MY DASHBOARD DESCRIPTION", + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 7, + "iteration": 1625251118337, + "links": [], + "panels": [], + "schemaVersion": 27, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "current": { + "selected": false, + "text": "mynode1", + "value": "mynode1" + }, + "description": "", + "error": null, + "hide": 0, + "includeAll": false, + "label": "Node", + "multi": false, + "name": "query0", + "options": [ + { + "selected": true, + "text": "mynode1", + "value": "mynode1" + }, + { + "selected": false, + "text": "mynode2", + "value": "mynode2" + }, + { + "selected": false, + "text": "mynode3", + "value": "mynode3" + } + ], + "query": "mynode1,mynode2,mynode3", + "queryValue": "", + "skipUrlSync": false, + "type": "custom" + }, + { + "current": { + "selected": true, + "text": "{{ MANINT }}", + "value": "{{ MANINT }}" + }, + "description": null, + "error": null, + "hide": 0, + "label": "Management Interface", + "name": "manint", + "options": [ + { + "selected": true, + "text": "{{ MANINT }}", + "value": "{{ MANINT }}" + } + ], + "query": "{{ MANINT }}", + "skipUrlSync": false, + "type": "textbox" + }, + { + "current": { + "selected": true, + "text": "{{ MONINT }}", + "value": "{{ MONINT }}" + }, + "description": null, + "error": null, + "hide": 2, + "label": "Monitor Interface", + "name": "monint", + "options": [ + { + "selected": true, + "text": "{{ MONINT }}", + "value": "{{ MONINT }}" + } + ], + "query": "{{ MONINT }}", + "skipUrlSync": false, + "type": "textbox" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "browser", + "title": "MY DASHBOARD NAME", + "uid": "IQqwsPznk", + "version": 3 + } diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 171f679e3..c9c91a626 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -23,4 +23,22 @@ grafana: # config_file: /etc/grafana/config/files/ldap.toml # allow_sign_up: true # enterprise: -# license_path: /opt/so/conf/grafana/etc/files/license.jwt \ No newline at end of file +# license_path: /opt/so/conf/grafana/etc/files/license.jwt + dashboards: + standalone: + panels: + cpu_usage_idle: + enabled: true + trend: true + gridPos: + h: 10 + w: 20 + x: 0 + y: 0 +# cpu_usage_tasks: {} +# disk_io: {} +# disk_used_root: {} +# disk_used_nsm: {} +# elasticsearch_cpu_usage: {} +# elasticsearch_documents_count: {} +# elasticsearch_field_data_cache_size: {} diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index b6e20bb9d..075521134 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -115,141 +115,28 @@ grafana-config-files: - source: salt://grafana/etc/files - makedirs: True - -{% if salt['pillar.get']('managertab', False) %} -{% for SN, SNDATA in salt['pillar.get']('managertab', {}).items() %} -{% set NODETYPE = SN.split('_')|last %} -{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %} -dashboard-manager: - file.managed: - - name: /opt/so/conf/grafana/grafana_dashboards/manager/{{ SN }}-Manager.json - - user: 939 - - group: 939 - - template: jinja - - source: salt://grafana/dashboards/manager/manager.json - - defaults: - SERVERNAME: {{ SN }} - MANINT: {{ SNDATA.manint }} - CPUS: {{ SNDATA.totalcpus }} - UID: so_overview - ROOTFS: {{ SNDATA.rootfs }} - NSMFS: {{ SNDATA.nsmfs }} - -{% endfor %} -{% endif %} - -{% if salt['pillar.get']('managersearchtab', False) %} -{% for SN, SNDATA in salt['pillar.get']('managersearchtab', {}).items() %} -{% set NODETYPE = SN.split('_')|last %} -{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %} -dashboard-managersearch: - file.managed: - - name: /opt/so/conf/grafana/grafana_dashboards/managersearch/{{ SN }}-ManagerSearch.json - - user: 939 - - group: 939 - - template: jinja - - source: salt://grafana/dashboards/managersearch/managersearch.json - - defaults: - SERVERNAME: {{ SN }} - MANINT: {{ SNDATA.manint }} - CPUS: {{ SNDATA.totalcpus }} - UID: so_overview - ROOTFS: {{ SNDATA.rootfs }} - NSMFS: {{ SNDATA.nsmfs }} - -{% endfor %} -{% endif %} - {% if salt['pillar.get']('standalonetab', False) %} {% for SN, SNDATA in salt['pillar.get']('standalonetab', {}).items() %} {% set NODETYPE = SN.split('_')|last %} -{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %} -dashboard-standalone: +{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %} +common--standalone-dashboard: file.managed: - - name: /opt/so/conf/grafana/grafana_dashboards/standalone/{{ SN }}-Standalone.json + - name: /opt/so/conf/grafana/grafana_dashboards/standalone/common_standalone.json - user: 939 - group: 939 - template: jinja - - source: salt://grafana/dashboards/standalone/standalone.json + - source: salt://grafana/dashboards/standalone/common_standalone.json.jinja - defaults: SERVERNAME: {{ SN }} MANINT: {{ SNDATA.manint }} - MONINT: {{ SNDATA.monint }} CPUS: {{ SNDATA.totalcpus }} UID: so_overview ROOTFS: {{ SNDATA.rootfs }} NSMFS: {{ SNDATA.nsmfs }} - + PANELS: {{GRAFANA_SETTINGS.dashboards.standalone.panels}} {% endfor %} {% endif %} -{% if salt['pillar.get']('sensorstab', False) %} -{% for SN, SNDATA in salt['pillar.get']('sensorstab', {}).items() %} -{% set NODETYPE = SN.split('_')|last %} -{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %} -dashboard-{{ SN }}: - file.managed: - - name: /opt/so/conf/grafana/grafana_dashboards/sensor_nodes/{{ SN }}-Sensor.json - - user: 939 - - group: 939 - - template: jinja - - source: salt://grafana/dashboards/sensor_nodes/sensor.json - - defaults: - SERVERNAME: {{ SN }} - MANINT: {{ SNDATA.manint }} - MONINT: {{ SNDATA.monint }} - CPUS: {{ SNDATA.totalcpus }} - UID: {{ SNDATA.guid }} - ROOTFS: {{ SNDATA.rootfs }} - NSMFS: {{ SNDATA.nsmfs }} - -{% endfor %} -{% endif %} - -{% if salt['pillar.get']('nodestab', False) %} -{% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} -{% set NODETYPE = SN.split('_')|last %} -{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %} -dashboardsearch-{{ SN }}: - file.managed: - - name: /opt/so/conf/grafana/grafana_dashboards/search_nodes/{{ SN }}-Node.json - - user: 939 - - group: 939 - - template: jinja - - source: salt://grafana/dashboards/search_nodes/searchnode.json - - defaults: - SERVERNAME: {{ SN }} - MANINT: {{ SNDATA.manint }} - CPUS: {{ SNDATA.totalcpus }} - UID: {{ SNDATA.guid }} - ROOTFS: {{ SNDATA.rootfs }} - NSMFS: {{ SNDATA.nsmfs }} - -{% endfor %} -{% endif %} - -{% if salt['pillar.get']('evaltab', False) %} -{% for SN, SNDATA in salt['pillar.get']('evaltab', {}).items() %} -{% set NODETYPE = SN.split('_')|last %} -{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %} -dashboard-{{ SN }}: - file.managed: - - name: /opt/so/conf/grafana/grafana_dashboards/eval/{{ SN }}-Node.json - - user: 939 - - group: 939 - - template: jinja - - source: salt://grafana/dashboards/eval/eval.json - - defaults: - SERVERNAME: {{ SN }} - MANINT: {{ SNDATA.manint }} - MONINT: {{ SNDATA.monint }} - CPUS: {{ SNDATA.totalcpus }} - UID: so_overview - ROOTFS: {{ SNDATA.rootfs }} - NSMFS: {{ SNDATA.nsmfs }} - -{% endfor %} -{% endif %} so-grafana: docker_container.running: @@ -283,4 +170,4 @@ append_so-grafana_so-status.conf: test.fail_without_changes: - name: {{sls}}_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} diff --git a/salt/grafana/panels/cpu_docker_combined.json b/salt/grafana/panels/cpu_docker_combined.json new file mode 100644 index 000000000..4f804d38d --- /dev/null +++ b/salt/grafana/panels/cpu_docker_combined.json @@ -0,0 +1,594 @@ +{ + "type": "graph", + "title": "Panel Title", + "gridPos": { + "x": 0, + "y": 0, + "w": 24, + "h": 14 + }, + "id": 78, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=", + "value": "jppce2360sa-influx-scripts" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-elasticsearch" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "usage_percent" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "math", + "params": [ + " /8" + ] + } + ] + ], + "measurement": "docker_container_cpu", + "query": "SELECT mean(\"usage_percent\") /8 FROM \"docker_container_cpu\" WHERE (\"host\" = 'jppce2360sa-influx-scripts' AND \"container_name\" = 'so-elasticsearch') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "hide": false, + "alias": "elasticsearch" + }, + { + "refId": "B", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=", + "value": "jppce2360sa-influx-scripts" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-filebeat" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "usage_percent" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "math", + "params": [ + " /8" + ] + } + ] + ], + "measurement": "docker_container_cpu", + "alias": "filebeat" + }, + { + "refId": "C", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=", + "value": "jppce2360sa-influx-scripts" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-influxdb" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "usage_percent" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "math", + "params": [ + " /8" + ] + } + ] + ], + "measurement": "docker_container_cpu", + "alias": "influxdb" + }, + { + "refId": "D", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=", + "value": "jppce2360sa-influx-scripts" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-logstash" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "usage_percent" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "math", + "params": [ + " /8" + ] + } + ] + ], + "measurement": "docker_container_cpu", + "alias": "logstash" + }, + { + "refId": "E", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=", + "value": "jppce2360sa-influx-scripts" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-zeek" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "usage_percent" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "math", + "params": [ + "/8" + ] + } + ] + ], + "alias": "zeek", + "measurement": "docker_container_cpu" + }, + { + "refId": "F", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=", + "value": "jppce2360sa-influx-scripts" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-suricata" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "math", + "params": [ + "/8" + ] + } + ] + ], + "measurement": "docker_container_cpu", + "alias": "suricata" + }, + { + "refId": "G", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=", + "value": "jppce2360sa-influx-scripts" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-steno" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "usage_percent" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "math", + "params": [ + "/8" + ] + } + ] + ], + "measurement": "docker_container_cpu", + "alias": "steno" + }, + { + "refId": "H", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=", + "value": "jppce2360sa-influx-scripts" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-kibana" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "usage_percent" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "math", + "params": [ + "/8" + ] + } + ] + ], + "measurement": "docker_container_cpu", + "alias": "kibana" + }, + { + "refId": "I", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=", + "value": "jppce2360sa-influx-scripts" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-redis" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "usage_percent" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "math", + "params": [ + "/8" + ] + } + ] + ], + "measurement": "docker_container_cpu", + "alias": "redis" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short" + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/cpu_usage_idle.json.jinja b/salt/grafana/panels/cpu_usage_idle.json similarity index 97% rename from salt/grafana/panels/cpu_usage_idle.json.jinja rename to salt/grafana/panels/cpu_usage_idle.json index 88f246b2c..c837ab1f3 100644 --- a/salt/grafana/panels/cpu_usage_idle.json.jinja +++ b/salt/grafana/panels/cpu_usage_idle.json @@ -101,7 +101,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": " SERVERNAME " }, { "condition": "AND", @@ -158,7 +158,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": " SERVERNAME " }, { "condition": "AND", @@ -173,7 +173,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - CPU", + "title": " SERVERNAME - CPU", "tooltip": { "shared": true, "sort": 0, From a5067718d2456ac62057a507e2c003b1ee12f50f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 6 Jul 2021 11:06:35 -0400 Subject: [PATCH 003/266] comma control --- .../standalone/common_standalone.json.jinja | 9 +++++---- salt/grafana/defaults.yaml | 14 +++++++------- salt/grafana/init.sls | 2 +- ...ombined.json => cpu_docker_combined.json.jinja} | 0 ...u_usage_idle.json => cpu_usage_idle.json.jinja} | 6 +++--- 5 files changed, 16 insertions(+), 15 deletions(-) rename salt/grafana/panels/{cpu_docker_combined.json => cpu_docker_combined.json.jinja} (100%) rename salt/grafana/panels/{cpu_usage_idle.json => cpu_usage_idle.json.jinja} (97%) diff --git a/salt/grafana/dashboards/standalone/common_standalone.json.jinja b/salt/grafana/dashboards/standalone/common_standalone.json.jinja index d43fd857b..668eca22b 100644 --- a/salt/grafana/dashboards/standalone/common_standalone.json.jinja +++ b/salt/grafana/dashboards/standalone/common_standalone.json.jinja @@ -22,9 +22,10 @@ "panels": [ {% for panel in PANELS -%} - {%- import_json "grafana/panels/" ~ panel ~ ".json" as panel %} -{{ panel }}, -{%- endfor %} + {%- import_json "grafana/panels/" ~ panel ~ ".json.jinja" as panel %} +{{ panel | json }} {%- if not loop.last %},{% endif %} + +{% endfor -%} ], "refresh": "30s", @@ -146,7 +147,7 @@ ] }, "timezone": "browser", - "title": "Standalone Mode - {{ SERVERNAME }} Overview", + "title": "Standalone - {{ SERVERNAME }} Overview", "uid": "{{ UID }}", "version": 17 } diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index c9c91a626..a384e490a 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -35,10 +35,10 @@ grafana: w: 20 x: 0 y: 0 -# cpu_usage_tasks: {} -# disk_io: {} -# disk_used_root: {} -# disk_used_nsm: {} -# elasticsearch_cpu_usage: {} -# elasticsearch_documents_count: {} -# elasticsearch_field_data_cache_size: {} + cpu_usage_tasks: {} + disk_io: {} + disk_used_root: {} + disk_used_nsm: {} + elasticsearch_cpu_usage: {} + elasticsearch_documents_count: {} + elasticsearch_field_data_cache_size: {} diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 075521134..655df4bc6 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -119,7 +119,7 @@ grafana-config-files: {% for SN, SNDATA in salt['pillar.get']('standalonetab', {}).items() %} {% set NODETYPE = SN.split('_')|last %} {% set SN = SN | regex_replace('_' ~ NODETYPE, '') %} -common--standalone-dashboard: +common-standalone-dashboard: file.managed: - name: /opt/so/conf/grafana/grafana_dashboards/standalone/common_standalone.json - user: 939 diff --git a/salt/grafana/panels/cpu_docker_combined.json b/salt/grafana/panels/cpu_docker_combined.json.jinja similarity index 100% rename from salt/grafana/panels/cpu_docker_combined.json rename to salt/grafana/panels/cpu_docker_combined.json.jinja diff --git a/salt/grafana/panels/cpu_usage_idle.json b/salt/grafana/panels/cpu_usage_idle.json.jinja similarity index 97% rename from salt/grafana/panels/cpu_usage_idle.json rename to salt/grafana/panels/cpu_usage_idle.json.jinja index c837ab1f3..e83dee734 100644 --- a/salt/grafana/panels/cpu_usage_idle.json +++ b/salt/grafana/panels/cpu_usage_idle.json.jinja @@ -101,7 +101,7 @@ { "key": "host", "operator": "=", - "value": " SERVERNAME " + "value": "{{ SERVERNAME }}" }, { "condition": "AND", @@ -158,7 +158,7 @@ { "key": "host", "operator": "=", - "value": " SERVERNAME " + "value": "{{ SERVERNAME }}" }, { "condition": "AND", @@ -173,7 +173,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": " SERVERNAME - CPU", + "title": "{{ SERVERNAME }} - CPU", "tooltip": { "shared": true, "sort": 0, From dc1363aaf5850dca402ec528d7b90a8423b3a72e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 6 Jul 2021 13:06:03 -0400 Subject: [PATCH 004/266] create file for telegraf to read node config details --- .../dashboards/standalone/common_standalone.json.jinja | 4 +--- salt/telegraf/init.sls | 8 ++++++++ salt/telegraf/node_tab.json.jinja | 6 ++++++ 3 files changed, 15 insertions(+), 3 deletions(-) create mode 100644 salt/telegraf/node_tab.json.jinja diff --git a/salt/grafana/dashboards/standalone/common_standalone.json.jinja b/salt/grafana/dashboards/standalone/common_standalone.json.jinja index 668eca22b..1d331e801 100644 --- a/salt/grafana/dashboards/standalone/common_standalone.json.jinja +++ b/salt/grafana/dashboards/standalone/common_standalone.json.jinja @@ -20,11 +20,9 @@ "iteration": 1625018989654, "links": [], "panels": [ - {% for panel in PANELS -%} {%- import_json "grafana/panels/" ~ panel ~ ".json.jinja" as panel %} -{{ panel | json }} {%- if not loop.last %},{% endif %} - +{{ panel | json }} {% if not loop.last %},{% endif %} {% endfor -%} ], diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls index 14373fe9d..f057f2dfd 100644 --- a/salt/telegraf/init.sls +++ b/salt/telegraf/init.sls @@ -42,6 +42,14 @@ tgrafconf: - template: jinja - source: salt://telegraf/etc/telegraf.conf +#this file will be read by telegraf to send node details(management interface, monitor interface, etc) +# into influx so that grafan can build dashboards using queries +node_tab: + file.managed: + - name: /opt/so/conf/telegraf/node_tab.json + - source: salt://telegraf/node_tab.json.jinja + - template: jinja + so-telegraf: docker_container.running: - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-telegraf:{{ VERSION }} diff --git a/salt/telegraf/node_tab.json.jinja b/salt/telegraf/node_tab.json.jinja new file mode 100644 index 000000000..891e944a3 --- /dev/null +++ b/salt/telegraf/node_tab.json.jinja @@ -0,0 +1,6 @@ +{% for tabtype in ['managertab', 'managersearchtab', 'standalonetab', 'sensorstab', 'nodestab', 'evaltab'] %} + {% set node_type_data = salt['pillar.get'](tabtype, False) %} + {% if node_type_data %} + {{ node_type_data | json }} + {% endif %} +{% endfor %} From 62bfaa4e4594c27894457e6beec6e3135d857213 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 6 Jul 2021 16:30:35 -0400 Subject: [PATCH 005/266] send node_config data into telegraf for dashboard queries --- salt/telegraf/etc/telegraf.conf | 7 +++++++ salt/telegraf/init.sls | 2 ++ 2 files changed, 9 insertions(+) diff --git a/salt/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf index 44e78ecda..fe3ed82a7 100644 --- a/salt/telegraf/etc/telegraf.conf +++ b/salt/telegraf/etc/telegraf.conf @@ -837,6 +837,13 @@ files = ["/host/nsm/zeek/logs/zeek_restart.log"] data_format = "influx" {% endif %} +{% if grains.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-eval'] %} +[[inputs.file]] + files = ["/opt/so/conf/telegraf/node_tab.json"] + name_override = "node_config" + data_format = "json" + interval = 5m +{% endif %} # # Count files in a directory diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls index f057f2dfd..90731c602 100644 --- a/salt/telegraf/init.sls +++ b/salt/telegraf/init.sls @@ -42,6 +42,7 @@ tgrafconf: - template: jinja - source: salt://telegraf/etc/telegraf.conf +{% if grains.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-eval'] %} #this file will be read by telegraf to send node details(management interface, monitor interface, etc) # into influx so that grafan can build dashboards using queries node_tab: @@ -49,6 +50,7 @@ node_tab: - name: /opt/so/conf/telegraf/node_tab.json - source: salt://telegraf/node_tab.json.jinja - template: jinja +{% endif %} so-telegraf: docker_container.running: From 87bb3f4a6b7bf8422d9e4a252c5aa97d43fd0bd9 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 6 Jul 2021 16:45:10 -0400 Subject: [PATCH 006/266] quote the 5m --- salt/telegraf/etc/telegraf.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf index fe3ed82a7..ff1457ba1 100644 --- a/salt/telegraf/etc/telegraf.conf +++ b/salt/telegraf/etc/telegraf.conf @@ -842,7 +842,7 @@ files = ["/opt/so/conf/telegraf/node_tab.json"] name_override = "node_config" data_format = "json" - interval = 5m + interval = "5m" {% endif %} From e33a6892b36fdf361bb29ca5f63825f879e05ce6 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 6 Jul 2021 16:58:15 -0400 Subject: [PATCH 007/266] point to new location --- salt/telegraf/etc/telegraf.conf | 4 ++-- salt/telegraf/init.sls | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf index ff1457ba1..99de6effd 100644 --- a/salt/telegraf/etc/telegraf.conf +++ b/salt/telegraf/etc/telegraf.conf @@ -839,8 +839,8 @@ {% endif %} {% if grains.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-eval'] %} [[inputs.file]] - files = ["/opt/so/conf/telegraf/node_tab.json"] - name_override = "node_config" + files = ["/host/opt/so/conf/telegraf/nodes_config.json"] + name_override = "nodes_config" data_format = "json" interval = "5m" {% endif %} diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls index 90731c602..df75db74c 100644 --- a/salt/telegraf/init.sls +++ b/salt/telegraf/init.sls @@ -47,8 +47,8 @@ tgrafconf: # into influx so that grafan can build dashboards using queries node_tab: file.managed: - - name: /opt/so/conf/telegraf/node_tab.json - - source: salt://telegraf/node_tab.json.jinja + - name: /opt/so/conf/telegraf/nodes_config.json + - source: salt://telegraf/nodes_config.json.jinja - template: jinja {% endif %} From 03066c4674d8ecfb02c1d3d31b4bf12f3315dcab Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 6 Jul 2021 17:08:29 -0400 Subject: [PATCH 008/266] rename file --- salt/telegraf/{node_tab.json.jinja => nodes_config.json.jinja} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename salt/telegraf/{node_tab.json.jinja => nodes_config.json.jinja} (100%) diff --git a/salt/telegraf/node_tab.json.jinja b/salt/telegraf/nodes_config.json.jinja similarity index 100% rename from salt/telegraf/node_tab.json.jinja rename to salt/telegraf/nodes_config.json.jinja From 35f10518b2d5d16f2d7008d64ba722d7f0f2e776 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 6 Jul 2021 17:12:21 -0400 Subject: [PATCH 009/266] map file into container --- salt/telegraf/etc/telegraf.conf | 2 +- salt/telegraf/init.sls | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/salt/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf index 99de6effd..67cbf0af9 100644 --- a/salt/telegraf/etc/telegraf.conf +++ b/salt/telegraf/etc/telegraf.conf @@ -839,7 +839,7 @@ {% endif %} {% if grains.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-eval'] %} [[inputs.file]] - files = ["/host/opt/so/conf/telegraf/nodes_config.json"] + files = ["/etc/telegraf/nodes_config.json"] name_override = "nodes_config" data_format = "json" interval = "5m" diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls index df75db74c..7c2091875 100644 --- a/salt/telegraf/init.sls +++ b/salt/telegraf/init.sls @@ -66,6 +66,9 @@ so-telegraf: - binds: - /opt/so/log/telegraf:/var/log/telegraf:rw - /opt/so/conf/telegraf/etc/telegraf.conf:/etc/telegraf/telegraf.conf:ro +{% if grains.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-eval'] %} + - /opt/so/conf/telegraf/nodes_config.json:/etc/telegraf/nodes_config.json:ro +{% endif %} - /var/run/utmp:/var/run/utmp:ro - /var/run/docker.sock:/var/run/docker.sock:ro - /:/host/root:ro From 20360d0bb0c9a8bb9c8dabeddbacdfa60bde7122 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 8 Jul 2021 11:18:25 -0400 Subject: [PATCH 010/266] create node_config measurement for nodes to be used for grafana dashboard vars --- salt/telegraf/etc/telegraf.conf | 13 ++++++------- salt/telegraf/init.sls | 13 +++++-------- salt/telegraf/node_config.json.jinja | 7 +++++++ salt/telegraf/nodes_config.json.jinja | 6 ------ 4 files changed, 18 insertions(+), 21 deletions(-) create mode 100644 salt/telegraf/node_config.json.jinja delete mode 100644 salt/telegraf/nodes_config.json.jinja diff --git a/salt/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf index 67cbf0af9..86be01e70 100644 --- a/salt/telegraf/etc/telegraf.conf +++ b/salt/telegraf/etc/telegraf.conf @@ -832,19 +832,18 @@ # ## more about them here: # ## https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_INPUT.md # data_format = "influx" -{% if salt['pillar.get']('healthcheck:enabled', 'False') %} +{%- if salt['pillar.get']('healthcheck:enabled', 'False') %} [[inputs.file]] files = ["/host/nsm/zeek/logs/zeek_restart.log"] data_format = "influx" -{% endif %} -{% if grains.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-eval'] %} +{%- endif %} [[inputs.file]] - files = ["/etc/telegraf/nodes_config.json"] - name_override = "nodes_config" + files = ["/etc/telegraf/node_config.json"] + name_override = "node_config" data_format = "json" interval = "5m" -{% endif %} - + json_string_fields = ['manint', 'monint'] + tag_keys = ['role'] # # Count files in a directory # [[inputs.filecount]] diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls index 7c2091875..615cfc237 100644 --- a/salt/telegraf/init.sls +++ b/salt/telegraf/init.sls @@ -42,15 +42,13 @@ tgrafconf: - template: jinja - source: salt://telegraf/etc/telegraf.conf -{% if grains.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-eval'] %} #this file will be read by telegraf to send node details(management interface, monitor interface, etc) # into influx so that grafan can build dashboards using queries -node_tab: +node_config: file.managed: - - name: /opt/so/conf/telegraf/nodes_config.json - - source: salt://telegraf/nodes_config.json.jinja + - name: /opt/so/conf/telegraf/node_config.json + - source: salt://telegraf/node_config.json.jinja - template: jinja -{% endif %} so-telegraf: docker_container.running: @@ -66,9 +64,7 @@ so-telegraf: - binds: - /opt/so/log/telegraf:/var/log/telegraf:rw - /opt/so/conf/telegraf/etc/telegraf.conf:/etc/telegraf/telegraf.conf:ro -{% if grains.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-eval'] %} - - /opt/so/conf/telegraf/nodes_config.json:/etc/telegraf/nodes_config.json:ro -{% endif %} + - /opt/so/conf/telegraf/node_config.json:/etc/telegraf/node_config.json:ro - /var/run/utmp:/var/run/utmp:ro - /var/run/docker.sock:/var/run/docker.sock:ro - /:/host/root:ro @@ -91,6 +87,7 @@ so-telegraf: - watch: - file: tgrafconf - file: tgrafsyncscripts + - file: node_config append_so-telegraf_so-status.conf: file.append: diff --git a/salt/telegraf/node_config.json.jinja b/salt/telegraf/node_config.json.jinja new file mode 100644 index 000000000..6aeef5fb7 --- /dev/null +++ b/salt/telegraf/node_config.json.jinja @@ -0,0 +1,7 @@ +{ + "role": "{{ grains.id.split('_') | last }}", + "manint": "{{ salt['pillar.get']('host:mainint', '') }}", +{%- if grains.role in ['so-standalone', 'so-eval', 'so-sensor', 'so-heavynode', ] %} + "monint": "{{ salt['pillar.get']('sensor:interface', '') }}" +{% endif -%} +} diff --git a/salt/telegraf/nodes_config.json.jinja b/salt/telegraf/nodes_config.json.jinja deleted file mode 100644 index 891e944a3..000000000 --- a/salt/telegraf/nodes_config.json.jinja +++ /dev/null @@ -1,6 +0,0 @@ -{% for tabtype in ['managertab', 'managersearchtab', 'standalonetab', 'sensorstab', 'nodestab', 'evaltab'] %} - {% set node_type_data = salt['pillar.get'](tabtype, False) %} - {% if node_type_data %} - {{ node_type_data | json }} - {% endif %} -{% endfor %} From 80525ee73688b1e2f4ce414e04493798bdf6ace3 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 8 Jul 2021 12:29:50 -0400 Subject: [PATCH 011/266] [wip] Add logscan pipeline --- pillar/logstash/search.sls | 1 + salt/elasticsearch/files/ingest/logscan | 21 +++++++++++++++ salt/filebeat/etc/filebeat.yml | 13 +++++++++ .../config/so/9800_output_logscan.conf.jinja | 27 +++++++++++++++++++ 4 files changed, 62 insertions(+) create mode 100644 salt/elasticsearch/files/ingest/logscan create mode 100644 salt/logstash/pipelines/config/so/9800_output_logscan.conf.jinja diff --git a/pillar/logstash/search.sls b/pillar/logstash/search.sls index 10fab2ed1..2f287f533 100644 --- a/pillar/logstash/search.sls +++ b/pillar/logstash/search.sls @@ -13,3 +13,4 @@ logstash: - so/9500_output_beats.conf.jinja - so/9600_output_ossec.conf.jinja - so/9700_output_strelka.conf.jinja + - so/9800_ouput_logscan.conf.jinja diff --git a/salt/elasticsearch/files/ingest/logscan b/salt/elasticsearch/files/ingest/logscan new file mode 100644 index 000000000..936d316f7 --- /dev/null +++ b/salt/elasticsearch/files/ingest/logscan @@ -0,0 +1,21 @@ +{ + "description": "logscan", + "processors": [ + { "set": { "target_field": "event.severity", "value": 2 } }, + { "rename": { "field": "@timestamp", "target_field": "event.ingested", "ignore_missing": true } }, + { "date": { "field": "timestamp", "target_field": "event.created", "formats": [ "ISO8601", "UNIX" ], "ignore_failures": true } }, + { "date": { "field": "start_time", "target_field": "@timestamp", "formats": [ "ISO8601", "UNIX" ], "ignore_failures": true } }, + { "date": { "field": "start_time", "target_field": "event.start", "formats": [ "ISO8601", "UNIX" ], "ignore_failures": true } }, + { "date": { "field": "end_time", "target_field": "event.end", "formats": [ "ISO8601", "UNIX" ], "ignore_failures": true } }, + { "rename": { "field": "source_ip", "target_field": "source.ip" } }, + { "set": { "if": "model == kff", "field": "rule.name", "value": "LOGSCAN KFF MODEL THRESHOLD" } }, + { "set": { "if": "model == kff", "field": "rule.description", "value": "High ratio of login failures in 5 minute window" } }, + { "set": { "if": "model == kl", "field": "rule.name", "value": "LOGSCAN KL MODEL THRESHOLD" } }, + { "set": { "if": "model == kl", "field": "rule.description", "value": "Large number of login failures in 1 hour window" } }, + { "rename": { "field": "num_attempts", "target_field": "logscan.attempts.total.amount", "ignore_missing": true } }, + { "rename": { "field": "num_failed", "target_field": "logscan.attempts.failed.amount", "ignore_missing": true } }, + { "script": { "lang": "painless", "source": "logscan.attempts.succeeded.amount = logscan.attempts.total.amount - logscan.attempts.failed.amount" , "ignore_failure": true} }, + { "rename": { "field": "avg_failure_interval", "target_field": "logscan.attempts.failed.avg_interval", "ignore_missing": true } }, + { "pipeline": { "name": "common" } } + ] +} diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml index 2a86b486f..751186119 100644 --- a/salt/filebeat/etc/filebeat.yml +++ b/salt/filebeat/etc/filebeat.yml @@ -111,6 +111,19 @@ filebeat.inputs: fields: ["source", "prospector", "input", "offset", "beat"] fields_under_root: true +- type: log + paths: + - /opt/so/log/logscan/alerts.log + fields: + module: logscan + dataset: alert + processors: + - drop_fields: + fields: ["source", "prospector", "input", "offset", "beat"] + fields_under_root: true + clean_removed: true + close_removed: false + {%- if grains['role'] in ['so-eval', 'so-standalone', 'so-sensor', 'so-helix', 'so-heavynode', 'so-import'] %} {%- if ZEEKVER != 'SURICATA' %} {%- for LOGNAME in salt['pillar.get']('zeeklogs:enabled', '') %} diff --git a/salt/logstash/pipelines/config/so/9800_output_logscan.conf.jinja b/salt/logstash/pipelines/config/so/9800_output_logscan.conf.jinja new file mode 100644 index 000000000..6fcf05a70 --- /dev/null +++ b/salt/logstash/pipelines/config/so/9800_output_logscan.conf.jinja @@ -0,0 +1,27 @@ +{%- if grains['role'] == 'so-eval' -%} +{%- set ES = salt['pillar.get']('manager:mainip', '') -%} +{%- else %} +{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%} +{%- endif %} +{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %} +{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %} + +output { + if [module] =~ logscan { + elasticsearch { + id => "logscan_pipeline" + pipeline => "%{module}" + hosts => "{{ ES }}" + {% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %} + user => "{{ ES_USER }}" + password => "{{ ES_PASS }}" + {% endif %} + index => "so-%{[event][module]}" + template_name => "so-common" + template => "/templates/so-common-template.json" + template_overwrite => true + ssl => true + ssl_certificate_verification => false + } + } +} From 56697fde19055e8593ecc72e038f3fd5468af7b7 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 8 Jul 2021 14:10:22 -0400 Subject: [PATCH 012/266] create common dashboard and define templates/dashbaord vars --- .../dashboards/common_template.json.jinja | 59 +++++ .../standalone/common_standalone.json.jinja | 203 +++++++++--------- salt/grafana/dashboards/template.json | 130 ----------- salt/grafana/defaults.yaml | 5 + salt/grafana/init.sls | 12 +- salt/grafana/templates/cpucount.json | 24 +++ salt/grafana/templates/mainint.json | 24 +++ salt/grafana/templates/monint.json | 24 +++ salt/grafana/templates/role.json | 24 +++ salt/grafana/templates/servername.json | 24 +++ 10 files changed, 291 insertions(+), 238 deletions(-) create mode 100644 salt/grafana/dashboards/common_template.json.jinja delete mode 100644 salt/grafana/dashboards/template.json create mode 100644 salt/grafana/templates/cpucount.json create mode 100644 salt/grafana/templates/mainint.json create mode 100644 salt/grafana/templates/monint.json create mode 100644 salt/grafana/templates/role.json create mode 100644 salt/grafana/templates/servername.json diff --git a/salt/grafana/dashboards/common_template.json.jinja b/salt/grafana/dashboards/common_template.json.jinja new file mode 100644 index 000000000..ffe2a4740 --- /dev/null +++ b/salt/grafana/dashboards/common_template.json.jinja @@ -0,0 +1,59 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "MY DASHBOARD DESCRIPTION", + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 7, + "iteration": 1625757047565, + "links": [], + "panels": [ +{% for panel in PANELS -%} +{%- import_json "grafana/panels/" ~ panel ~ ".json.jinja" as panel %} +{{ panel | json }} {% if not loop.last %},{% endif %} +{% endfor -%} + ], + "schemaVersion": 27, + "style": "dark", + "tags": [], + "templating": { + "list": [ +{% for template in TEMPLATES -%} +{%- import_json "grafana/templates/" ~ template ~ ".json" as panel %} +{{ template | json }} {% if not loop.last %},{% endif %} +{% endfor -%} + ] + }, + "time": { + "from": "now-3h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "browser", + "title": "MY DASHBOARD NAME - Standalone", + "uid": "{{ UID }}", + "version": 1 +} diff --git a/salt/grafana/dashboards/standalone/common_standalone.json.jinja b/salt/grafana/dashboards/standalone/common_standalone.json.jinja index 1d331e801..a4167d6d0 100644 --- a/salt/grafana/dashboards/standalone/common_standalone.json.jinja +++ b/salt/grafana/dashboards/standalone/common_standalone.json.jinja @@ -12,117 +12,131 @@ } ] }, - "description": "This Dashboard provides a general overview of Standalone Mode", + "description": "MY DASHBOARD DESCRIPTION", "editable": true, - "gnetId": 2381, + "gnetId": null, "graphTooltip": 0, - "id": 6, - "iteration": 1625018989654, + "id": 7, + "iteration": 1625757047565, "links": [], - "panels": [ -{% for panel in PANELS -%} - {%- import_json "grafana/panels/" ~ panel ~ ".json.jinja" as panel %} -{{ panel | json }} {% if not loop.last %},{% endif %} -{% endfor -%} - - ], - "refresh": "30s", + "panels": [], "schemaVersion": 27, "style": "dark", "tags": [], "templating": { "list": [ { - "auto": true, - "auto_count": 30, - "auto_min": "10s", + "allValue": null, "current": { "selected": false, - "text": "10s", - "value": "10s" + "text": "eth0", + "value": "eth0" }, + "datasource": "InfluxDB", + "definition": "SELECT \"manint\" FROM \"node_config\" WHERE (\"host\" = 'jppce2360sa-influx-scripts')", "description": null, "error": null, "hide": 0, - "label": null, - "name": "Interval", - "options": [ - { - "selected": false, - "text": "auto", - "value": "$__auto_interval_Interval" - }, - { - "selected": true, - "text": "10s", - "value": "10s" - }, - { - "selected": false, - "text": "1m", - "value": "1m" - }, - { - "selected": false, - "text": "10m", - "value": "10m" - }, - { - "selected": false, - "text": "30m", - "value": "30m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - }, - { - "selected": false, - "text": "6h", - "value": "6h" - }, - { - "selected": false, - "text": "12h", - "value": "12h" - }, - { - "selected": false, - "text": "1d", - "value": "1d" - }, - { - "selected": false, - "text": "7d", - "value": "7d" - }, - { - "selected": false, - "text": "14d", - "value": "14d" - }, - { - "selected": false, - "text": "30d", - "value": "30d" - } - ], - "query": "10s, 1m,10m,30m,1h,6h,12h,1d,7d,14d,30d", - "refresh": 3, + "includeAll": false, + "label": "Management Interface", + "multi": false, + "name": "manint", + "options": [], + "query": "SELECT \"manint\" FROM \"node_config\" WHERE (\"host\" = 'jppce2360sa-influx-scripts')", + "refresh": 1, + "regex": "", "skipUrlSync": false, - "type": "interval" + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": {}, + "datasource": "InfluxDB", + "definition": "SELECT \"monint\" FROM \"node_config\" WHERE (\"host\" = 'jppce2360sa-influx-scripts')", + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": "Monitor Interface", + "multi": false, + "name": "monint", + "options": [], + "query": "SELECT \"monint\" FROM \"node_config\" WHERE (\"host\" = 'jppce2360sa-influx-scripts')", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": {}, + "datasource": "InfluxDB", + "definition": "show tag values with key=\"host\" where \"role\" = 'standalone'", + "description": "", + "error": null, + "hide": 0, + "includeAll": false, + "label": "Node", + "multi": false, + "name": "servername", + "options": [], + "query": "show tag values with key=\"host\" where \"role\" = 'standalone'", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "selected": false, + "text": "", + "value": "" + }, + "datasource": "InfluxDB", + "definition": "SELECT \"n_cpus\" FROM \"system\" WHERE \"host\" = '$servername'", + "description": null, + "error": null, + "hide": 2, + "includeAll": false, + "label": "CPU Count", + "multi": false, + "name": "cpucount", + "options": [], + "query": "SELECT \"n_cpus\" FROM \"system\" WHERE \"host\" = '$servername'", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false } ] }, "time": { - "from": "now-1h", + "from": "now-3h", "to": "now" }, "timepicker": { "refresh_intervals": [ - "5s", - "10s", "30s", "1m", "5m", @@ -131,21 +145,10 @@ "1h", "2h", "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" ] }, "timezone": "browser", - "title": "Standalone - {{ SERVERNAME }} Overview", + "title": "Standalone Dashboard", "uid": "{{ UID }}", - "version": 17 + "version": 1 } diff --git a/salt/grafana/dashboards/template.json b/salt/grafana/dashboards/template.json deleted file mode 100644 index f1ec5d8ff..000000000 --- a/salt/grafana/dashboards/template.json +++ /dev/null @@ -1,130 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "MY DASHBOARD DESCRIPTION", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 7, - "iteration": 1625251118337, - "links": [], - "panels": [], - "schemaVersion": 27, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": { - "selected": false, - "text": "mynode1", - "value": "mynode1" - }, - "description": "", - "error": null, - "hide": 0, - "includeAll": false, - "label": "Node", - "multi": false, - "name": "query0", - "options": [ - { - "selected": true, - "text": "mynode1", - "value": "mynode1" - }, - { - "selected": false, - "text": "mynode2", - "value": "mynode2" - }, - { - "selected": false, - "text": "mynode3", - "value": "mynode3" - } - ], - "query": "mynode1,mynode2,mynode3", - "queryValue": "", - "skipUrlSync": false, - "type": "custom" - }, - { - "current": { - "selected": true, - "text": "{{ MANINT }}", - "value": "{{ MANINT }}" - }, - "description": null, - "error": null, - "hide": 0, - "label": "Management Interface", - "name": "manint", - "options": [ - { - "selected": true, - "text": "{{ MANINT }}", - "value": "{{ MANINT }}" - } - ], - "query": "{{ MANINT }}", - "skipUrlSync": false, - "type": "textbox" - }, - { - "current": { - "selected": true, - "text": "{{ MONINT }}", - "value": "{{ MONINT }}" - }, - "description": null, - "error": null, - "hide": 2, - "label": "Monitor Interface", - "name": "monint", - "options": [ - { - "selected": true, - "text": "{{ MONINT }}", - "value": "{{ MONINT }}" - } - ], - "query": "{{ MONINT }}", - "skipUrlSync": false, - "type": "textbox" - } - ] - }, - "time": { - "from": "now-6h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "browser", - "title": "MY DASHBOARD NAME", - "uid": "IQqwsPznk", - "version": 3 - } diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index a384e490a..471d43c77 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -26,6 +26,11 @@ grafana: # license_path: /opt/so/conf/grafana/etc/files/license.jwt dashboards: standalone: + templating: + list: + - servername + - manint + - monint panels: cpu_usage_idle: enabled: true diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 655df4bc6..724fa2f91 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -125,15 +125,11 @@ common-standalone-dashboard: - user: 939 - group: 939 - template: jinja - - source: salt://grafana/dashboards/standalone/common_standalone.json.jinja + - source: salt://grafana/dashboards/common_template.json.jinja - defaults: - SERVERNAME: {{ SN }} - MANINT: {{ SNDATA.manint }} - CPUS: {{ SNDATA.totalcpus }} - UID: so_overview - ROOTFS: {{ SNDATA.rootfs }} - NSMFS: {{ SNDATA.nsmfs }} - PANELS: {{GRAFANA_SETTINGS.dashboards.standalone.panels}} + UID: so_overview + PANELS: {{GRAFANA_SETTINGS.dashboards.standalone.panels}} + TEMPLATES: {{GRAFANA_SETTINGS.dashboards.standalone.templates}} {% endfor %} {% endif %} diff --git a/salt/grafana/templates/cpucount.json b/salt/grafana/templates/cpucount.json new file mode 100644 index 000000000..202ae7a49 --- /dev/null +++ b/salt/grafana/templates/cpucount.json @@ -0,0 +1,24 @@ +{ + "allValue": null, + "current": {}, + "datasource": "InfluxDB", + "definition": "SELECT \"n_cpus\" FROM \"system\" WHERE \"host\" = '$servername'", + "description": null, + "error": null, + "hide": 2, + "includeAll": false, + "label": "CPU Count", + "multi": false, + "name": "cpucount", + "options": [], + "query": "SELECT \"n_cpus\" FROM \"system\" WHERE \"host\" = '$servername'", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } diff --git a/salt/grafana/templates/mainint.json b/salt/grafana/templates/mainint.json new file mode 100644 index 000000000..8c0e65530 --- /dev/null +++ b/salt/grafana/templates/mainint.json @@ -0,0 +1,24 @@ +{ + "allValue": null, + "current": {}, + "datasource": "InfluxDB", + "definition": "SELECT \"manint\" FROM \"node_config\" WHERE (\"host\" = '$servername')", + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": "Management Interface", + "multi": false, + "name": "manint", + "options": [], + "query": "SELECT \"manint\" FROM \"node_config\" WHERE (\"host\" = '$servername')", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } diff --git a/salt/grafana/templates/monint.json b/salt/grafana/templates/monint.json new file mode 100644 index 000000000..98098467f --- /dev/null +++ b/salt/grafana/templates/monint.json @@ -0,0 +1,24 @@ +{ + "allValue": null, + "current": {}, + "datasource": "InfluxDB", + "definition": "SELECT \"monint\" FROM \"node_config\" WHERE (\"host\" = '$servername')", + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": "Monitor Interface", + "multi": false, + "name": "monint", + "options": [], + "query": "SELECT \"monint\" FROM \"node_config\" WHERE (\"host\" = '$servername')", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } diff --git a/salt/grafana/templates/role.json b/salt/grafana/templates/role.json new file mode 100644 index 000000000..f76de3cad --- /dev/null +++ b/salt/grafana/templates/role.json @@ -0,0 +1,24 @@ +{ + "allValue": null, + "current": {}, + "datasource": "InfluxDB", + "definition": "show tag values with key=\"role\"", + "description": null, + "error": null, + "hide": 0, + "includeAll": true, + "label": "Role", + "multi": true, + "name": "role", + "options": [], + "query": "show tag values with key=\"role\"", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false +} diff --git a/salt/grafana/templates/servername.json b/salt/grafana/templates/servername.json new file mode 100644 index 000000000..58fc08818 --- /dev/null +++ b/salt/grafana/templates/servername.json @@ -0,0 +1,24 @@ +{ + "allValue": null, + "current": {}, + "datasource": "InfluxDB", + "definition": "show tag values with key=\"host\" where \"role\" = 'standalone'", + "description": "", + "error": null, + "hide": 0, + "includeAll": false, + "label": "Node", + "multi": false, + "name": "servername", + "options": [], + "query": "show tag values with key=\"host\" where \"role\" = 'standalone'", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } From 54cdfb89f64054b11b9dd34880efa529be6813aa Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 8 Jul 2021 14:14:40 -0400 Subject: [PATCH 013/266] remove common_standalone.json.jinja --- .../standalone/common_standalone.json.jinja | 154 ------------------ 1 file changed, 154 deletions(-) delete mode 100644 salt/grafana/dashboards/standalone/common_standalone.json.jinja diff --git a/salt/grafana/dashboards/standalone/common_standalone.json.jinja b/salt/grafana/dashboards/standalone/common_standalone.json.jinja deleted file mode 100644 index a4167d6d0..000000000 --- a/salt/grafana/dashboards/standalone/common_standalone.json.jinja +++ /dev/null @@ -1,154 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "MY DASHBOARD DESCRIPTION", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 7, - "iteration": 1625757047565, - "links": [], - "panels": [], - "schemaVersion": 27, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": { - "selected": false, - "text": "eth0", - "value": "eth0" - }, - "datasource": "InfluxDB", - "definition": "SELECT \"manint\" FROM \"node_config\" WHERE (\"host\" = 'jppce2360sa-influx-scripts')", - "description": null, - "error": null, - "hide": 0, - "includeAll": false, - "label": "Management Interface", - "multi": false, - "name": "manint", - "options": [], - "query": "SELECT \"manint\" FROM \"node_config\" WHERE (\"host\" = 'jppce2360sa-influx-scripts')", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "InfluxDB", - "definition": "SELECT \"monint\" FROM \"node_config\" WHERE (\"host\" = 'jppce2360sa-influx-scripts')", - "description": null, - "error": null, - "hide": 0, - "includeAll": false, - "label": "Monitor Interface", - "multi": false, - "name": "monint", - "options": [], - "query": "SELECT \"monint\" FROM \"node_config\" WHERE (\"host\" = 'jppce2360sa-influx-scripts')", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "InfluxDB", - "definition": "show tag values with key=\"host\" where \"role\" = 'standalone'", - "description": "", - "error": null, - "hide": 0, - "includeAll": false, - "label": "Node", - "multi": false, - "name": "servername", - "options": [], - "query": "show tag values with key=\"host\" where \"role\" = 'standalone'", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "selected": false, - "text": "", - "value": "" - }, - "datasource": "InfluxDB", - "definition": "SELECT \"n_cpus\" FROM \"system\" WHERE \"host\" = '$servername'", - "description": null, - "error": null, - "hide": 2, - "includeAll": false, - "label": "CPU Count", - "multi": false, - "name": "cpucount", - "options": [], - "query": "SELECT \"n_cpus\" FROM \"system\" WHERE \"host\" = '$servername'", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-3h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "browser", - "title": "Standalone Dashboard", - "uid": "{{ UID }}", - "version": 1 -} From 091b5f73b1258bac7ada8fbeb9eda8389ba8bfca Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 8 Jul 2021 14:43:38 -0400 Subject: [PATCH 014/266] update var --- salt/grafana/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 724fa2f91..d481d55bf 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -129,7 +129,7 @@ common-standalone-dashboard: - defaults: UID: so_overview PANELS: {{GRAFANA_SETTINGS.dashboards.standalone.panels}} - TEMPLATES: {{GRAFANA_SETTINGS.dashboards.standalone.templates}} + TEMPLATES: {{GRAFANA_SETTINGS.dashboards.standalone.templating.list}} {% endfor %} {% endif %} From 7085796601621614b0d4ca033585a938f79c1e7d Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 8 Jul 2021 16:33:21 -0400 Subject: [PATCH 015/266] replace SERVERNAME with $servername --- .../panels/cpu_docker_combined.json.jinja | 20 ++++---- salt/grafana/panels/cpu_usage_idle.json.jinja | 6 +-- .../grafana/panels/cpu_usage_tasks.json.jinja | 50 +++++++++---------- salt/grafana/panels/disk_io.json.jinja | 10 ++-- salt/grafana/panels/disk_used_nsm.json.jinja | 6 +-- salt/grafana/panels/disk_used_root.json.jinja | 6 +-- .../panels/elasticsearch_cpu_usage.json.jinja | 6 +-- .../elasticsearch_documents_count.json.jinja | 4 +- ...ticsearch_field_data_cache_size.json.jinja | 6 +-- .../elasticsearch_store_size.json.jinja | 6 +-- .../elasticsearch_thread_count.json.jinja | 6 +-- salt/grafana/panels/estimated_eps.json.jinja | 6 +-- .../panels/influxdb_cpu_usage.json.jinja | 6 +-- salt/grafana/panels/influxdb_size.json.jinja | 6 +-- .../panels/influxdb_traffic.json.jinja | 10 ++-- salt/grafana/panels/io_wait.json.jinja | 6 +-- .../panels/kibana_cpu_usage.json.jinja | 6 +-- salt/grafana/panels/load_average.json.jinja | 18 +++---- .../panels/logstash_cpu_usage.json.jinja | 6 +-- .../panels/logstash_traffic.json.jinja | 10 ++-- .../panels/management_traffic.json.jinja | 10 ++-- salt/grafana/panels/memory.json.jinja | 34 ++++++------- salt/grafana/panels/memory_used.json.jinja | 10 ++-- .../grafana/panels/monitor_traffic.json.jinja | 6 +-- .../panels/pcap_packet_loss.json.jinja | 6 +-- salt/grafana/panels/pcap_retention.json.jinja | 6 +-- .../panels/processes_states.json.jinja | 14 +++--- salt/grafana/panels/proxy_traffic.json.jinja | 10 ++-- .../grafana/panels/redis_cpu_usage.json.jinja | 10 ++-- .../panels/redis_memory_usage.json.jinja | 6 +-- salt/grafana/panels/redis_queue.json.jinja | 6 +-- .../panels/stenographer_cpu_usage.json.jinja | 6 +-- .../stenographer_memory_usage.json.jinja | 6 +-- .../panels/suricata_cpu_usage.json.jinja | 6 +-- .../panels/suricata_memory_usage.json.jinja | 6 +-- .../panels/suricata_packet_loss.json.jinja | 6 +-- salt/grafana/panels/system_uptime.json.jinja | 4 +- salt/grafana/panels/total_threads.json.jinja | 6 +-- .../panels/zeek_capture_loss.json.jinja | 6 +-- salt/grafana/panels/zeek_cpu_usage.json.jinja | 6 +-- .../panels/zeek_memory_usage.json.jinja | 6 +-- .../panels/zeek_packet_loss.json.jinja | 6 +-- .../zeek_restarts_healthcheck.json.jinja | 2 +- 43 files changed, 192 insertions(+), 192 deletions(-) diff --git a/salt/grafana/panels/cpu_docker_combined.json.jinja b/salt/grafana/panels/cpu_docker_combined.json.jinja index 4f804d38d..161b4c526 100644 --- a/salt/grafana/panels/cpu_docker_combined.json.jinja +++ b/salt/grafana/panels/cpu_docker_combined.json.jinja @@ -19,7 +19,7 @@ { "key": "host", "operator": "=", - "value": "jppce2360sa-influx-scripts" + "value": "$servername" }, { "condition": "AND", @@ -63,7 +63,7 @@ ] ], "measurement": "docker_container_cpu", - "query": "SELECT mean(\"usage_percent\") /8 FROM \"docker_container_cpu\" WHERE (\"host\" = 'jppce2360sa-influx-scripts' AND \"container_name\" = 'so-elasticsearch') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_percent\") /8 FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-elasticsearch') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "hide": false, "alias": "elasticsearch" @@ -78,7 +78,7 @@ { "key": "host", "operator": "=", - "value": "jppce2360sa-influx-scripts" + "value": "$servername" }, { "condition": "AND", @@ -134,7 +134,7 @@ { "key": "host", "operator": "=", - "value": "jppce2360sa-influx-scripts" + "value": "$servername" }, { "condition": "AND", @@ -190,7 +190,7 @@ { "key": "host", "operator": "=", - "value": "jppce2360sa-influx-scripts" + "value": "$servername" }, { "condition": "AND", @@ -246,7 +246,7 @@ { "key": "host", "operator": "=", - "value": "jppce2360sa-influx-scripts" + "value": "$servername" }, { "condition": "AND", @@ -302,7 +302,7 @@ { "key": "host", "operator": "=", - "value": "jppce2360sa-influx-scripts" + "value": "$servername" }, { "condition": "AND", @@ -358,7 +358,7 @@ { "key": "host", "operator": "=", - "value": "jppce2360sa-influx-scripts" + "value": "$servername" }, { "condition": "AND", @@ -414,7 +414,7 @@ { "key": "host", "operator": "=", - "value": "jppce2360sa-influx-scripts" + "value": "$servername" }, { "condition": "AND", @@ -470,7 +470,7 @@ { "key": "host", "operator": "=", - "value": "jppce2360sa-influx-scripts" + "value": "$servername" }, { "condition": "AND", diff --git a/salt/grafana/panels/cpu_usage_idle.json.jinja b/salt/grafana/panels/cpu_usage_idle.json.jinja index e83dee734..e786fe786 100644 --- a/salt/grafana/panels/cpu_usage_idle.json.jinja +++ b/salt/grafana/panels/cpu_usage_idle.json.jinja @@ -101,7 +101,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -158,7 +158,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -173,7 +173,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - CPU", + "title": "$servername - CPU", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/cpu_usage_tasks.json.jinja b/salt/grafana/panels/cpu_usage_tasks.json.jinja index 014e10ee7..85909264f 100644 --- a/salt/grafana/panels/cpu_usage_tasks.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks.json.jinja @@ -77,7 +77,7 @@ "measurement": "cpu", "orderByTime": "ASC", "policy": "default", - "query": "SELECT mean(\"usage_system\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_system\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -99,7 +99,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -129,7 +129,7 @@ "measurement": "cpu", "orderByTime": "ASC", "policy": "default", - "query": "SELECT mean(\"usage_user\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_user\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "B", "resultFormat": "time_series", @@ -151,7 +151,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -181,7 +181,7 @@ "measurement": "cpu", "orderByTime": "ASC", "policy": "default", - "query": "SELECT mean(\"usage_nice\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_nice\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "C", "resultFormat": "time_series", @@ -203,7 +203,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -233,7 +233,7 @@ "measurement": "cpu", "orderByTime": "ASC", "policy": "default", - "query": "SELECT mean(\"usage_irq\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_irq\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": true, "refId": "D", "resultFormat": "time_series", @@ -255,7 +255,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -285,7 +285,7 @@ "measurement": "cpu", "orderByTime": "ASC", "policy": "default", - "query": "SELECT mean(\"usage_iowait\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_iowait\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": true, "refId": "E", "resultFormat": "time_series", @@ -307,7 +307,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -337,7 +337,7 @@ "measurement": "cpu", "orderByTime": "ASC", "policy": "default", - "query": "SELECT mean(\"usage_softirq\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_softirq\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": true, "refId": "F", "resultFormat": "time_series", @@ -359,7 +359,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -390,7 +390,7 @@ "measurement": "cpu", "orderByTime": "ASC", "policy": "so_long_term", - "query": "SELECT mean(\"usage_system\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_system\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "G", "resultFormat": "time_series", @@ -412,7 +412,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -443,7 +443,7 @@ "measurement": "cpu", "orderByTime": "ASC", "policy": "so_long_term", - "query": "SELECT mean(\"usage_user\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_user\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "H", "resultFormat": "time_series", @@ -465,7 +465,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -496,7 +496,7 @@ "measurement": "cpu", "orderByTime": "ASC", "policy": "so_long_term", - "query": "SELECT mean(\"usage_nice\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_nice\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "I", "resultFormat": "time_series", @@ -518,7 +518,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -549,7 +549,7 @@ "measurement": "cpu", "orderByTime": "ASC", "policy": "so_long_term", - "query": "SELECT mean(\"usage_irq\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_irq\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "J", "resultFormat": "time_series", @@ -571,7 +571,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -602,7 +602,7 @@ "measurement": "cpu", "orderByTime": "ASC", "policy": "so_long_term", - "query": "SELECT mean(\"usage_iowait\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_iowait\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "K", "resultFormat": "time_series", @@ -624,7 +624,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -655,7 +655,7 @@ "measurement": "cpu", "orderByTime": "ASC", "policy": "so_long_term", - "query": "SELECT mean(\"usage_softirq\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_softirq\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "L", "resultFormat": "time_series", @@ -677,7 +677,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -690,7 +690,7 @@ ], "thresholds": [], "timeRegions": [], - "title": "{{ SERVERNAME }} - CPU Usage", + "title": "$servername - CPU Usage", "tooltip": { "msResolution": true, "shared": true, diff --git a/salt/grafana/panels/disk_io.json.jinja b/salt/grafana/panels/disk_io.json.jinja index dde4a55a4..9aedaceb9 100644 --- a/salt/grafana/panels/disk_io.json.jinja +++ b/salt/grafana/panels/disk_io.json.jinja @@ -101,7 +101,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -149,7 +149,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -198,7 +198,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -247,7 +247,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] } @@ -256,7 +256,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - Disk I/O", + "title": "$servername - Disk I/O", "tooltip": { "msResolution": true, "shared": true, diff --git a/salt/grafana/panels/disk_used_nsm.json.jinja b/salt/grafana/panels/disk_used_nsm.json.jinja index cce953ecb..495ad69ff 100644 --- a/salt/grafana/panels/disk_used_nsm.json.jinja +++ b/salt/grafana/panels/disk_used_nsm.json.jinja @@ -90,7 +90,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -140,7 +140,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -155,7 +155,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/nsm)", + "title": "$servername - Disk Used(/nsm)", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/disk_used_root.json.jinja b/salt/grafana/panels/disk_used_root.json.jinja index c4c76ada3..0743382f2 100644 --- a/salt/grafana/panels/disk_used_root.json.jinja +++ b/salt/grafana/panels/disk_used_root.json.jinja @@ -90,7 +90,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -140,7 +140,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -155,7 +155,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/)", + "title": "$servername - Disk Used(/)", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/elasticsearch_cpu_usage.json.jinja b/salt/grafana/panels/elasticsearch_cpu_usage.json.jinja index a8a9230f4..081ab68f0 100644 --- a/salt/grafana/panels/elasticsearch_cpu_usage.json.jinja +++ b/salt/grafana/panels/elasticsearch_cpu_usage.json.jinja @@ -101,7 +101,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -158,7 +158,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -173,7 +173,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - ES CPU Usage", + "title": "$servername - ES CPU Usage", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/elasticsearch_documents_count.json.jinja b/salt/grafana/panels/elasticsearch_documents_count.json.jinja index 91c33396d..d34af37b7 100644 --- a/salt/grafana/panels/elasticsearch_documents_count.json.jinja +++ b/salt/grafana/panels/elasticsearch_documents_count.json.jinja @@ -103,13 +103,13 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] } ], "thresholds": "", - "title": "{{ SERVERNAME }} - ES Documents", + "title": "$servername - ES Documents", "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ diff --git a/salt/grafana/panels/elasticsearch_field_data_cache_size.json.jinja b/salt/grafana/panels/elasticsearch_field_data_cache_size.json.jinja index 39ac53c91..a9b6b9473 100644 --- a/salt/grafana/panels/elasticsearch_field_data_cache_size.json.jinja +++ b/salt/grafana/panels/elasticsearch_field_data_cache_size.json.jinja @@ -92,7 +92,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -136,7 +136,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] } @@ -145,7 +145,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - ES Fielddata Cache Size", + "title": "$servername - ES Fielddata Cache Size", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/elasticsearch_store_size.json.jinja b/salt/grafana/panels/elasticsearch_store_size.json.jinja index fc9d8c435..b98e1bb18 100644 --- a/salt/grafana/panels/elasticsearch_store_size.json.jinja +++ b/salt/grafana/panels/elasticsearch_store_size.json.jinja @@ -95,7 +95,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -140,7 +140,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] } @@ -149,7 +149,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - ES Store Size", + "title": "$servername - ES Store Size", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/elasticsearch_thread_count.json.jinja b/salt/grafana/panels/elasticsearch_thread_count.json.jinja index cae6a4450..c825c83d0 100644 --- a/salt/grafana/panels/elasticsearch_thread_count.json.jinja +++ b/salt/grafana/panels/elasticsearch_thread_count.json.jinja @@ -92,7 +92,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -136,7 +136,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] } @@ -145,7 +145,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - ES Thread Count", + "title": "$servername - ES Thread Count", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/estimated_eps.json.jinja b/salt/grafana/panels/estimated_eps.json.jinja index 7680f471d..9c0310f20 100644 --- a/salt/grafana/panels/estimated_eps.json.jinja +++ b/salt/grafana/panels/estimated_eps.json.jinja @@ -92,7 +92,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -137,7 +137,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] } @@ -146,7 +146,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - Estimated EPS", + "title": "$servername - Estimated EPS", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/influxdb_cpu_usage.json.jinja b/salt/grafana/panels/influxdb_cpu_usage.json.jinja index 5c7adff02..082e7c33b 100644 --- a/salt/grafana/panels/influxdb_cpu_usage.json.jinja +++ b/salt/grafana/panels/influxdb_cpu_usage.json.jinja @@ -98,7 +98,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -154,7 +154,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -169,7 +169,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - InfluxDB CPU Usage", + "title": "$servername - InfluxDB CPU Usage", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/influxdb_size.json.jinja b/salt/grafana/panels/influxdb_size.json.jinja index 6a749245c..dbf7ebc5c 100644 --- a/salt/grafana/panels/influxdb_size.json.jinja +++ b/salt/grafana/panels/influxdb_size.json.jinja @@ -92,7 +92,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -136,7 +136,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] } @@ -145,7 +145,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - InfluxDB Size", + "title": "$servername - InfluxDB Size", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/influxdb_traffic.json.jinja b/salt/grafana/panels/influxdb_traffic.json.jinja index 50002a2a0..758cb0692 100644 --- a/salt/grafana/panels/influxdb_traffic.json.jinja +++ b/salt/grafana/panels/influxdb_traffic.json.jinja @@ -106,7 +106,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -167,7 +167,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -229,7 +229,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -291,7 +291,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -306,7 +306,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - InfluxDB Traffic", + "title": "$servername - InfluxDB Traffic", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/io_wait.json.jinja b/salt/grafana/panels/io_wait.json.jinja index 1c73443a4..e06013bd7 100644 --- a/salt/grafana/panels/io_wait.json.jinja +++ b/salt/grafana/panels/io_wait.json.jinja @@ -92,7 +92,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -136,7 +136,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] } @@ -145,7 +145,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - IO Wait", + "title": "$servername - IO Wait", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/kibana_cpu_usage.json.jinja b/salt/grafana/panels/kibana_cpu_usage.json.jinja index 767a0c012..a468cfaea 100644 --- a/salt/grafana/panels/kibana_cpu_usage.json.jinja +++ b/salt/grafana/panels/kibana_cpu_usage.json.jinja @@ -104,7 +104,7 @@ "condition": "AND", "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -160,7 +160,7 @@ "condition": "AND", "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] } @@ -169,7 +169,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - Kibana CPU Usage", + "title": "$servername - Kibana CPU Usage", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/load_average.json.jinja b/salt/grafana/panels/load_average.json.jinja index db2c6f5c9..203cce76e 100644 --- a/salt/grafana/panels/load_average.json.jinja +++ b/salt/grafana/panels/load_average.json.jinja @@ -106,7 +106,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -150,7 +150,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -194,7 +194,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -238,7 +238,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -282,7 +282,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -327,7 +327,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -372,7 +372,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -417,7 +417,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] } @@ -426,7 +426,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - Load Average", + "title": "$servername - Load Average", "tooltip": { "msResolution": true, "shared": true, diff --git a/salt/grafana/panels/logstash_cpu_usage.json.jinja b/salt/grafana/panels/logstash_cpu_usage.json.jinja index e0cb24f78..52fc9e0d5 100644 --- a/salt/grafana/panels/logstash_cpu_usage.json.jinja +++ b/salt/grafana/panels/logstash_cpu_usage.json.jinja @@ -98,7 +98,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -154,7 +154,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -169,7 +169,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - Logstash CPU Usage", + "title": "$servername - Logstash CPU Usage", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/logstash_traffic.json.jinja b/salt/grafana/panels/logstash_traffic.json.jinja index 61c2900ea..e03009aa1 100644 --- a/salt/grafana/panels/logstash_traffic.json.jinja +++ b/salt/grafana/panels/logstash_traffic.json.jinja @@ -105,7 +105,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -166,7 +166,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -228,7 +228,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -290,7 +290,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -305,7 +305,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - Logstash Traffic", + "title": "$servername - Logstash Traffic", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/management_traffic.json.jinja b/salt/grafana/panels/management_traffic.json.jinja index 4cc23903b..c5fda1869 100644 --- a/salt/grafana/panels/management_traffic.json.jinja +++ b/salt/grafana/panels/management_traffic.json.jinja @@ -116,7 +116,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -180,7 +180,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -245,7 +245,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -310,7 +310,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -325,7 +325,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - Management Traffic", + "title": "$servername - Management Traffic", "tooltip": { "msResolution": true, "shared": true, diff --git a/salt/grafana/panels/memory.json.jinja b/salt/grafana/panels/memory.json.jinja index 1daf4aba5..1a8d4d22a 100644 --- a/salt/grafana/panels/memory.json.jinja +++ b/salt/grafana/panels/memory.json.jinja @@ -76,7 +76,7 @@ "measurement": "mem", "orderByTime": "ASC", "policy": "default", - "query": "SELECT mean(\"used\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"used\") FROM \"mem\" WHERE (\"host\" = '$servername') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -98,7 +98,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -122,7 +122,7 @@ "measurement": "mem", "orderByTime": "ASC", "policy": "default", - "query": "SELECT mean(\"buffered\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"buffered\") FROM \"mem\" WHERE (\"host\" = '$servername') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "B", "resultFormat": "time_series", @@ -144,7 +144,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -168,7 +168,7 @@ "measurement": "mem", "orderByTime": "ASC", "policy": "default", - "query": "SELECT mean(\"cached\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"cached\") FROM \"mem\" WHERE (\"host\" = '$servername') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "C", "resultFormat": "time_series", @@ -190,7 +190,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -214,7 +214,7 @@ "measurement": "mem", "orderByTime": "ASC", "policy": "default", - "query": "SELECT mean(\"free\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"free\") FROM \"mem\" WHERE (\"host\" = '$servername') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "D", "resultFormat": "time_series", @@ -236,7 +236,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -261,7 +261,7 @@ "measurement": "mem", "orderByTime": "ASC", "policy": "so_long_term", - "query": "SELECT mean(\"used\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"used\") FROM \"mem\" WHERE (\"host\" = '$servername') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "E", "resultFormat": "time_series", @@ -283,7 +283,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -308,7 +308,7 @@ "measurement": "mem", "orderByTime": "ASC", "policy": "so_long_term", - "query": "SELECT mean(\"buffered\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"buffered\") FROM \"mem\" WHERE (\"host\" = '$servername') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "F", "resultFormat": "time_series", @@ -330,7 +330,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -355,7 +355,7 @@ "measurement": "mem", "orderByTime": "ASC", "policy": "so_long_term", - "query": "SELECT mean(\"cached\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"cached\") FROM \"mem\" WHERE (\"host\" = '$servername') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "G", "resultFormat": "time_series", @@ -377,7 +377,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -402,7 +402,7 @@ "measurement": "mem", "orderByTime": "ASC", "policy": "so_long_term", - "query": "SELECT mean(\"free\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"free\") FROM \"mem\" WHERE (\"host\" = '$servername') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "H", "resultFormat": "time_series", @@ -424,14 +424,14 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] } ], "thresholds": [], "timeRegions": [], - "title": "{{ SERVERNAME }} - Memory", + "title": "$servername - Memory", "tooltip": { "msResolution": true, "shared": true, diff --git a/salt/grafana/panels/memory_used.json.jinja b/salt/grafana/panels/memory_used.json.jinja index 5d8902db8..04ff62c20 100644 --- a/salt/grafana/panels/memory_used.json.jinja +++ b/salt/grafana/panels/memory_used.json.jinja @@ -92,7 +92,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -135,7 +135,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -179,7 +179,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -223,7 +223,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] } @@ -232,7 +232,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - Memory(Used)", + "title": "$servername - Memory(Used)", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/monitor_traffic.json.jinja b/salt/grafana/panels/monitor_traffic.json.jinja index c28615bf0..ad3bca4b3 100644 --- a/salt/grafana/panels/monitor_traffic.json.jinja +++ b/salt/grafana/panels/monitor_traffic.json.jinja @@ -116,7 +116,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -181,7 +181,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -196,7 +196,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - Monitor Traffic", + "title": "$servername - Monitor Traffic", "tooltip": { "msResolution": true, "shared": true, diff --git a/salt/grafana/panels/pcap_packet_loss.json.jinja b/salt/grafana/panels/pcap_packet_loss.json.jinja index 58ae81220..0e87fff60 100644 --- a/salt/grafana/panels/pcap_packet_loss.json.jinja +++ b/salt/grafana/panels/pcap_packet_loss.json.jinja @@ -95,7 +95,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -140,7 +140,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] } @@ -149,7 +149,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - PCAP Packet Loss", + "title": "$servername - PCAP Packet Loss", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/pcap_retention.json.jinja b/salt/grafana/panels/pcap_retention.json.jinja index 7800f99df..3426fe245 100644 --- a/salt/grafana/panels/pcap_retention.json.jinja +++ b/salt/grafana/panels/pcap_retention.json.jinja @@ -95,7 +95,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -140,7 +140,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] } @@ -149,7 +149,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - PCAP Retention", + "title": "$servername - PCAP Retention", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/processes_states.json.jinja b/salt/grafana/panels/processes_states.json.jinja index 274d86d89..a8aa1970a 100644 --- a/salt/grafana/panels/processes_states.json.jinja +++ b/salt/grafana/panels/processes_states.json.jinja @@ -93,7 +93,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -137,7 +137,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -181,7 +181,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -226,7 +226,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -271,7 +271,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -316,14 +316,14 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] } ], "thresholds": [], "timeRegions": [], - "title": "{{ SERVERNAME }} - Processes", + "title": "$servername - Processes", "tooltip": { "msResolution": true, "shared": true, diff --git a/salt/grafana/panels/proxy_traffic.json.jinja b/salt/grafana/panels/proxy_traffic.json.jinja index a962d4d02..6812b9c57 100644 --- a/salt/grafana/panels/proxy_traffic.json.jinja +++ b/salt/grafana/panels/proxy_traffic.json.jinja @@ -105,7 +105,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -166,7 +166,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -228,7 +228,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -290,7 +290,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -305,7 +305,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - Proxy Traffic", + "title": "$servername - Proxy Traffic", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/redis_cpu_usage.json.jinja b/salt/grafana/panels/redis_cpu_usage.json.jinja index 779251d4d..03f396774 100644 --- a/salt/grafana/panels/redis_cpu_usage.json.jinja +++ b/salt/grafana/panels/redis_cpu_usage.json.jinja @@ -72,7 +72,7 @@ "measurement": "docker_container_cpu", "orderByTime": "ASC", "policy": "default", - "query": "SELECT mean(\"usage_percent\") /{{ CPUS }} FROM \"docker_container_cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_percent\") /{{ CPUS }} FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -100,7 +100,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -130,7 +130,7 @@ "measurement": "docker_container_cpu", "orderByTime": "ASC", "policy": "so_long_term", - "query": "SELECT mean(\"usage_percent\") /{{ CPUS }} FROM \"docker_container_cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_percent\") /{{ CPUS }} FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "B", "resultFormat": "time_series", @@ -158,7 +158,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -173,7 +173,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - Redis CPU Usage", + "title": "$servername - Redis CPU Usage", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/redis_memory_usage.json.jinja b/salt/grafana/panels/redis_memory_usage.json.jinja index c7ec96754..4234414bc 100644 --- a/salt/grafana/panels/redis_memory_usage.json.jinja +++ b/salt/grafana/panels/redis_memory_usage.json.jinja @@ -92,7 +92,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -142,7 +142,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -157,7 +157,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - Redis Memory Usage", + "title": "$servername - Redis Memory Usage", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/redis_queue.json.jinja b/salt/grafana/panels/redis_queue.json.jinja index 723fdf887..4a9b41e85 100644 --- a/salt/grafana/panels/redis_queue.json.jinja +++ b/salt/grafana/panels/redis_queue.json.jinja @@ -93,7 +93,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -137,7 +137,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] } @@ -146,7 +146,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - Redis Queue", + "title": "$servername - Redis Queue", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/stenographer_cpu_usage.json.jinja b/salt/grafana/panels/stenographer_cpu_usage.json.jinja index ba718b48e..9c745f5da 100644 --- a/salt/grafana/panels/stenographer_cpu_usage.json.jinja +++ b/salt/grafana/panels/stenographer_cpu_usage.json.jinja @@ -92,7 +92,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -149,7 +149,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -162,7 +162,7 @@ ], "thresholds": [], "timeRegions": [], - "title": "{{ SERVERNAME }} - Steno CPU Usage", + "title": "$servername - Steno CPU Usage", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/stenographer_memory_usage.json.jinja b/salt/grafana/panels/stenographer_memory_usage.json.jinja index 195fc06e7..09e5385b0 100644 --- a/salt/grafana/panels/stenographer_memory_usage.json.jinja +++ b/salt/grafana/panels/stenographer_memory_usage.json.jinja @@ -86,7 +86,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -137,7 +137,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -150,7 +150,7 @@ ], "thresholds": [], "timeRegions": [], - "title": "{{ SERVERNAME }} - Steno Memory Usage", + "title": "$servername - Steno Memory Usage", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/suricata_cpu_usage.json.jinja b/salt/grafana/panels/suricata_cpu_usage.json.jinja index ed6fb881e..b68ca817a 100644 --- a/salt/grafana/panels/suricata_cpu_usage.json.jinja +++ b/salt/grafana/panels/suricata_cpu_usage.json.jinja @@ -101,7 +101,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -158,7 +158,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -173,7 +173,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - Suri CPU Usage", + "title": "$servername - Suri CPU Usage", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/suricata_memory_usage.json.jinja b/salt/grafana/panels/suricata_memory_usage.json.jinja index 90d2bf038..1a692ec5d 100644 --- a/salt/grafana/panels/suricata_memory_usage.json.jinja +++ b/salt/grafana/panels/suricata_memory_usage.json.jinja @@ -95,7 +95,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -146,7 +146,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -161,7 +161,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - Suri Memory Usage", + "title": "$servername - Suri Memory Usage", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/suricata_packet_loss.json.jinja b/salt/grafana/panels/suricata_packet_loss.json.jinja index d8391424b..a854f1a34 100644 --- a/salt/grafana/panels/suricata_packet_loss.json.jinja +++ b/salt/grafana/panels/suricata_packet_loss.json.jinja @@ -101,7 +101,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -152,7 +152,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] } @@ -161,7 +161,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - Suricata Packet Loss", + "title": "$servername - Suricata Packet Loss", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/system_uptime.json.jinja b/salt/grafana/panels/system_uptime.json.jinja index 971768aa6..318192edb 100644 --- a/salt/grafana/panels/system_uptime.json.jinja +++ b/salt/grafana/panels/system_uptime.json.jinja @@ -79,13 +79,13 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] } ], "timeFrom": null, "timeShift": null, - "title": "{{ SERVERNAME }} - System Uptime", + "title": "$servername - System Uptime", "type": "stat" } diff --git a/salt/grafana/panels/total_threads.json.jinja b/salt/grafana/panels/total_threads.json.jinja index f06fa4de5..dd8ebb231 100644 --- a/salt/grafana/panels/total_threads.json.jinja +++ b/salt/grafana/panels/total_threads.json.jinja @@ -98,7 +98,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -143,7 +143,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] } @@ -152,7 +152,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - Total Threads", + "title": "$servername - Total Threads", "tooltip": { "msResolution": true, "shared": true, diff --git a/salt/grafana/panels/zeek_capture_loss.json.jinja b/salt/grafana/panels/zeek_capture_loss.json.jinja index 2840163bf..c75a8e5d9 100644 --- a/salt/grafana/panels/zeek_capture_loss.json.jinja +++ b/salt/grafana/panels/zeek_capture_loss.json.jinja @@ -92,7 +92,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -136,7 +136,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] } @@ -145,7 +145,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek Capture Loss", + "title": "$servername - Zeek Capture Loss", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/zeek_cpu_usage.json.jinja b/salt/grafana/panels/zeek_cpu_usage.json.jinja index 29fe89244..1d5e9905f 100644 --- a/salt/grafana/panels/zeek_cpu_usage.json.jinja +++ b/salt/grafana/panels/zeek_cpu_usage.json.jinja @@ -101,7 +101,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -158,7 +158,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -173,7 +173,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek CPU Usage", + "title": "$servername - Zeek CPU Usage", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/zeek_memory_usage.json.jinja b/salt/grafana/panels/zeek_memory_usage.json.jinja index 6e890f7b1..502038d26 100644 --- a/salt/grafana/panels/zeek_memory_usage.json.jinja +++ b/salt/grafana/panels/zeek_memory_usage.json.jinja @@ -95,7 +95,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -146,7 +146,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" }, { "condition": "AND", @@ -161,7 +161,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek Memory Usage", + "title": "$servername - Zeek Memory Usage", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/zeek_packet_loss.json.jinja b/salt/grafana/panels/zeek_packet_loss.json.jinja index a91872f8f..ac07f5eb2 100644 --- a/salt/grafana/panels/zeek_packet_loss.json.jinja +++ b/salt/grafana/panels/zeek_packet_loss.json.jinja @@ -101,7 +101,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] }, @@ -152,7 +152,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] } @@ -161,7 +161,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek Packet Loss", + "title": "$servername - Zeek Packet Loss", "tooltip": { "shared": true, "sort": 0, diff --git a/salt/grafana/panels/zeek_restarts_healthcheck.json.jinja b/salt/grafana/panels/zeek_restarts_healthcheck.json.jinja index 881827b11..f609292e6 100644 --- a/salt/grafana/panels/zeek_restarts_healthcheck.json.jinja +++ b/salt/grafana/panels/zeek_restarts_healthcheck.json.jinja @@ -81,7 +81,7 @@ { "key": "host", "operator": "=", - "value": "{{ SERVERNAME }}" + "value": "$servername" } ] } From 7c80483f6eb17b74a758afa20aa993c6c7d293c5 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 8 Jul 2021 16:39:14 -0400 Subject: [PATCH 016/266] change CPUS to $cpucount --- .../panels/cpu_docker_combined.json.jinja | 20 +++++++++---------- .../panels/elasticsearch_cpu_usage.json.jinja | 4 ++-- .../panels/influxdb_cpu_usage.json.jinja | 4 ++-- .../panels/kibana_cpu_usage.json.jinja | 4 ++-- .../panels/logstash_cpu_usage.json.jinja | 4 ++-- .../grafana/panels/redis_cpu_usage.json.jinja | 8 ++++---- .../panels/stenographer_cpu_usage.json.jinja | 4 ++-- .../panels/suricata_cpu_usage.json.jinja | 4 ++-- salt/grafana/panels/zeek_cpu_usage.json.jinja | 4 ++-- 9 files changed, 28 insertions(+), 28 deletions(-) diff --git a/salt/grafana/panels/cpu_docker_combined.json.jinja b/salt/grafana/panels/cpu_docker_combined.json.jinja index 161b4c526..7fe3ed685 100644 --- a/salt/grafana/panels/cpu_docker_combined.json.jinja +++ b/salt/grafana/panels/cpu_docker_combined.json.jinja @@ -57,13 +57,13 @@ { "type": "math", "params": [ - " /8" + " /$cpucount" ] } ] ], "measurement": "docker_container_cpu", - "query": "SELECT mean(\"usage_percent\") /8 FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-elasticsearch') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_percent\") /$cpucount FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-elasticsearch') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "hide": false, "alias": "elasticsearch" @@ -116,7 +116,7 @@ { "type": "math", "params": [ - " /8" + " /$cpucount" ] } ] @@ -172,7 +172,7 @@ { "type": "math", "params": [ - " /8" + " /$cpucount" ] } ] @@ -228,7 +228,7 @@ { "type": "math", "params": [ - " /8" + " /$cpucount" ] } ] @@ -284,7 +284,7 @@ { "type": "math", "params": [ - "/8" + "/$cpucount" ] } ] @@ -340,7 +340,7 @@ { "type": "math", "params": [ - "/8" + "/$cpucount" ] } ] @@ -396,7 +396,7 @@ { "type": "math", "params": [ - "/8" + "/$cpucount" ] } ] @@ -452,7 +452,7 @@ { "type": "math", "params": [ - "/8" + "/$cpucount" ] } ] @@ -508,7 +508,7 @@ { "type": "math", "params": [ - "/8" + "/$cpucount" ] } ] diff --git a/salt/grafana/panels/elasticsearch_cpu_usage.json.jinja b/salt/grafana/panels/elasticsearch_cpu_usage.json.jinja index 081ab68f0..c607fc655 100644 --- a/salt/grafana/panels/elasticsearch_cpu_usage.json.jinja +++ b/salt/grafana/panels/elasticsearch_cpu_usage.json.jinja @@ -91,7 +91,7 @@ }, { "params": [ - " /{{ CPUS }}" + " /$cpucount" ], "type": "math" } @@ -148,7 +148,7 @@ }, { "params": [ - " /{{ CPUS }}" + " /$cpucount" ], "type": "math" } diff --git a/salt/grafana/panels/influxdb_cpu_usage.json.jinja b/salt/grafana/panels/influxdb_cpu_usage.json.jinja index 082e7c33b..2fd644446 100644 --- a/salt/grafana/panels/influxdb_cpu_usage.json.jinja +++ b/salt/grafana/panels/influxdb_cpu_usage.json.jinja @@ -88,7 +88,7 @@ }, { "params": [ - " /{{ CPUS }}" + " /$cpucount" ], "type": "math" } @@ -144,7 +144,7 @@ }, { "params": [ - " /{{ CPUS }}" + " /$cpucount" ], "type": "math" } diff --git a/salt/grafana/panels/kibana_cpu_usage.json.jinja b/salt/grafana/panels/kibana_cpu_usage.json.jinja index a468cfaea..59e9c80b2 100644 --- a/salt/grafana/panels/kibana_cpu_usage.json.jinja +++ b/salt/grafana/panels/kibana_cpu_usage.json.jinja @@ -88,7 +88,7 @@ }, { "params": [ - " /{{ CPUS }}" + " /$cpucount" ], "type": "math" } @@ -144,7 +144,7 @@ }, { "params": [ - " /{{ CPUS }}" + " /$cpucount" ], "type": "math" } diff --git a/salt/grafana/panels/logstash_cpu_usage.json.jinja b/salt/grafana/panels/logstash_cpu_usage.json.jinja index 52fc9e0d5..1fc128802 100644 --- a/salt/grafana/panels/logstash_cpu_usage.json.jinja +++ b/salt/grafana/panels/logstash_cpu_usage.json.jinja @@ -88,7 +88,7 @@ }, { "params": [ - " /{{ CPUS }}" + " /$cpucount" ], "type": "math" } @@ -144,7 +144,7 @@ }, { "params": [ - " /{{ CPUS }}" + " /$cpucount" ], "type": "math" } diff --git a/salt/grafana/panels/redis_cpu_usage.json.jinja b/salt/grafana/panels/redis_cpu_usage.json.jinja index 03f396774..0004c39ab 100644 --- a/salt/grafana/panels/redis_cpu_usage.json.jinja +++ b/salt/grafana/panels/redis_cpu_usage.json.jinja @@ -72,7 +72,7 @@ "measurement": "docker_container_cpu", "orderByTime": "ASC", "policy": "default", - "query": "SELECT mean(\"usage_percent\") /{{ CPUS }} FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_percent\") /$cpucount FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -90,7 +90,7 @@ }, { "params": [ - "/{{ CPUS }}" + "/$cpucount" ], "type": "math" } @@ -130,7 +130,7 @@ "measurement": "docker_container_cpu", "orderByTime": "ASC", "policy": "so_long_term", - "query": "SELECT mean(\"usage_percent\") /{{ CPUS }} FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_percent\") /$cpucount FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "B", "resultFormat": "time_series", @@ -148,7 +148,7 @@ }, { "params": [ - "/{{ CPUS }}" + "/$cpucount" ], "type": "math" } diff --git a/salt/grafana/panels/stenographer_cpu_usage.json.jinja b/salt/grafana/panels/stenographer_cpu_usage.json.jinja index 9c745f5da..94a6cf983 100644 --- a/salt/grafana/panels/stenographer_cpu_usage.json.jinja +++ b/salt/grafana/panels/stenographer_cpu_usage.json.jinja @@ -82,7 +82,7 @@ }, { "params": [ - " /{{ CPUS }}" + " /$cpucount" ], "type": "math" } @@ -139,7 +139,7 @@ }, { "params": [ - " /{{ CPUS }}" + " /$cpucount" ], "type": "math" } diff --git a/salt/grafana/panels/suricata_cpu_usage.json.jinja b/salt/grafana/panels/suricata_cpu_usage.json.jinja index b68ca817a..adb2ef9fc 100644 --- a/salt/grafana/panels/suricata_cpu_usage.json.jinja +++ b/salt/grafana/panels/suricata_cpu_usage.json.jinja @@ -91,7 +91,7 @@ }, { "params": [ - " /{{ CPUS }}" + " /$cpucount" ], "type": "math" } @@ -148,7 +148,7 @@ }, { "params": [ - " /{{ CPUS }}" + " /$cpucount" ], "type": "math" } diff --git a/salt/grafana/panels/zeek_cpu_usage.json.jinja b/salt/grafana/panels/zeek_cpu_usage.json.jinja index 1d5e9905f..0a63548da 100644 --- a/salt/grafana/panels/zeek_cpu_usage.json.jinja +++ b/salt/grafana/panels/zeek_cpu_usage.json.jinja @@ -91,7 +91,7 @@ }, { "params": [ - " /{{ CPUS }}" + " /$cpucount" ], "type": "math" } @@ -148,7 +148,7 @@ }, { "params": [ - " /{{ CPUS }}" + " /$cpucount" ], "type": "math" } From 45f0b4c85f2b7c29ccc9037b9f8484a101759066 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 8 Jul 2021 16:43:53 -0400 Subject: [PATCH 017/266] manint and monint --- .../grafana/panels/management_traffic.json.jinja | 16 ++++++++-------- salt/grafana/panels/monitor_traffic.json.jinja | 8 ++++---- .../templates/{mainint.json => manint.json} | 0 3 files changed, 12 insertions(+), 12 deletions(-) rename salt/grafana/templates/{mainint.json => manint.json} (100%) diff --git a/salt/grafana/panels/management_traffic.json.jinja b/salt/grafana/panels/management_traffic.json.jinja index c5fda1869..147ddf1ec 100644 --- a/salt/grafana/panels/management_traffic.json.jinja +++ b/salt/grafana/panels/management_traffic.json.jinja @@ -82,7 +82,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '$manint' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -122,7 +122,7 @@ "condition": "AND", "key": "interface", "operator": "=", - "value": "{{ MANINT }}" + "value": "$manint" } ] }, @@ -146,7 +146,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '$manint' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "B", "resultFormat": "time_series", @@ -186,7 +186,7 @@ "condition": "AND", "key": "interface", "operator": "=", - "value": "{{ MANINT }}" + "value": "$manint" } ] }, @@ -211,7 +211,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '$manint' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "C", "resultFormat": "time_series", @@ -251,7 +251,7 @@ "condition": "AND", "key": "interface", "operator": "=", - "value": "{{ MANINT }}" + "value": "$manint" } ] }, @@ -276,7 +276,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '$manint' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "D", "resultFormat": "time_series", @@ -316,7 +316,7 @@ "condition": "AND", "key": "interface", "operator": "=", - "value": "{{ MANINT }}" + "value": "$manint" } ] } diff --git a/salt/grafana/panels/monitor_traffic.json.jinja b/salt/grafana/panels/monitor_traffic.json.jinja index ad3bca4b3..95adf6f75 100644 --- a/salt/grafana/panels/monitor_traffic.json.jinja +++ b/salt/grafana/panels/monitor_traffic.json.jinja @@ -82,7 +82,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MONINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '$monint' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -122,7 +122,7 @@ "condition": "AND", "key": "interface", "operator": "=", - "value": "{{ MONINT }}" + "value": "$monint" } ] }, @@ -147,7 +147,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MONINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '$monint' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "B", "resultFormat": "time_series", @@ -187,7 +187,7 @@ "condition": "AND", "key": "interface", "operator": "=", - "value": "{{ MONINT }}" + "value": "$monint" } ] } diff --git a/salt/grafana/templates/mainint.json b/salt/grafana/templates/manint.json similarity index 100% rename from salt/grafana/templates/mainint.json rename to salt/grafana/templates/manint.json From f4fae89b8e3f2579c748eaebd98e3f2dd720e3f4 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 8 Jul 2021 16:50:25 -0400 Subject: [PATCH 018/266] fix copy paste error --- salt/grafana/dashboards/common_template.json.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/dashboards/common_template.json.jinja b/salt/grafana/dashboards/common_template.json.jinja index ffe2a4740..2f77372dc 100644 --- a/salt/grafana/dashboards/common_template.json.jinja +++ b/salt/grafana/dashboards/common_template.json.jinja @@ -31,7 +31,7 @@ "templating": { "list": [ {% for template in TEMPLATES -%} -{%- import_json "grafana/templates/" ~ template ~ ".json" as panel %} +{%- import_json "grafana/templates/" ~ template ~ ".json" as template %} {{ template | json }} {% if not loop.last %},{% endif %} {% endfor -%} ] From b265c7dcb78739587acd12e6c927d1d181ea99c7 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 8 Jul 2021 17:00:17 -0400 Subject: [PATCH 019/266] single quote cpucount --- .../panels/cpu_docker_combined.json.jinja | 20 +++++++++---------- .../panels/elasticsearch_cpu_usage.json.jinja | 4 ++-- .../panels/influxdb_cpu_usage.json.jinja | 4 ++-- .../panels/kibana_cpu_usage.json.jinja | 4 ++-- .../panels/logstash_cpu_usage.json.jinja | 4 ++-- .../grafana/panels/redis_cpu_usage.json.jinja | 8 ++++---- .../panels/stenographer_cpu_usage.json.jinja | 4 ++-- .../panels/suricata_cpu_usage.json.jinja | 4 ++-- salt/grafana/panels/zeek_cpu_usage.json.jinja | 4 ++-- 9 files changed, 28 insertions(+), 28 deletions(-) diff --git a/salt/grafana/panels/cpu_docker_combined.json.jinja b/salt/grafana/panels/cpu_docker_combined.json.jinja index 7fe3ed685..0d151e44c 100644 --- a/salt/grafana/panels/cpu_docker_combined.json.jinja +++ b/salt/grafana/panels/cpu_docker_combined.json.jinja @@ -57,13 +57,13 @@ { "type": "math", "params": [ - " /$cpucount" + " /'$cpucount'" ] } ] ], "measurement": "docker_container_cpu", - "query": "SELECT mean(\"usage_percent\") /$cpucount FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-elasticsearch') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_percent\") /'$cpucount' FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-elasticsearch') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "hide": false, "alias": "elasticsearch" @@ -116,7 +116,7 @@ { "type": "math", "params": [ - " /$cpucount" + " /'$cpucount'" ] } ] @@ -172,7 +172,7 @@ { "type": "math", "params": [ - " /$cpucount" + " /'$cpucount'" ] } ] @@ -228,7 +228,7 @@ { "type": "math", "params": [ - " /$cpucount" + " /'$cpucount'" ] } ] @@ -284,7 +284,7 @@ { "type": "math", "params": [ - "/$cpucount" + "/'$cpucount'" ] } ] @@ -340,7 +340,7 @@ { "type": "math", "params": [ - "/$cpucount" + "/'$cpucount'" ] } ] @@ -396,7 +396,7 @@ { "type": "math", "params": [ - "/$cpucount" + "/'$cpucount'" ] } ] @@ -452,7 +452,7 @@ { "type": "math", "params": [ - "/$cpucount" + "/'$cpucount'" ] } ] @@ -508,7 +508,7 @@ { "type": "math", "params": [ - "/$cpucount" + "/'$cpucount'" ] } ] diff --git a/salt/grafana/panels/elasticsearch_cpu_usage.json.jinja b/salt/grafana/panels/elasticsearch_cpu_usage.json.jinja index c607fc655..350f41321 100644 --- a/salt/grafana/panels/elasticsearch_cpu_usage.json.jinja +++ b/salt/grafana/panels/elasticsearch_cpu_usage.json.jinja @@ -91,7 +91,7 @@ }, { "params": [ - " /$cpucount" + " /'$cpucount'" ], "type": "math" } @@ -148,7 +148,7 @@ }, { "params": [ - " /$cpucount" + " /'$cpucount'" ], "type": "math" } diff --git a/salt/grafana/panels/influxdb_cpu_usage.json.jinja b/salt/grafana/panels/influxdb_cpu_usage.json.jinja index 2fd644446..51a652506 100644 --- a/salt/grafana/panels/influxdb_cpu_usage.json.jinja +++ b/salt/grafana/panels/influxdb_cpu_usage.json.jinja @@ -88,7 +88,7 @@ }, { "params": [ - " /$cpucount" + " /'$cpucount'" ], "type": "math" } @@ -144,7 +144,7 @@ }, { "params": [ - " /$cpucount" + " /'$cpucount'" ], "type": "math" } diff --git a/salt/grafana/panels/kibana_cpu_usage.json.jinja b/salt/grafana/panels/kibana_cpu_usage.json.jinja index 59e9c80b2..d6d17e74e 100644 --- a/salt/grafana/panels/kibana_cpu_usage.json.jinja +++ b/salt/grafana/panels/kibana_cpu_usage.json.jinja @@ -88,7 +88,7 @@ }, { "params": [ - " /$cpucount" + " /'$cpucount'" ], "type": "math" } @@ -144,7 +144,7 @@ }, { "params": [ - " /$cpucount" + " /'$cpucount'" ], "type": "math" } diff --git a/salt/grafana/panels/logstash_cpu_usage.json.jinja b/salt/grafana/panels/logstash_cpu_usage.json.jinja index 1fc128802..392572a9b 100644 --- a/salt/grafana/panels/logstash_cpu_usage.json.jinja +++ b/salt/grafana/panels/logstash_cpu_usage.json.jinja @@ -88,7 +88,7 @@ }, { "params": [ - " /$cpucount" + " /'$cpucount'" ], "type": "math" } @@ -144,7 +144,7 @@ }, { "params": [ - " /$cpucount" + " /'$cpucount'" ], "type": "math" } diff --git a/salt/grafana/panels/redis_cpu_usage.json.jinja b/salt/grafana/panels/redis_cpu_usage.json.jinja index 0004c39ab..92b225e86 100644 --- a/salt/grafana/panels/redis_cpu_usage.json.jinja +++ b/salt/grafana/panels/redis_cpu_usage.json.jinja @@ -72,7 +72,7 @@ "measurement": "docker_container_cpu", "orderByTime": "ASC", "policy": "default", - "query": "SELECT mean(\"usage_percent\") /$cpucount FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_percent\") /'$cpucount' FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -90,7 +90,7 @@ }, { "params": [ - "/$cpucount" + "/'$cpucount'" ], "type": "math" } @@ -130,7 +130,7 @@ "measurement": "docker_container_cpu", "orderByTime": "ASC", "policy": "so_long_term", - "query": "SELECT mean(\"usage_percent\") /$cpucount FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_percent\") /'$cpucount' FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "B", "resultFormat": "time_series", @@ -148,7 +148,7 @@ }, { "params": [ - "/$cpucount" + "/'$cpucount'" ], "type": "math" } diff --git a/salt/grafana/panels/stenographer_cpu_usage.json.jinja b/salt/grafana/panels/stenographer_cpu_usage.json.jinja index 94a6cf983..3715f1482 100644 --- a/salt/grafana/panels/stenographer_cpu_usage.json.jinja +++ b/salt/grafana/panels/stenographer_cpu_usage.json.jinja @@ -82,7 +82,7 @@ }, { "params": [ - " /$cpucount" + " /'$cpucount'" ], "type": "math" } @@ -139,7 +139,7 @@ }, { "params": [ - " /$cpucount" + " /'$cpucount'" ], "type": "math" } diff --git a/salt/grafana/panels/suricata_cpu_usage.json.jinja b/salt/grafana/panels/suricata_cpu_usage.json.jinja index adb2ef9fc..f2e5488af 100644 --- a/salt/grafana/panels/suricata_cpu_usage.json.jinja +++ b/salt/grafana/panels/suricata_cpu_usage.json.jinja @@ -91,7 +91,7 @@ }, { "params": [ - " /$cpucount" + " /'$cpucount'" ], "type": "math" } @@ -148,7 +148,7 @@ }, { "params": [ - " /$cpucount" + " /'$cpucount'" ], "type": "math" } diff --git a/salt/grafana/panels/zeek_cpu_usage.json.jinja b/salt/grafana/panels/zeek_cpu_usage.json.jinja index 0a63548da..5215d038d 100644 --- a/salt/grafana/panels/zeek_cpu_usage.json.jinja +++ b/salt/grafana/panels/zeek_cpu_usage.json.jinja @@ -91,7 +91,7 @@ }, { "params": [ - " /$cpucount" + " /'$cpucount'" ], "type": "math" } @@ -148,7 +148,7 @@ }, { "params": [ - " /$cpucount" + " /'$cpucount'" ], "type": "math" } From 4e47d3f458b8151e94c4fcacaca645bb8cab26bb Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 8 Jul 2021 17:04:41 -0400 Subject: [PATCH 020/266] remove single quotes --- .../panels/cpu_docker_combined.json.jinja | 20 +++++++++---------- .../panels/elasticsearch_cpu_usage.json.jinja | 4 ++-- .../panels/influxdb_cpu_usage.json.jinja | 4 ++-- .../panels/kibana_cpu_usage.json.jinja | 4 ++-- .../panels/logstash_cpu_usage.json.jinja | 4 ++-- .../grafana/panels/redis_cpu_usage.json.jinja | 8 ++++---- .../panels/stenographer_cpu_usage.json.jinja | 4 ++-- .../panels/suricata_cpu_usage.json.jinja | 4 ++-- salt/grafana/panels/zeek_cpu_usage.json.jinja | 4 ++-- 9 files changed, 28 insertions(+), 28 deletions(-) diff --git a/salt/grafana/panels/cpu_docker_combined.json.jinja b/salt/grafana/panels/cpu_docker_combined.json.jinja index 0d151e44c..e066f56b1 100644 --- a/salt/grafana/panels/cpu_docker_combined.json.jinja +++ b/salt/grafana/panels/cpu_docker_combined.json.jinja @@ -57,13 +57,13 @@ { "type": "math", "params": [ - " /'$cpucount'" + " / $cpucount " ] } ] ], "measurement": "docker_container_cpu", - "query": "SELECT mean(\"usage_percent\") /'$cpucount' FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-elasticsearch') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_percent\") / $cpucount FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-elasticsearch') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "hide": false, "alias": "elasticsearch" @@ -116,7 +116,7 @@ { "type": "math", "params": [ - " /'$cpucount'" + " / $cpucount " ] } ] @@ -172,7 +172,7 @@ { "type": "math", "params": [ - " /'$cpucount'" + " / $cpucount " ] } ] @@ -228,7 +228,7 @@ { "type": "math", "params": [ - " /'$cpucount'" + " / $cpucount " ] } ] @@ -284,7 +284,7 @@ { "type": "math", "params": [ - "/'$cpucount'" + "/ $cpucount " ] } ] @@ -340,7 +340,7 @@ { "type": "math", "params": [ - "/'$cpucount'" + "/ $cpucount " ] } ] @@ -396,7 +396,7 @@ { "type": "math", "params": [ - "/'$cpucount'" + "/ $cpucount " ] } ] @@ -452,7 +452,7 @@ { "type": "math", "params": [ - "/'$cpucount'" + "/ $cpucount " ] } ] @@ -508,7 +508,7 @@ { "type": "math", "params": [ - "/'$cpucount'" + "/ $cpucount " ] } ] diff --git a/salt/grafana/panels/elasticsearch_cpu_usage.json.jinja b/salt/grafana/panels/elasticsearch_cpu_usage.json.jinja index 350f41321..50554961b 100644 --- a/salt/grafana/panels/elasticsearch_cpu_usage.json.jinja +++ b/salt/grafana/panels/elasticsearch_cpu_usage.json.jinja @@ -91,7 +91,7 @@ }, { "params": [ - " /'$cpucount'" + " / $cpucount " ], "type": "math" } @@ -148,7 +148,7 @@ }, { "params": [ - " /'$cpucount'" + " / $cpucount " ], "type": "math" } diff --git a/salt/grafana/panels/influxdb_cpu_usage.json.jinja b/salt/grafana/panels/influxdb_cpu_usage.json.jinja index 51a652506..dcba7d62d 100644 --- a/salt/grafana/panels/influxdb_cpu_usage.json.jinja +++ b/salt/grafana/panels/influxdb_cpu_usage.json.jinja @@ -88,7 +88,7 @@ }, { "params": [ - " /'$cpucount'" + " / $cpucount " ], "type": "math" } @@ -144,7 +144,7 @@ }, { "params": [ - " /'$cpucount'" + " / $cpucount " ], "type": "math" } diff --git a/salt/grafana/panels/kibana_cpu_usage.json.jinja b/salt/grafana/panels/kibana_cpu_usage.json.jinja index d6d17e74e..645530d23 100644 --- a/salt/grafana/panels/kibana_cpu_usage.json.jinja +++ b/salt/grafana/panels/kibana_cpu_usage.json.jinja @@ -88,7 +88,7 @@ }, { "params": [ - " /'$cpucount'" + " / $cpucount " ], "type": "math" } @@ -144,7 +144,7 @@ }, { "params": [ - " /'$cpucount'" + " / $cpucount " ], "type": "math" } diff --git a/salt/grafana/panels/logstash_cpu_usage.json.jinja b/salt/grafana/panels/logstash_cpu_usage.json.jinja index 392572a9b..8fa3f528b 100644 --- a/salt/grafana/panels/logstash_cpu_usage.json.jinja +++ b/salt/grafana/panels/logstash_cpu_usage.json.jinja @@ -88,7 +88,7 @@ }, { "params": [ - " /'$cpucount'" + " / $cpucount " ], "type": "math" } @@ -144,7 +144,7 @@ }, { "params": [ - " /'$cpucount'" + " / $cpucount " ], "type": "math" } diff --git a/salt/grafana/panels/redis_cpu_usage.json.jinja b/salt/grafana/panels/redis_cpu_usage.json.jinja index 92b225e86..41035f438 100644 --- a/salt/grafana/panels/redis_cpu_usage.json.jinja +++ b/salt/grafana/panels/redis_cpu_usage.json.jinja @@ -72,7 +72,7 @@ "measurement": "docker_container_cpu", "orderByTime": "ASC", "policy": "default", - "query": "SELECT mean(\"usage_percent\") /'$cpucount' FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_percent\") / $cpucount FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -90,7 +90,7 @@ }, { "params": [ - "/'$cpucount'" + "/ $cpucount " ], "type": "math" } @@ -130,7 +130,7 @@ "measurement": "docker_container_cpu", "orderByTime": "ASC", "policy": "so_long_term", - "query": "SELECT mean(\"usage_percent\") /'$cpucount' FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT mean(\"usage_percent\") / $cpucount FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "B", "resultFormat": "time_series", @@ -148,7 +148,7 @@ }, { "params": [ - "/'$cpucount'" + "/ $cpucount " ], "type": "math" } diff --git a/salt/grafana/panels/stenographer_cpu_usage.json.jinja b/salt/grafana/panels/stenographer_cpu_usage.json.jinja index 3715f1482..8dd10599f 100644 --- a/salt/grafana/panels/stenographer_cpu_usage.json.jinja +++ b/salt/grafana/panels/stenographer_cpu_usage.json.jinja @@ -82,7 +82,7 @@ }, { "params": [ - " /'$cpucount'" + " / $cpucount " ], "type": "math" } @@ -139,7 +139,7 @@ }, { "params": [ - " /'$cpucount'" + " / $cpucount " ], "type": "math" } diff --git a/salt/grafana/panels/suricata_cpu_usage.json.jinja b/salt/grafana/panels/suricata_cpu_usage.json.jinja index f2e5488af..2021c57e7 100644 --- a/salt/grafana/panels/suricata_cpu_usage.json.jinja +++ b/salt/grafana/panels/suricata_cpu_usage.json.jinja @@ -91,7 +91,7 @@ }, { "params": [ - " /'$cpucount'" + " / $cpucount " ], "type": "math" } @@ -148,7 +148,7 @@ }, { "params": [ - " /'$cpucount'" + " / $cpucount " ], "type": "math" } diff --git a/salt/grafana/panels/zeek_cpu_usage.json.jinja b/salt/grafana/panels/zeek_cpu_usage.json.jinja index 5215d038d..e7dfede68 100644 --- a/salt/grafana/panels/zeek_cpu_usage.json.jinja +++ b/salt/grafana/panels/zeek_cpu_usage.json.jinja @@ -91,7 +91,7 @@ }, { "params": [ - " /'$cpucount'" + " / $cpucount " ], "type": "math" } @@ -148,7 +148,7 @@ }, { "params": [ - " /'$cpucount'" + " / $cpucount " ], "type": "math" } From 6783e2e28b22f0dee8c7151dfb62891c2e33f6f7 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 8 Jul 2021 17:06:21 -0400 Subject: [PATCH 021/266] dont hide cpucount on dashboard --- salt/grafana/templates/cpucount.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/templates/cpucount.json b/salt/grafana/templates/cpucount.json index 202ae7a49..08294aa2e 100644 --- a/salt/grafana/templates/cpucount.json +++ b/salt/grafana/templates/cpucount.json @@ -5,7 +5,7 @@ "definition": "SELECT \"n_cpus\" FROM \"system\" WHERE \"host\" = '$servername'", "description": null, "error": null, - "hide": 2, + "hide": 0, "includeAll": false, "label": "CPU Count", "multi": false, From ab92fb3910bc78825a34b3e74aaa7d97f8131135 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 8 Jul 2021 17:08:45 -0400 Subject: [PATCH 022/266] add cpucount to standalone --- salt/grafana/defaults.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 471d43c77..e8343131c 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -31,6 +31,7 @@ grafana: - servername - manint - monint + - cpucount panels: cpu_usage_idle: enabled: true From f7d54186dd5ef21bb46bc411227082e82fec8244 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 8 Jul 2021 17:11:33 -0400 Subject: [PATCH 023/266] remove all panels from standalone --- salt/grafana/defaults.yaml | 31 ++++++++++--------- .../panels/cpu_docker_combined.json.jinja | 4 +-- 2 files changed, 18 insertions(+), 17 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index e8343131c..8f2e83013 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -33,18 +33,19 @@ grafana: - monint - cpucount panels: - cpu_usage_idle: - enabled: true - trend: true - gridPos: - h: 10 - w: 20 - x: 0 - y: 0 - cpu_usage_tasks: {} - disk_io: {} - disk_used_root: {} - disk_used_nsm: {} - elasticsearch_cpu_usage: {} - elasticsearch_documents_count: {} - elasticsearch_field_data_cache_size: {} + cpu_docker_combined: {} +# cpu_usage_idle: +# enabled: true +# trend: true +# gridPos: +# h: 10 +# w: 20 +# x: 0 +# y: 0 +# cpu_usage_tasks: {} +# disk_io: {} +# disk_used_root: {} +# disk_used_nsm: {} +# elasticsearch_cpu_usage: {} +# elasticsearch_documents_count: {} +# elasticsearch_field_data_cache_size: {} diff --git a/salt/grafana/panels/cpu_docker_combined.json.jinja b/salt/grafana/panels/cpu_docker_combined.json.jinja index e066f56b1..751f999d7 100644 --- a/salt/grafana/panels/cpu_docker_combined.json.jinja +++ b/salt/grafana/panels/cpu_docker_combined.json.jinja @@ -4,8 +4,8 @@ "gridPos": { "x": 0, "y": 0, - "w": 24, - "h": 14 + "w": 30, + "h": 15 }, "id": 78, "targets": [ From 8e366fd6339f1c3103b708d4d9b32cf8b67d955b Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 8 Jul 2021 17:27:51 -0400 Subject: [PATCH 024/266] add combined container mem panel --- .../panels/cpu_docker_combined.json.jinja | 4 +- .../memory_used_docker_combined.json.jinja | 538 ++++++++++++++++++ 2 files changed, 540 insertions(+), 2 deletions(-) create mode 100644 salt/grafana/panels/memory_used_docker_combined.json.jinja diff --git a/salt/grafana/panels/cpu_docker_combined.json.jinja b/salt/grafana/panels/cpu_docker_combined.json.jinja index 751f999d7..39ff5395e 100644 --- a/salt/grafana/panels/cpu_docker_combined.json.jinja +++ b/salt/grafana/panels/cpu_docker_combined.json.jinja @@ -1,11 +1,11 @@ { "type": "graph", - "title": "Panel Title", + "title": "Container CPU Usage", "gridPos": { "x": 0, "y": 0, "w": 30, - "h": 15 + "h": 10 }, "id": 78, "targets": [ diff --git a/salt/grafana/panels/memory_used_docker_combined.json.jinja b/salt/grafana/panels/memory_used_docker_combined.json.jinja new file mode 100644 index 000000000..386d0f19b --- /dev/null +++ b/salt/grafana/panels/memory_used_docker_combined.json.jinja @@ -0,0 +1,538 @@ +{ + "type": "graph", + "title": "Container Memory Usage", + "gridPos": { + "x": 0, + "y": 10, + "w": 30, + "h": 10 + }, + "id": 78, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-elasticsearch" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "usage_percent" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "measurement": "docker_container_mem", + "hide": false, + "alias": "elasticsearch" + }, + { + "refId": "B", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-filebeat" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "usage_percent" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "measurement": "docker_container_mem", + "alias": "filebeat" + }, + { + "refId": "C", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-influxdb" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "usage_percent" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "measurement": "docker_container_mem", + "alias": "influxdb" + }, + { + "refId": "D", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-logstash" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "usage_percent" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "measurement": "docker_container_mem", + "alias": "logstash" + }, + { + "refId": "E", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-zeek" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "usage_percent" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "alias": "zeek", + "measurement": "docker_container_mem" + }, + { + "refId": "F", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-suricata" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "measurement": "docker_container_mem", + "alias": "suricata" + }, + { + "refId": "G", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-steno" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "usage_percent" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "measurement": "docker_container_mem", + "alias": "steno" + }, + { + "refId": "H", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-kibana" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "usage_percent" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "measurement": "docker_container_mem", + "alias": "kibana" + }, + { + "refId": "I", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=", + "value": "so-redis" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "usage_percent" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "measurement": "docker_container_mem", + "alias": "redis" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short" + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} From fec269c3e78009ca1b0f5bbf1b9d3e22c2939b30 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 8 Jul 2021 17:28:18 -0400 Subject: [PATCH 025/266] add combined container mem panel --- salt/grafana/defaults.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 8f2e83013..7e016415a 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -34,6 +34,7 @@ grafana: - cpucount panels: cpu_docker_combined: {} + memory_used_docker_combined: {} # cpu_usage_idle: # enabled: true # trend: true From fc8acac1a514c602a5a462f116975ac5459923d6 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 8 Jul 2021 17:39:34 -0400 Subject: [PATCH 026/266] change id --- salt/grafana/panels/cpu_docker_combined.json.jinja | 2 +- salt/grafana/panels/memory_used_docker_combined.json.jinja | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/grafana/panels/cpu_docker_combined.json.jinja b/salt/grafana/panels/cpu_docker_combined.json.jinja index 39ff5395e..4c15920d2 100644 --- a/salt/grafana/panels/cpu_docker_combined.json.jinja +++ b/salt/grafana/panels/cpu_docker_combined.json.jinja @@ -7,7 +7,7 @@ "w": 30, "h": 10 }, - "id": 78, + "id": 1, "targets": [ { "refId": "A", diff --git a/salt/grafana/panels/memory_used_docker_combined.json.jinja b/salt/grafana/panels/memory_used_docker_combined.json.jinja index 386d0f19b..45a6eb62b 100644 --- a/salt/grafana/panels/memory_used_docker_combined.json.jinja +++ b/salt/grafana/panels/memory_used_docker_combined.json.jinja @@ -7,7 +7,7 @@ "w": 30, "h": 10 }, - "id": 78, + "id": 2, "targets": [ { "refId": "A", From dd199ea30fb6bea1eb04673d4b8576fd2c2b67b9 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 9 Jul 2021 10:00:47 -0400 Subject: [PATCH 027/266] remove quotes if pillar doesnt exist --- salt/telegraf/etc/telegraf.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf index 43485d652..147ffc480 100644 --- a/salt/telegraf/etc/telegraf.conf +++ b/salt/telegraf/etc/telegraf.conf @@ -834,7 +834,7 @@ # ## more about them here: # ## https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_INPUT.md # data_format = "influx" -{%- if salt['pillar.get']('healthcheck:enabled', 'False') %} +{%- if salt['pillar.get']('healthcheck:enabled', False) %} [[inputs.file]] files = ["/host/nsm/zeek/logs/zeek_restart.log"] data_format = "influx" From bac7ef71d826b3c786b239e2a1c289f114105071 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 9 Jul 2021 10:55:11 -0400 Subject: [PATCH 028/266] Add logscan.source.ips field --- salt/elasticsearch/files/ingest/logscan | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/elasticsearch/files/ingest/logscan b/salt/elasticsearch/files/ingest/logscan index 936d316f7..68c6aae44 100644 --- a/salt/elasticsearch/files/ingest/logscan +++ b/salt/elasticsearch/files/ingest/logscan @@ -8,6 +8,8 @@ { "date": { "field": "start_time", "target_field": "event.start", "formats": [ "ISO8601", "UNIX" ], "ignore_failures": true } }, { "date": { "field": "end_time", "target_field": "event.end", "formats": [ "ISO8601", "UNIX" ], "ignore_failures": true } }, { "rename": { "field": "source_ip", "target_field": "source.ip" } }, + { "append": { "field": "logsscan.source.ips", "value": "{{{source.ip}}}" } }, + { "rename": { "field": "source_ips", "target_field": "logscan.source.ips" } }, { "set": { "if": "model == kff", "field": "rule.name", "value": "LOGSCAN KFF MODEL THRESHOLD" } }, { "set": { "if": "model == kff", "field": "rule.description", "value": "High ratio of login failures in 5 minute window" } }, { "set": { "if": "model == kl", "field": "rule.name", "value": "LOGSCAN KL MODEL THRESHOLD" } }, From bc814c9be6a6eea5c6279afa8cfdf87bc722248c Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 9 Jul 2021 11:21:06 -0400 Subject: [PATCH 029/266] new panels, add containers var, hide manint and monint var from dash --- salt/grafana/defaults.yaml | 7 +- salt/grafana/init.sls | 9 +- .../panels/cpu_docker_combined.json.jinja | 594 ------------------ .../cpu_docker_combined_current.json.jinja | 155 +++++ .../cpu_docker_combined_trend.json.jinja | 156 +++++ .../memory_used_docker_combined.json.jinja | 538 ---------------- ...ry_used_docker_combined_current.json.jinja | 149 +++++ ...mory_used_docker_combined_trend.json.jinja | 149 +++++ salt/grafana/templates/containers.json | 29 + salt/grafana/templates/cpucount.json | 2 +- salt/grafana/templates/manint.json | 2 +- salt/grafana/templates/monint.json | 2 +- 12 files changed, 647 insertions(+), 1145 deletions(-) delete mode 100644 salt/grafana/panels/cpu_docker_combined.json.jinja create mode 100644 salt/grafana/panels/cpu_docker_combined_current.json.jinja create mode 100644 salt/grafana/panels/cpu_docker_combined_trend.json.jinja delete mode 100644 salt/grafana/panels/memory_used_docker_combined.json.jinja create mode 100644 salt/grafana/panels/memory_used_docker_combined_current.json.jinja create mode 100644 salt/grafana/panels/memory_used_docker_combined_trend.json.jinja create mode 100644 salt/grafana/templates/containers.json diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 7e016415a..81ae5e9a2 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -29,12 +29,15 @@ grafana: templating: list: - servername + - containers - manint - monint - cpucount panels: - cpu_docker_combined: {} - memory_used_docker_combined: {} + cpu_docker_combined_current: {} + cpu_docker_combined_trend: {} + memory_used_docker_combined_current: {} + memory_used_docker_combined_trend: {} # cpu_usage_idle: # enabled: true # trend: true diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index d481d55bf..777b7ca6d 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -114,11 +114,7 @@ grafana-config-files: - group: 939 - source: salt://grafana/etc/files - makedirs: True - -{% if salt['pillar.get']('standalonetab', False) %} -{% for SN, SNDATA in salt['pillar.get']('standalonetab', {}).items() %} -{% set NODETYPE = SN.split('_')|last %} -{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %} + common-standalone-dashboard: file.managed: - name: /opt/so/conf/grafana/grafana_dashboards/standalone/common_standalone.json @@ -130,9 +126,6 @@ common-standalone-dashboard: UID: so_overview PANELS: {{GRAFANA_SETTINGS.dashboards.standalone.panels}} TEMPLATES: {{GRAFANA_SETTINGS.dashboards.standalone.templating.list}} -{% endfor %} -{% endif %} - so-grafana: docker_container.running: diff --git a/salt/grafana/panels/cpu_docker_combined.json.jinja b/salt/grafana/panels/cpu_docker_combined.json.jinja deleted file mode 100644 index 4c15920d2..000000000 --- a/salt/grafana/panels/cpu_docker_combined.json.jinja +++ /dev/null @@ -1,594 +0,0 @@ -{ - "type": "graph", - "title": "Container CPU Usage", - "gridPos": { - "x": 0, - "y": 0, - "w": 30, - "h": 10 - }, - "id": 1, - "targets": [ - { - "refId": "A", - "queryType": "randomWalk", - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "usage_percent" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "math", - "params": [ - " / $cpucount " - ] - } - ] - ], - "measurement": "docker_container_cpu", - "query": "SELECT mean(\"usage_percent\") / $cpucount FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-elasticsearch') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "hide": false, - "alias": "elasticsearch" - }, - { - "refId": "B", - "hide": false, - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-filebeat" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "usage_percent" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "math", - "params": [ - " / $cpucount " - ] - } - ] - ], - "measurement": "docker_container_cpu", - "alias": "filebeat" - }, - { - "refId": "C", - "hide": false, - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "usage_percent" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "math", - "params": [ - " / $cpucount " - ] - } - ] - ], - "measurement": "docker_container_cpu", - "alias": "influxdb" - }, - { - "refId": "D", - "hide": false, - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "usage_percent" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "math", - "params": [ - " / $cpucount " - ] - } - ] - ], - "measurement": "docker_container_cpu", - "alias": "logstash" - }, - { - "refId": "E", - "hide": false, - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "usage_percent" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "math", - "params": [ - "/ $cpucount " - ] - } - ] - ], - "alias": "zeek", - "measurement": "docker_container_cpu" - }, - { - "refId": "F", - "hide": false, - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "value" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "math", - "params": [ - "/ $cpucount " - ] - } - ] - ], - "measurement": "docker_container_cpu", - "alias": "suricata" - }, - { - "refId": "G", - "hide": false, - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "usage_percent" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "math", - "params": [ - "/ $cpucount " - ] - } - ] - ], - "measurement": "docker_container_cpu", - "alias": "steno" - }, - { - "refId": "H", - "hide": false, - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-kibana" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "usage_percent" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "math", - "params": [ - "/ $cpucount " - ] - } - ] - ], - "measurement": "docker_container_cpu", - "alias": "kibana" - }, - { - "refId": "I", - "hide": false, - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "usage_percent" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "math", - "params": [ - "/ $cpucount " - ] - } - ] - ], - "measurement": "docker_container_cpu", - "alias": "redis" - } - ], - "options": { - "alertThreshold": true - }, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "pluginVersion": "7.5.4", - "renderer": "flot", - "yaxes": [ - { - "label": null, - "show": true, - "logBase": 1, - "min": null, - "max": null, - "format": "short" - }, - { - "label": null, - "show": true, - "logBase": 1, - "min": null, - "max": null, - "format": "short" - } - ], - "xaxis": { - "show": true, - "mode": "time", - "name": null, - "values": [], - "buckets": null - }, - "yaxis": { - "align": false, - "alignLevel": null - }, - "lines": true, - "fill": 1, - "linewidth": 1, - "dashLength": 10, - "spaceLength": 10, - "pointradius": 2, - "legend": { - "show": true, - "values": false, - "min": false, - "max": false, - "current": false, - "total": false, - "avg": false - }, - "nullPointMode": "connected", - "tooltip": { - "value_type": "individual", - "shared": true, - "sort": 0 - }, - "aliasColors": {}, - "seriesOverrides": [], - "thresholds": [], - "timeRegions": [], - "fillGradient": 0, - "dashes": false, - "hiddenSeries": false, - "points": false, - "bars": false, - "stack": false, - "percentage": false, - "steppedLine": false, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/cpu_docker_combined_current.json.jinja b/salt/grafana/panels/cpu_docker_combined_current.json.jinja new file mode 100644 index 000000000..a2635f41a --- /dev/null +++ b/salt/grafana/panels/cpu_docker_combined_current.json.jinja @@ -0,0 +1,155 @@ +{ + "type": "graph", + "title": "Container CPU Usage Current", + "gridPos": { + "x": 0, + "y": 0, + "w": 24, + "h": 10 + }, + "id": 4, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=~", + "value": "/^$containers$/" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "tag", + "params": [ + "container_name" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "usage_percent" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "math", + "params": [ + " / $cpucount" + ] + } + ] + ], + "measurement": "docker_container_cpu", + "alias": "$tag_container_name" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "percent", + "$$hashKey": "object:315" + }, + { + "label": null, + "show": false, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:316" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false, + "alignAsTable": false, + "rightSide": false, + "hideZero": false + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "decimals": null, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/cpu_docker_combined_trend.json.jinja b/salt/grafana/panels/cpu_docker_combined_trend.json.jinja new file mode 100644 index 000000000..9a2af38ce --- /dev/null +++ b/salt/grafana/panels/cpu_docker_combined_trend.json.jinja @@ -0,0 +1,156 @@ +{ + "type": "graph", + "title": "Container CPU Usage Trend", + "gridPos": { + "x": 0, + "y": 10, + "w": 24, + "h": 10 + }, + "id": 6, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "so_long_term", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=~", + "value": "/^$containers$/" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "tag", + "params": [ + "container_name" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "mean_usage_percent" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "math", + "params": [ + " / $cpucount" + ] + } + ] + ], + "measurement": "docker_container_cpu", + "alias": "$tag_container_name" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "percent", + "$$hashKey": "object:315" + }, + { + "label": null, + "show": false, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:316" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": true, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": true, + "alignAsTable": false, + "rightSide": false, + "hideZero": false + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "decimals": 1, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null, + "description": "" +} diff --git a/salt/grafana/panels/memory_used_docker_combined.json.jinja b/salt/grafana/panels/memory_used_docker_combined.json.jinja deleted file mode 100644 index 45a6eb62b..000000000 --- a/salt/grafana/panels/memory_used_docker_combined.json.jinja +++ /dev/null @@ -1,538 +0,0 @@ -{ - "type": "graph", - "title": "Container Memory Usage", - "gridPos": { - "x": 0, - "y": 10, - "w": 30, - "h": 10 - }, - "id": 2, - "targets": [ - { - "refId": "A", - "queryType": "randomWalk", - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "usage_percent" - ] - }, - { - "type": "mean", - "params": [] - } - ] - ], - "measurement": "docker_container_mem", - "hide": false, - "alias": "elasticsearch" - }, - { - "refId": "B", - "hide": false, - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-filebeat" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "usage_percent" - ] - }, - { - "type": "mean", - "params": [] - } - ] - ], - "measurement": "docker_container_mem", - "alias": "filebeat" - }, - { - "refId": "C", - "hide": false, - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "usage_percent" - ] - }, - { - "type": "mean", - "params": [] - } - ] - ], - "measurement": "docker_container_mem", - "alias": "influxdb" - }, - { - "refId": "D", - "hide": false, - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "usage_percent" - ] - }, - { - "type": "mean", - "params": [] - } - ] - ], - "measurement": "docker_container_mem", - "alias": "logstash" - }, - { - "refId": "E", - "hide": false, - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "usage_percent" - ] - }, - { - "type": "mean", - "params": [] - } - ] - ], - "alias": "zeek", - "measurement": "docker_container_mem" - }, - { - "refId": "F", - "hide": false, - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "value" - ] - }, - { - "type": "mean", - "params": [] - } - ] - ], - "measurement": "docker_container_mem", - "alias": "suricata" - }, - { - "refId": "G", - "hide": false, - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "usage_percent" - ] - }, - { - "type": "mean", - "params": [] - } - ] - ], - "measurement": "docker_container_mem", - "alias": "steno" - }, - { - "refId": "H", - "hide": false, - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-kibana" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "usage_percent" - ] - }, - { - "type": "mean", - "params": [] - } - ] - ], - "measurement": "docker_container_mem", - "alias": "kibana" - }, - { - "refId": "I", - "hide": false, - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "usage_percent" - ] - }, - { - "type": "mean", - "params": [] - } - ] - ], - "measurement": "docker_container_mem", - "alias": "redis" - } - ], - "options": { - "alertThreshold": true - }, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "pluginVersion": "7.5.4", - "renderer": "flot", - "yaxes": [ - { - "label": null, - "show": true, - "logBase": 1, - "min": null, - "max": null, - "format": "short" - }, - { - "label": null, - "show": true, - "logBase": 1, - "min": null, - "max": null, - "format": "short" - } - ], - "xaxis": { - "show": true, - "mode": "time", - "name": null, - "values": [], - "buckets": null - }, - "yaxis": { - "align": false, - "alignLevel": null - }, - "lines": true, - "fill": 1, - "linewidth": 1, - "dashLength": 10, - "spaceLength": 10, - "pointradius": 2, - "legend": { - "show": true, - "values": false, - "min": false, - "max": false, - "current": false, - "total": false, - "avg": false - }, - "nullPointMode": "connected", - "tooltip": { - "value_type": "individual", - "shared": true, - "sort": 0 - }, - "aliasColors": {}, - "seriesOverrides": [], - "thresholds": [], - "timeRegions": [], - "fillGradient": 0, - "dashes": false, - "hiddenSeries": false, - "points": false, - "bars": false, - "stack": false, - "percentage": false, - "steppedLine": false, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/memory_used_docker_combined_current.json.jinja b/salt/grafana/panels/memory_used_docker_combined_current.json.jinja new file mode 100644 index 000000000..6e9df41fb --- /dev/null +++ b/salt/grafana/panels/memory_used_docker_combined_current.json.jinja @@ -0,0 +1,149 @@ +{ + "type": "graph", + "title": "Container Memory Usage Current", + "gridPos": { + "x": 0, + "y": 20, + "w": 24, + "h": 10 + }, + "id": 5, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=~", + "value": "/^$containers$/" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "tag", + "params": [ + "container_name" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "usage_percent" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "measurement": "docker_container_mem", + "alias": "$tag_container_name" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "percent", + "$$hashKey": "object:315" + }, + { + "label": null, + "show": false, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:316" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false, + "alignAsTable": false, + "rightSide": false, + "hideZero": false + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "decimals": null, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/memory_used_docker_combined_trend.json.jinja b/salt/grafana/panels/memory_used_docker_combined_trend.json.jinja new file mode 100644 index 000000000..ddbbafe28 --- /dev/null +++ b/salt/grafana/panels/memory_used_docker_combined_trend.json.jinja @@ -0,0 +1,149 @@ +{ + "type": "graph", + "title": "Container Memory Usage Trend", + "gridPos": { + "x": 0, + "y": 30, + "w": 24, + "h": 10 + }, + "id": 7, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "so_long_term", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=~", + "value": "/^$containers$/" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "tag", + "params": [ + "container_name" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "mean_usage_percent" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "measurement": "docker_container_mem", + "alias": "$tag_container_name" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "percent", + "$$hashKey": "object:315" + }, + { + "label": null, + "show": false, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:316" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": true, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": true, + "alignAsTable": false, + "rightSide": false, + "hideZero": false + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "decimals": 1, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/templates/containers.json b/salt/grafana/templates/containers.json new file mode 100644 index 000000000..9cecddf8e --- /dev/null +++ b/salt/grafana/templates/containers.json @@ -0,0 +1,29 @@ +{ + "allValue": null, + "current": { + "selected": true, + "tags": [], + "text": [], + "value": [] + }, + "datasource": "InfluxDB", + "definition": "SHOW TAG VALUES ON telegraf WITH KEY = container_name WHERE (_name = 'docker_container_cpu') AND ((host = '$servername') AND (_tagKey = 'container_name'))", + "description": null, + "error": null, + "hide": 0, + "includeAll": true, + "label": "Docker Containers", + "multi": true, + "name": "containers", + "options": [], + "query": "SHOW TAG VALUES ON telegraf WITH KEY = container_name WHERE (_name = 'docker_container_cpu') AND ((host = '$servername') AND (_tagKey = 'container_name'))", + "refresh": 1, + "regex": "/so-*/", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } diff --git a/salt/grafana/templates/cpucount.json b/salt/grafana/templates/cpucount.json index 08294aa2e..202ae7a49 100644 --- a/salt/grafana/templates/cpucount.json +++ b/salt/grafana/templates/cpucount.json @@ -5,7 +5,7 @@ "definition": "SELECT \"n_cpus\" FROM \"system\" WHERE \"host\" = '$servername'", "description": null, "error": null, - "hide": 0, + "hide": 2, "includeAll": false, "label": "CPU Count", "multi": false, diff --git a/salt/grafana/templates/manint.json b/salt/grafana/templates/manint.json index 8c0e65530..e1578b3d7 100644 --- a/salt/grafana/templates/manint.json +++ b/salt/grafana/templates/manint.json @@ -5,7 +5,7 @@ "definition": "SELECT \"manint\" FROM \"node_config\" WHERE (\"host\" = '$servername')", "description": null, "error": null, - "hide": 0, + "hide": 2, "includeAll": false, "label": "Management Interface", "multi": false, diff --git a/salt/grafana/templates/monint.json b/salt/grafana/templates/monint.json index 98098467f..68ceec062 100644 --- a/salt/grafana/templates/monint.json +++ b/salt/grafana/templates/monint.json @@ -5,7 +5,7 @@ "definition": "SELECT \"monint\" FROM \"node_config\" WHERE (\"host\" = '$servername')", "description": null, "error": null, - "hide": 0, + "hide": 2, "includeAll": false, "label": "Monitor Interface", "multi": false, From beb7b89275ddf00d3ce4a85a60e775b3d835c72a Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 9 Jul 2021 14:13:00 -0400 Subject: [PATCH 030/266] yamlize the gridpos for panels --- salt/grafana/defaults.yaml | 14 ++++++++++++-- .../panels/cpu_docker_combined_current.json.jinja | 8 ++++---- .../panels/cpu_docker_combined_trend.json.jinja | 8 ++++---- 3 files changed, 20 insertions(+), 10 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 81ae5e9a2..65d900644 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -34,8 +34,18 @@ grafana: - monint - cpucount panels: - cpu_docker_combined_current: {} - cpu_docker_combined_trend: {} + cpu_docker_combined_current: + gridPos: + x: 0 + y: 0 + h: 10 + w: 24 + cpu_docker_combined_trend: + gridPos: + x: 0 + y: 10 + h: 10 + w: 24 memory_used_docker_combined_current: {} memory_used_docker_combined_trend: {} # cpu_usage_idle: diff --git a/salt/grafana/panels/cpu_docker_combined_current.json.jinja b/salt/grafana/panels/cpu_docker_combined_current.json.jinja index a2635f41a..8e19e651c 100644 --- a/salt/grafana/panels/cpu_docker_combined_current.json.jinja +++ b/salt/grafana/panels/cpu_docker_combined_current.json.jinja @@ -2,10 +2,10 @@ "type": "graph", "title": "Container CPU Usage Current", "gridPos": { - "x": 0, - "y": 0, - "w": 24, - "h": 10 + "x": {{ PANELS.cpu_docker_combined_current.gridPos.x }}, + "y": {{ PANELS.cpu_docker_combined_current.gridPos.y }}, + "w": {{ PANELS.cpu_docker_combined_current.gridPos.w }}, + "h": {{ PANELS.cpu_docker_combined_current.gridPos.h }} }, "id": 4, "targets": [ diff --git a/salt/grafana/panels/cpu_docker_combined_trend.json.jinja b/salt/grafana/panels/cpu_docker_combined_trend.json.jinja index 9a2af38ce..db27beac1 100644 --- a/salt/grafana/panels/cpu_docker_combined_trend.json.jinja +++ b/salt/grafana/panels/cpu_docker_combined_trend.json.jinja @@ -2,10 +2,10 @@ "type": "graph", "title": "Container CPU Usage Trend", "gridPos": { - "x": 0, - "y": 10, - "w": 24, - "h": 10 + "x": {{ PANELS.cpu_docker_combined_trend.gridPos.x }}, + "y": {{ PANELS.cpu_docker_combined_trend.gridPos.y }}, + "w": {{ PANELS.cpu_docker_combined_trend.gridPos.w }}, + "h": {{ PANELS.cpu_docker_combined_trend.gridPos.h }} }, "id": 6, "targets": [ From efaf53f2f7209de7c7efaa9acc9ca8eebcefd2c8 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 9 Jul 2021 15:13:50 -0400 Subject: [PATCH 031/266] add a panel header, change memeory usage panel --- salt/grafana/defaults.yaml | 24 +- .../cpu_docker_combined_current.json.jinja | 2 +- .../cpu_docker_combined_trend.json.jinja | 2 +- salt/grafana/panels/memory.json.jinja | 483 ------------------ .../panels/memory_usage_current.json.jinja | 146 ++++++ ...ry_used_docker_combined_current.json.jinja | 10 +- ...mory_used_docker_combined_trend.json.jinja | 10 +- .../panels/row_docker_details.json.jinja | 15 + 8 files changed, 193 insertions(+), 499 deletions(-) delete mode 100644 salt/grafana/panels/memory.json.jinja create mode 100644 salt/grafana/panels/memory_usage_current.json.jinja create mode 100644 salt/grafana/panels/row_docker_details.json.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 65d900644..2463e4d23 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -34,20 +34,36 @@ grafana: - monint - cpucount panels: - cpu_docker_combined_current: + row_docker_details: gridPos: x: 0 y: 0 + h: 1 + w: 24 + cpu_docker_combined_current: + gridPos: + x: 0 + y: 1 h: 10 w: 24 cpu_docker_combined_trend: gridPos: x: 0 - y: 10 + y: 11 + h: 10 + w: 24 + memory_used_docker_combined_current: + gridPos: + x: 0 + y: 21 + h: 10 + w: 24 + memory_used_docker_combined_trend: + gridPos: + x: 0 + y: 31 h: 10 w: 24 - memory_used_docker_combined_current: {} - memory_used_docker_combined_trend: {} # cpu_usage_idle: # enabled: true # trend: true diff --git a/salt/grafana/panels/cpu_docker_combined_current.json.jinja b/salt/grafana/panels/cpu_docker_combined_current.json.jinja index 8e19e651c..b466ae65c 100644 --- a/salt/grafana/panels/cpu_docker_combined_current.json.jinja +++ b/salt/grafana/panels/cpu_docker_combined_current.json.jinja @@ -7,7 +7,7 @@ "w": {{ PANELS.cpu_docker_combined_current.gridPos.w }}, "h": {{ PANELS.cpu_docker_combined_current.gridPos.h }} }, - "id": 4, + "id": 2, "targets": [ { "refId": "A", diff --git a/salt/grafana/panels/cpu_docker_combined_trend.json.jinja b/salt/grafana/panels/cpu_docker_combined_trend.json.jinja index db27beac1..dc2c457e1 100644 --- a/salt/grafana/panels/cpu_docker_combined_trend.json.jinja +++ b/salt/grafana/panels/cpu_docker_combined_trend.json.jinja @@ -7,7 +7,7 @@ "w": {{ PANELS.cpu_docker_combined_trend.gridPos.w }}, "h": {{ PANELS.cpu_docker_combined_trend.gridPos.h }} }, - "id": 6, + "id": 3, "targets": [ { "refId": "A", diff --git a/salt/grafana/panels/memory.json.jinja b/salt/grafana/panels/memory.json.jinja deleted file mode 100644 index 1a8d4d22a..000000000 --- a/salt/grafana/panels/memory.json.jinja +++ /dev/null @@ -1,483 +0,0 @@ -{ - "aliasColors": { - "Buffered": "#6ED0E0", - "Cached": "#F9934E", - "Free": "#629E51", - "Used": "#58140C" - }, - "dashLength": 10, - "datasource": "InfluxDB", - "editable": true, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 6, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 40 - }, - "id": 5, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "pluginVersion": "7.5.4", - "pointradius": 5, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": true, - "targets": [ - { - "alias": "Used Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"used\") FROM \"mem\" WHERE (\"host\" = '$servername') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Buffered Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"buffered\") FROM \"mem\" WHERE (\"host\" = '$servername') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "buffered" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Cached Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"cached\") FROM \"mem\" WHERE (\"host\" = '$servername') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "cached" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Free Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"free\") FROM \"mem\" WHERE (\"host\" = '$servername') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "free" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Used Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"used\") FROM \"mem\" WHERE (\"host\" = '$servername') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Buffered Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"buffered\") FROM \"mem\" WHERE (\"host\" = '$servername') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_buffered" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Cached Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"cached\") FROM \"mem\" WHERE (\"host\" = '$servername') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_cached" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Free Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"free\") FROM \"mem\" WHERE (\"host\" = '$servername') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_free" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": [], - "timeRegions": [], - "title": "$servername - Memory", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "Bytes", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - }, - "bars": false, - "dashes": false, - "decimals": null, - "error": false, - "fillGradient": 0, - "hiddenSeries": false, - "linewidth": 0, - "percentage": false, - "points": false, - "steppedLine": false, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/memory_usage_current.json.jinja b/salt/grafana/panels/memory_usage_current.json.jinja new file mode 100644 index 000000000..b2d09ad59 --- /dev/null +++ b/salt/grafana/panels/memory_usage_current.json.jinja @@ -0,0 +1,146 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "x": {{ PANELS.memory_usage_current.gridPos.x }}, + "y": {{ PANELS.memory_usage_current.gridPos.y }}, + "w": {{ PANELS.memory_usage_current.gridPos.w }}, + "h": {{ PANELS.memory_usage_current.gridPos.h }} + }, + "height": "400", + "id": 12054, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/total/", + "color": "#BF1B00", + "fill": 0, + "linewidth": 2 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "mem_inactive", + "policy": "default", + "query": "SELECT mean(total) as total, mean(used) as used, mean(cached) as cached, mean(free) as free, mean(buffered) as buffered FROM \"mem\" WHERE host =~ /$server$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + }, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "hiddenSeries": false +} diff --git a/salt/grafana/panels/memory_used_docker_combined_current.json.jinja b/salt/grafana/panels/memory_used_docker_combined_current.json.jinja index 6e9df41fb..2364c9c6c 100644 --- a/salt/grafana/panels/memory_used_docker_combined_current.json.jinja +++ b/salt/grafana/panels/memory_used_docker_combined_current.json.jinja @@ -2,12 +2,12 @@ "type": "graph", "title": "Container Memory Usage Current", "gridPos": { - "x": 0, - "y": 20, - "w": 24, - "h": 10 + "x": {{ PANELS.memory_used_docker_combined_current.gridPos.x }}, + "y": {{ PANELS.memory_used_docker_combined_current.gridPos.y }}, + "w": {{ PANELS.memory_used_docker_combined_current.gridPos.w }}, + "h": {{ PANELS.memory_used_docker_combined_current.gridPos.h }} }, - "id": 5, + "id": 4, "targets": [ { "refId": "A", diff --git a/salt/grafana/panels/memory_used_docker_combined_trend.json.jinja b/salt/grafana/panels/memory_used_docker_combined_trend.json.jinja index ddbbafe28..9493d2612 100644 --- a/salt/grafana/panels/memory_used_docker_combined_trend.json.jinja +++ b/salt/grafana/panels/memory_used_docker_combined_trend.json.jinja @@ -2,12 +2,12 @@ "type": "graph", "title": "Container Memory Usage Trend", "gridPos": { - "x": 0, - "y": 30, - "w": 24, - "h": 10 + "x": {{ PANELS.memory_used_docker_combined_trend.gridPos.x }}, + "y": {{ PANELS.memory_used_docker_combined_trend.gridPos.y }}, + "w": {{ PANELS.memory_used_docker_combined_trend.gridPos.w }}, + "h": {{ PANELS.memory_used_docker_combined_trend.gridPos.h }} }, - "id": 7, + "id": 5, "targets": [ { "refId": "A", diff --git a/salt/grafana/panels/row_docker_details.json.jinja b/salt/grafana/panels/row_docker_details.json.jinja new file mode 100644 index 000000000..29d87e7df --- /dev/null +++ b/salt/grafana/panels/row_docker_details.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_docker_details.gridPos.x }}, + "y": {{ PANELS.row_docker_details.gridPos.y }}, + "w": {{ PANELS.row_docker_details.gridPos.w }}, + "h": {{ PANELS.row_docker_details.gridPos.h }} + }, + "id": 1, + "panels": [], + "repeat": null, + "title": "Docker Details", + "type": "row" + } From d3137dc6b928d61dab760bcae465b2d8c01bc1e6 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 9 Jul 2021 15:43:51 -0400 Subject: [PATCH 032/266] add row panels --- salt/grafana/defaults.yaml | 23 ++++++++++++++++----- salt/grafana/panels/row_overview.json.jinja | 15 ++++++++++++++ 2 files changed, 33 insertions(+), 5 deletions(-) create mode 100644 salt/grafana/panels/row_overview.json.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 2463e4d23..fceb3f380 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -34,34 +34,47 @@ grafana: - monint - cpucount panels: - row_docker_details: + row_overview: gridPos: x: 0 y: 0 h: 1 w: 24 - cpu_docker_combined_current: + system_uptime: gridPos: x: 0 y: 1 + h: 4 + w: 4 + + row_docker_details: + gridPos: + x: 0 + y: 5 + h: 1 + w: 24 + cpu_docker_combined_current: + gridPos: + x: 0 + y: 6 h: 10 w: 24 cpu_docker_combined_trend: gridPos: x: 0 - y: 11 + y: 16 h: 10 w: 24 memory_used_docker_combined_current: gridPos: x: 0 - y: 21 + y: 26 h: 10 w: 24 memory_used_docker_combined_trend: gridPos: x: 0 - y: 31 + y: 36 h: 10 w: 24 # cpu_usage_idle: diff --git a/salt/grafana/panels/row_overview.json.jinja b/salt/grafana/panels/row_overview.json.jinja new file mode 100644 index 000000000..bbffcc7dc --- /dev/null +++ b/salt/grafana/panels/row_overview.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.overview.gridPos.x }}, + "y": {{ PANELS.overview.gridPos.y }}, + "w": {{ PANELS.overview.gridPos.w }}, + "h": {{ PANELS.overview.gridPos.h }} + }, + "id": 1, + "panels": [], + "repeat": null, + "title": "Overview", + "type": "row" + } From 6c1f424c0be9d35958138ff6ce1d206de70ac28b Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 9 Jul 2021 15:56:27 -0400 Subject: [PATCH 033/266] fix row_overview --- salt/grafana/panels/row_overview.json.jinja | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/grafana/panels/row_overview.json.jinja b/salt/grafana/panels/row_overview.json.jinja index bbffcc7dc..d05a9394d 100644 --- a/salt/grafana/panels/row_overview.json.jinja +++ b/salt/grafana/panels/row_overview.json.jinja @@ -2,10 +2,10 @@ "collapsed": false, "datasource": null, "gridPos": { - "x": {{ PANELS.overview.gridPos.x }}, - "y": {{ PANELS.overview.gridPos.y }}, - "w": {{ PANELS.overview.gridPos.w }}, - "h": {{ PANELS.overview.gridPos.h }} + "x": {{ PANELS.row_overview.gridPos.x }}, + "y": {{ PANELS.row_overview.gridPos.y }}, + "w": {{ PANELS.row_overview.gridPos.w }}, + "h": {{ PANELS.row_overview.gridPos.h }} }, "id": 1, "panels": [], From f556d5c07dbfc4b759cd2643dcca8d14952eabd7 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 9 Jul 2021 15:58:45 -0400 Subject: [PATCH 034/266] change row id --- salt/grafana/panels/row_docker_details.json.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/panels/row_docker_details.json.jinja b/salt/grafana/panels/row_docker_details.json.jinja index 29d87e7df..55eb4db93 100644 --- a/salt/grafana/panels/row_docker_details.json.jinja +++ b/salt/grafana/panels/row_docker_details.json.jinja @@ -7,7 +7,7 @@ "w": {{ PANELS.row_docker_details.gridPos.w }}, "h": {{ PANELS.row_docker_details.gridPos.h }} }, - "id": 1, + "id": 2, "panels": [], "repeat": null, "title": "Docker Details", From efcf0accc12d6aa6f4a4d79bd37b5a43eba3e410 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 9 Jul 2021 16:01:57 -0400 Subject: [PATCH 035/266] change IDs --- salt/grafana/panels/cpu_docker_combined_current.json.jinja | 2 +- salt/grafana/panels/cpu_docker_combined_trend.json.jinja | 2 +- .../panels/memory_used_docker_combined_current.json.jinja | 2 +- .../grafana/panels/memory_used_docker_combined_trend.json.jinja | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/grafana/panels/cpu_docker_combined_current.json.jinja b/salt/grafana/panels/cpu_docker_combined_current.json.jinja index b466ae65c..57d83cba5 100644 --- a/salt/grafana/panels/cpu_docker_combined_current.json.jinja +++ b/salt/grafana/panels/cpu_docker_combined_current.json.jinja @@ -7,7 +7,7 @@ "w": {{ PANELS.cpu_docker_combined_current.gridPos.w }}, "h": {{ PANELS.cpu_docker_combined_current.gridPos.h }} }, - "id": 2, + "id": 100, "targets": [ { "refId": "A", diff --git a/salt/grafana/panels/cpu_docker_combined_trend.json.jinja b/salt/grafana/panels/cpu_docker_combined_trend.json.jinja index dc2c457e1..f83b0bc8d 100644 --- a/salt/grafana/panels/cpu_docker_combined_trend.json.jinja +++ b/salt/grafana/panels/cpu_docker_combined_trend.json.jinja @@ -7,7 +7,7 @@ "w": {{ PANELS.cpu_docker_combined_trend.gridPos.w }}, "h": {{ PANELS.cpu_docker_combined_trend.gridPos.h }} }, - "id": 3, + "id": 101, "targets": [ { "refId": "A", diff --git a/salt/grafana/panels/memory_used_docker_combined_current.json.jinja b/salt/grafana/panels/memory_used_docker_combined_current.json.jinja index 2364c9c6c..8fb0a62cc 100644 --- a/salt/grafana/panels/memory_used_docker_combined_current.json.jinja +++ b/salt/grafana/panels/memory_used_docker_combined_current.json.jinja @@ -7,7 +7,7 @@ "w": {{ PANELS.memory_used_docker_combined_current.gridPos.w }}, "h": {{ PANELS.memory_used_docker_combined_current.gridPos.h }} }, - "id": 4, + "id": 102, "targets": [ { "refId": "A", diff --git a/salt/grafana/panels/memory_used_docker_combined_trend.json.jinja b/salt/grafana/panels/memory_used_docker_combined_trend.json.jinja index 9493d2612..d61bb8ff8 100644 --- a/salt/grafana/panels/memory_used_docker_combined_trend.json.jinja +++ b/salt/grafana/panels/memory_used_docker_combined_trend.json.jinja @@ -7,7 +7,7 @@ "w": {{ PANELS.memory_used_docker_combined_trend.gridPos.w }}, "h": {{ PANELS.memory_used_docker_combined_trend.gridPos.h }} }, - "id": 5, + "id": 103, "targets": [ { "refId": "A", From fb8ccedf6684e266d664b34003a55ece1e84131e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 9 Jul 2021 16:04:55 -0400 Subject: [PATCH 036/266] reduce height by 2 --- salt/grafana/defaults.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index fceb3f380..ca55fb56c 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -57,25 +57,25 @@ grafana: gridPos: x: 0 y: 6 - h: 10 + h: 8 w: 24 cpu_docker_combined_trend: gridPos: x: 0 - y: 16 - h: 10 + y: 14 + h: 8 w: 24 memory_used_docker_combined_current: gridPos: x: 0 - y: 26 - h: 10 + y: 22 + h: 8 w: 24 memory_used_docker_combined_trend: gridPos: x: 0 - y: 36 - h: 10 + y: 30 + h: 8 w: 24 # cpu_usage_idle: # enabled: true From 33d3aef9f56f0b265ef83e8ae0d74017870451ab Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 9 Jul 2021 16:14:25 -0400 Subject: [PATCH 037/266] yamlize gridpos --- salt/grafana/panels/system_uptime.json.jinja | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/grafana/panels/system_uptime.json.jinja b/salt/grafana/panels/system_uptime.json.jinja index 318192edb..a90004ff8 100644 --- a/salt/grafana/panels/system_uptime.json.jinja +++ b/salt/grafana/panels/system_uptime.json.jinja @@ -18,10 +18,10 @@ "overrides": [] }, "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 0 + "x": {{ PANELS.system_uptime.gridPos.x }}, + "y": {{ PANELS.system_uptime.gridPos.y }}, + "w": {{ PANELS.system_uptime.gridPos.w }}, + "h": {{ PANELS.system_uptime.gridPos.h }} }, "id": 39, "options": { From 0fedb0f2c5d702599b5d619dff2d44df0b9d7b94 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 9 Jul 2021 16:29:48 -0400 Subject: [PATCH 038/266] add 5 minute load avg panel --- salt/grafana/defaults.yaml | 7 +- .../panels/load_average_5_minute.json.jinja | 125 ++++++++++++++++++ 2 files changed, 131 insertions(+), 1 deletion(-) create mode 100644 salt/grafana/panels/load_average_5_minute.json.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index ca55fb56c..4cc11fd56 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -46,7 +46,12 @@ grafana: y: 1 h: 4 w: 4 - + load_average_5_minute: + gridPos: + x: 4 + y: 1 + h: 4 + w: 4 row_docker_details: gridPos: x: 0 diff --git a/salt/grafana/panels/load_average_5_minute.json.jinja b/salt/grafana/panels/load_average_5_minute.json.jinja new file mode 100644 index 000000000..9d6a23f71 --- /dev/null +++ b/salt/grafana/panels/load_average_5_minute.json.jinja @@ -0,0 +1,125 @@ +{ + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "InfluxDB", + "decimals": 1, + "editable": true, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "x": {{ PANELS.load_average_5_minute.gridPos.x }}, + "y": {{ PANELS.load_average_5_minute.gridPos.y }}, + "w": {{ PANELS.load_average_5_minute.gridPos.w }}, + "h": {{ PANELS.load_average_5_minute.gridPos.h }} + }, + "height": "150", + "id": 61859, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "postfixFontSize": "50%", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "system", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "load5" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ], + "orderByTime": "ASC" + } + ], + "thresholds": "'$cpucount'/2,'$cpucount'/1.5,'$cpucount'", + "title": "5 Minute Load Average", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "cacheTimeout": null, + "colorBackground": false, + "error": false, + "interval": null, + "nullText": null, + "postfix": "", + "prefix": "", + "tableColumn": "" +} From 9572c1f663da4f30b94a881800e6a7004da82a5d Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 9 Jul 2021 16:33:09 -0400 Subject: [PATCH 039/266] fix var --- salt/grafana/panels/load_average_5_minute.json.jinja | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/grafana/panels/load_average_5_minute.json.jinja b/salt/grafana/panels/load_average_5_minute.json.jinja index 9d6a23f71..260bfa179 100644 --- a/salt/grafana/panels/load_average_5_minute.json.jinja +++ b/salt/grafana/panels/load_average_5_minute.json.jinja @@ -92,13 +92,13 @@ { "key": "host", "operator": "=~", - "value": "/^$server$/" + "value": "/^$servername$/" } ], "orderByTime": "ASC" } ], - "thresholds": "'$cpucount'/2,'$cpucount'/1.5,'$cpucount'", + "thresholds": "$cpucount/2, $cpucount/1.5, $cpucount", "title": "5 Minute Load Average", "type": "singlestat", "valueFontSize": "80%", From 6fbafb74bdf98f4d405a887c98e6bf1ffa05eb32 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 9 Jul 2021 16:45:02 -0400 Subject: [PATCH 040/266] update panel --- .../panels/load_average_5_minute.json.jinja | 120 ++++++++---------- 1 file changed, 54 insertions(+), 66 deletions(-) diff --git a/salt/grafana/panels/load_average_5_minute.json.jinja b/salt/grafana/panels/load_average_5_minute.json.jinja index 260bfa179..89b4c3413 100644 --- a/salt/grafana/panels/load_average_5_minute.json.jinja +++ b/salt/grafana/panels/load_average_5_minute.json.jinja @@ -1,20 +1,40 @@ { - "colorValue": true, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], "datasource": "InfluxDB", - "decimals": 1, - "editable": true, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": $cpucount / 2 + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": $cpucount / 1.5 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": $cpucount + } + ] + }, + "mappings": [ + { + "op": "=", + "text": "N/A", + "value": "null", + "id": 0, + "type": 2 + } + ], + "unit": "none", + "decimals": 1, + "color": { + "mode": "thresholds" + } + }, + "overrides": [] }, "gridPos": { "x": {{ PANELS.load_average_5_minute.gridPos.x }}, @@ -22,37 +42,9 @@ "w": {{ PANELS.load_average_5_minute.gridPos.w }}, "h": {{ PANELS.load_average_5_minute.gridPos.h }} }, - "height": "150", "id": 61859, "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], "maxDataPoints": 100, - "nullPointMode": "connected", - "postfixFontSize": "50%", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, "targets": [ { "dsType": "influxdb", @@ -71,6 +63,7 @@ } ], "measurement": "system", + "orderByTime": "ASC", "policy": "default", "refId": "A", "resultFormat": "time_series", @@ -94,32 +87,27 @@ "operator": "=~", "value": "/^$servername$/" } - ], - "orderByTime": "ASC" + ] } ], - "thresholds": "$cpucount/2, $cpucount/1.5, $cpucount", "title": "5 Minute Load Average", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current", - "fieldConfig": { - "defaults": {}, - "overrides": [] + "type": "stat", + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "lastNotNull" + ], + "fields": "" + }, + "orientation": "horizontal", + "text": {}, + "textMode": "auto", + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto" }, + "pluginVersion": "7.5.4", "cacheTimeout": null, - "colorBackground": false, - "error": false, - "interval": null, - "nullText": null, - "postfix": "", - "prefix": "", - "tableColumn": "" + "interval": null } From 0bde69b441c9aa27ab417656390bbfc85335e5fd Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 9 Jul 2021 16:47:39 -0400 Subject: [PATCH 041/266] update panel --- salt/grafana/panels/load_average_5_minute.json.jinja | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/grafana/panels/load_average_5_minute.json.jinja b/salt/grafana/panels/load_average_5_minute.json.jinja index 89b4c3413..380c7735f 100644 --- a/salt/grafana/panels/load_average_5_minute.json.jinja +++ b/salt/grafana/panels/load_average_5_minute.json.jinja @@ -7,15 +7,15 @@ "steps": [ { "color": "rgba(50, 172, 45, 0.97)", - "value": $cpucount / 2 + "value": "$cpucount" }, { "color": "rgba(237, 129, 40, 0.89)", - "value": $cpucount / 1.5 + "value": "$cpucount / 1.5" }, { "color": "rgba(245, 54, 54, 0.9)", - "value": $cpucount + "value": "$cpucount" } ] }, From 28e33b413cc80a4d4b975b35daba058c2d8151fd Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 12 Jul 2021 10:17:23 -0400 Subject: [PATCH 042/266] add more panels for overview --- salt/grafana/defaults.yaml | 75 +++++++++- .../grafana/panels/cpu_usage_guage.json.jinja | 135 ++++++++++++++++++ .../panels/estimate_eps_singlestat.json.jinja | 126 ++++++++++++++++ .../panels/io_wait_singlestat.json.jinja | 132 +++++++++++++++++ ...ad_average_5_minute_singlestat.json.jinja} | 10 +- .../panels/memory_usage_current.json.jinja | 2 +- salt/grafana/panels/nsm_used_guage.json.jinja | 131 +++++++++++++++++ .../pcap_pcap_loss_singlestat.json.jinja | 125 ++++++++++++++++ .../grafana/panels/ram_usage_guage.json.jinja | 123 ++++++++++++++++ .../panels/rootfs_used_guage.json.jinja | 131 +++++++++++++++++ ...suricata_packet_loss_singlestat.json.jinja | 131 +++++++++++++++++ .../panels/swap_usage_guage.json.jinja | 124 ++++++++++++++++ .../zeek_packet_loss_singlestat.json.jinja | 131 +++++++++++++++++ 13 files changed, 1364 insertions(+), 12 deletions(-) create mode 100644 salt/grafana/panels/cpu_usage_guage.json.jinja create mode 100644 salt/grafana/panels/estimate_eps_singlestat.json.jinja create mode 100644 salt/grafana/panels/io_wait_singlestat.json.jinja rename salt/grafana/panels/{load_average_5_minute.json.jinja => load_average_5_minute_singlestat.json.jinja} (87%) create mode 100644 salt/grafana/panels/nsm_used_guage.json.jinja create mode 100644 salt/grafana/panels/pcap_pcap_loss_singlestat.json.jinja create mode 100644 salt/grafana/panels/ram_usage_guage.json.jinja create mode 100644 salt/grafana/panels/rootfs_used_guage.json.jinja create mode 100644 salt/grafana/panels/suricata_packet_loss_singlestat.json.jinja create mode 100644 salt/grafana/panels/swap_usage_guage.json.jinja create mode 100644 salt/grafana/panels/zeek_packet_loss_singlestat.json.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 4cc11fd56..785d17e7c 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -46,40 +46,103 @@ grafana: y: 1 h: 4 w: 4 - load_average_5_minute: + load_average_5_minute_singlestat: gridPos: x: 4 y: 1 h: 4 w: 4 - row_docker_details: + + zeek_packet_loss_singlestat: + gridPos: + x: 8 + y: 1 + h: 4 + w: 4 + suricata_packet_loss_singlestat: + gridPos: + x: 12 + y: 1 + h: 4 + w: 4 + pcap_packet_loss_singlestat: + gridPos: + x: 16 + y: 1 + h: 4 + w: 4 + estimated_eps_singlestat: + gridPos: + x: 20 + y: 1 + h: 4 + w: 4 + + io_wait_singlestat: gridPos: x: 0 y: 5 + h: 4 + w: 4 + cpu_usage_guage: + gridPos: + x: 8 + y: 5 + h: 4 + w: 2 + ram_usage_guage: + gridPos: + x: 10 + y: 5 + h: 4 + w: 2 + swap_usage_guage: + gridPos: + x: 12 + y: 1 + h: 4 + w: 2 + rootfs_used_guage: + gridPos: + x: 14 + y: 5 + h: 4 + w: 2 + nsm_used_guage: + gridPos: + x: 16 + y: 5 + h: 4 + w: 2 + + row_docker_details: + gridPos: + x: 0 + y: 9 h: 1 w: 24 cpu_docker_combined_current: gridPos: x: 0 - y: 6 + y: 10 h: 8 w: 24 cpu_docker_combined_trend: gridPos: x: 0 - y: 14 + y: 18 h: 8 w: 24 memory_used_docker_combined_current: gridPos: x: 0 - y: 22 + y: 26 h: 8 w: 24 memory_used_docker_combined_trend: gridPos: x: 0 - y: 30 + y: 34 h: 8 w: 24 # cpu_usage_idle: diff --git a/salt/grafana/panels/cpu_usage_guage.json.jinja b/salt/grafana/panels/cpu_usage_guage.json.jinja new file mode 100644 index 000000000..e6b691be8 --- /dev/null +++ b/salt/grafana/panels/cpu_usage_guage.json.jinja @@ -0,0 +1,135 @@ +{ + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "InfluxDB", + "editable": true, + "error": false, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "x": {{ PANELS.cpu_usage_guage.gridPos.x }}, + "y": {{ PANELS.cpu_usage_guage.gridPos.y }}, + "w": {{ PANELS.cpu_usage_guage.gridPos.w }}, + "h": {{ PANELS.cpu_usage_guage.gridPos.h }} + }, + "height": "150", + "id": 9, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "cpu", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_idle" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [ + "* -1 + 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ] + } + ], + "thresholds": "70,80,90", + "title": "CPU usage", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current", + "fieldConfig": { + "defaults": {}, + "overrides": [] + } +} diff --git a/salt/grafana/panels/estimate_eps_singlestat.json.jinja b/salt/grafana/panels/estimate_eps_singlestat.json.jinja new file mode 100644 index 000000000..d4c13ecc1 --- /dev/null +++ b/salt/grafana/panels/estimate_eps_singlestat.json.jinja @@ -0,0 +1,126 @@ +{ + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "InfluxDB", + "decimals": 2, + "editable": true, + "error": false, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "x": {{ PANELS.estimated_eps_singlestat.gridPos.x }}, + "y": {{ PANELS.estimated_eps_singlestat.gridPos.y }}, + "w": {{ PANELS.estimated_eps_singlestat.gridPos.w }}, + "h": {{ PANELS.estimated_eps_singlestat.gridPos.h }} + }, + "height": "150", + "id": 23, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "consumptioneps", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "eps" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "thresholds": "", + "title": "Estimated EPS", + "type": "singlestat", + "valueFontSize": "100%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current", + "fieldConfig": { + "defaults": {}, + "overrides": [] + } +} diff --git a/salt/grafana/panels/io_wait_singlestat.json.jinja b/salt/grafana/panels/io_wait_singlestat.json.jinja new file mode 100644 index 000000000..3e35d0d02 --- /dev/null +++ b/salt/grafana/panels/io_wait_singlestat.json.jinja @@ -0,0 +1,132 @@ +{ + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "InfluxDB", + "decimals": 2, + "editable": true, + "error": false, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "x": {{ PANELS.io_wait_singlestat.gridPos.x }}, + "y": {{ PANELS.io_wait_singlestat.gridPos.y }}, + "w": {{ PANELS.io_wait_singlestat.gridPos.w }}, + "h": {{ PANELS.io_wait_singlestat.gridPos.h }} + }, + "height": "150", + "id": 61867, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "cpu", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(\"usage_iowait\"), 1s) FROM \"cpu\" WHERE \"host\" =~ /^$servername$/ AND \"cpu\" = 'cpu-total' AND $timeFilter GROUP BY time($interval) fill(null)", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_iowait" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ] + } + ], + "thresholds": "30,40,50", + "title": "IOWait", + "type": "singlestat", + "valueFontSize": "100%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current", + "fieldConfig": { + "defaults": {}, + "overrides": [] + } +} diff --git a/salt/grafana/panels/load_average_5_minute.json.jinja b/salt/grafana/panels/load_average_5_minute_singlestat.json.jinja similarity index 87% rename from salt/grafana/panels/load_average_5_minute.json.jinja rename to salt/grafana/panels/load_average_5_minute_singlestat.json.jinja index 380c7735f..082e114bc 100644 --- a/salt/grafana/panels/load_average_5_minute.json.jinja +++ b/salt/grafana/panels/load_average_5_minute_singlestat.json.jinja @@ -7,7 +7,7 @@ "steps": [ { "color": "rgba(50, 172, 45, 0.97)", - "value": "$cpucount" + "value": "$cpucount / 2" }, { "color": "rgba(237, 129, 40, 0.89)", @@ -37,10 +37,10 @@ "overrides": [] }, "gridPos": { - "x": {{ PANELS.load_average_5_minute.gridPos.x }}, - "y": {{ PANELS.load_average_5_minute.gridPos.y }}, - "w": {{ PANELS.load_average_5_minute.gridPos.w }}, - "h": {{ PANELS.load_average_5_minute.gridPos.h }} + "x": {{ PANELS.load_average_5_minute_singlestat.gridPos.x }}, + "y": {{ PANELS.load_average_5_minute_singlestat.gridPos.y }}, + "w": {{ PANELS.load_average_5_minute_singlestat.gridPos.w }}, + "h": {{ PANELS.load_average_5_minute_singlestat.gridPos.h }} }, "id": 61859, "links": [], diff --git a/salt/grafana/panels/memory_usage_current.json.jinja b/salt/grafana/panels/memory_usage_current.json.jinja index b2d09ad59..7fce708ba 100644 --- a/salt/grafana/panels/memory_usage_current.json.jinja +++ b/salt/grafana/panels/memory_usage_current.json.jinja @@ -75,7 +75,7 @@ ], "measurement": "mem_inactive", "policy": "default", - "query": "SELECT mean(total) as total, mean(used) as used, mean(cached) as cached, mean(free) as free, mean(buffered) as buffered FROM \"mem\" WHERE host =~ /$server$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", + "query": "SELECT mean(total) as total, mean(used) as used, mean(cached) as cached, mean(free) as free, mean(buffered) as buffered FROM \"mem\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", "rawQuery": true, "refId": "A", "resultFormat": "time_series", diff --git a/salt/grafana/panels/nsm_used_guage.json.jinja b/salt/grafana/panels/nsm_used_guage.json.jinja new file mode 100644 index 000000000..5aabb921f --- /dev/null +++ b/salt/grafana/panels/nsm_used_guage.json.jinja @@ -0,0 +1,131 @@ +{ + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "InfluxDB", + "editable": true, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "x": {{ PANELS.nsm_used_guage.gridPos.x }}, + "y": {{ PANELS.nsm_used_guage.gridPos.y }}, + "w": {{ PANELS.nsm_used_guage.gridPos.w }}, + "h": {{ PANELS.nsm_used_guage.gridPos.h }} + }, + "height": "150", + "id": 12, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "postfixFontSize": "50%", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "disk", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "used_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "path", + "operator": "=", + "value": "/nsm" + } + ], + "orderByTime": "ASC" + } + ], + "thresholds": "70,80,90", + "title": "RootFS used", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "cacheTimeout": null, + "colorBackground": false, + "decimals": 0, + "error": false, + "interval": null, + "nullText": null, + "postfix": "", + "prefix": "", + "tableColumn": "" +} diff --git a/salt/grafana/panels/pcap_pcap_loss_singlestat.json.jinja b/salt/grafana/panels/pcap_pcap_loss_singlestat.json.jinja new file mode 100644 index 000000000..cafc5d628 --- /dev/null +++ b/salt/grafana/panels/pcap_pcap_loss_singlestat.json.jinja @@ -0,0 +1,125 @@ +{ + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "InfluxDB", + "decimals": 2, + "editable": true, + "error": false, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "x": {{ PANELS.pcap_packet_loss_singlestat.gridPos.x }}, + "y": {{ PANELS.pcap_packet_loss_singlestat.gridPos.y }}, + "w": {{ PANELS.pcap_packet_loss_singlestat.gridPos.w }}, + "h": {{ PANELS.pcap_packet_loss_singlestat.gridPos.h }} + }, + "height": "150", + "id": 23, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "stenodrop", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "drop" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "thresholds": ".5,3,5", + "title": "PCAP Packet Loss", + "type": "singlestat", + "valueFontSize": "100%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current", + "fieldConfig": { + "defaults": {}, + "overrides": [] + } +} diff --git a/salt/grafana/panels/ram_usage_guage.json.jinja b/salt/grafana/panels/ram_usage_guage.json.jinja new file mode 100644 index 000000000..c1d05ab5a --- /dev/null +++ b/salt/grafana/panels/ram_usage_guage.json.jinja @@ -0,0 +1,123 @@ +{ + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "InfluxDB", + "editable": true, + "error": false, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "x": {{ PANELS.ram_usage_guage.gridPos.x }}, + "y": {{ PANELS.ram_usage_guage.gridPos.y }}, + "w": {{ PANELS.ram_usage_guage.gridPos.w }}, + "h": {{ PANELS.ram_usage_guage.gridPos.h }} + }, + "height": "150", + "id": 61860, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "mem", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "used_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + } + ] + } + ], + "thresholds": "70,80,90", + "title": "RAM usage", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current", + "fieldConfig": { + "defaults": {}, + "overrides": [] + } +} diff --git a/salt/grafana/panels/rootfs_used_guage.json.jinja b/salt/grafana/panels/rootfs_used_guage.json.jinja new file mode 100644 index 000000000..25968299c --- /dev/null +++ b/salt/grafana/panels/rootfs_used_guage.json.jinja @@ -0,0 +1,131 @@ +{ + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "InfluxDB", + "editable": true, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "x": {{ PANELS.rootfs_used_guage.gridPos.x }}, + "y": {{ PANELS.rootfs_used_guage.gridPos.y }}, + "w": {{ PANELS.rootfs_used_guage.gridPos.w }}, + "h": {{ PANELS.rootfs_used_guage.gridPos.h }} + }, + "height": "150", + "id": 61866, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "postfixFontSize": "50%", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "disk", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "used_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "path", + "operator": "=", + "value": "/" + } + ], + "orderByTime": "ASC" + } + ], + "thresholds": "70,80,90", + "title": "RootFS used", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "cacheTimeout": null, + "colorBackground": false, + "decimals": 0, + "error": false, + "interval": null, + "nullText": null, + "postfix": "", + "prefix": "", + "tableColumn": "" +} diff --git a/salt/grafana/panels/suricata_packet_loss_singlestat.json.jinja b/salt/grafana/panels/suricata_packet_loss_singlestat.json.jinja new file mode 100644 index 000000000..35c00939a --- /dev/null +++ b/salt/grafana/panels/suricata_packet_loss_singlestat.json.jinja @@ -0,0 +1,131 @@ +{ + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "InfluxDB", + "decimals": 2, + "editable": true, + "error": false, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "x": {{ PANELS.suricata_packet_loss_singlestat.gridPos.x }}, + "y": {{ PANELS.suricata_packet_loss_singlestat.gridPos.y }}, + "w": {{ PANELS.suricata_packet_loss_singlestat.gridPos.w }}, + "h": {{ PANELS.suricata_packet_loss_singlestat.gridPos.h }} + }, + "height": "150", + "id": 21, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "suridrop", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "drop" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [ + "* 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "thresholds": ".5,3,5", + "title": "Suricata Packet Loss", + "type": "singlestat", + "valueFontSize": "100%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current", + "fieldConfig": { + "defaults": {}, + "overrides": [] + } +} diff --git a/salt/grafana/panels/swap_usage_guage.json.jinja b/salt/grafana/panels/swap_usage_guage.json.jinja new file mode 100644 index 000000000..6667a3445 --- /dev/null +++ b/salt/grafana/panels/swap_usage_guage.json.jinja @@ -0,0 +1,124 @@ +{ + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "InfluxDB", + "decimals": 0, + "editable": true, + "error": false, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "x": {{ PANELS.swap_usage_guage.gridPos.x }}, + "y": {{ PANELS.swap_usage_guage.gridPos.y }}, + "w": {{ PANELS.swap_usage_guage.gridPos.w }}, + "h": {{ PANELS.swap_usage_guage.gridPos.h }} + }, + "height": "150", + "id": 61863, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "swap", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "used_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + } + ] + } + ], + "thresholds": "50,70,90", + "title": "Swap usage", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current", + "fieldConfig": { + "defaults": {}, + "overrides": [] + } +} diff --git a/salt/grafana/panels/zeek_packet_loss_singlestat.json.jinja b/salt/grafana/panels/zeek_packet_loss_singlestat.json.jinja new file mode 100644 index 000000000..cbea2b6f2 --- /dev/null +++ b/salt/grafana/panels/zeek_packet_loss_singlestat.json.jinja @@ -0,0 +1,131 @@ +{ + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "InfluxDB", + "decimals": 2, + "editable": true, + "error": false, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "x": {{ PANELS.zeek_packet_loss_singlestat.gridPos.x }}, + "y": {{ PANELS.zeek_packet_loss_singlestat.gridPos.y }}, + "w": {{ PANELS.zeek_packet_loss_singlestat.gridPos.w }}, + "h": {{ PANELS.zeek_packet_loss_singlestat.gridPos.h }} + }, + "height": "150", + "id": 21, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "zeekdrop", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "drop" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [ + "* 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "thresholds": ".5,3,5", + "title": "Zeek Packet Loss", + "type": "singlestat", + "valueFontSize": "100%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current", + "fieldConfig": { + "defaults": {}, + "overrides": [] + } +} From e8eecc8bc1f8d9bab55cdad6a08b72d679196fd7 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 12 Jul 2021 10:22:25 -0400 Subject: [PATCH 043/266] rename file --- ...nglestat.json.jinja => pcap_packet_loss_singlestat.json.jinja} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename salt/grafana/panels/{pcap_pcap_loss_singlestat.json.jinja => pcap_packet_loss_singlestat.json.jinja} (100%) diff --git a/salt/grafana/panels/pcap_pcap_loss_singlestat.json.jinja b/salt/grafana/panels/pcap_packet_loss_singlestat.json.jinja similarity index 100% rename from salt/grafana/panels/pcap_pcap_loss_singlestat.json.jinja rename to salt/grafana/panels/pcap_packet_loss_singlestat.json.jinja From 7474b451cab39d16e159097301b7d7a42e004e7a Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 12 Jul 2021 10:24:12 -0400 Subject: [PATCH 044/266] rename file --- ..._singlestat.json.jinja => estimated_eps_singlestat.json.jinja} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename salt/grafana/panels/{estimate_eps_singlestat.json.jinja => estimated_eps_singlestat.json.jinja} (100%) diff --git a/salt/grafana/panels/estimate_eps_singlestat.json.jinja b/salt/grafana/panels/estimated_eps_singlestat.json.jinja similarity index 100% rename from salt/grafana/panels/estimate_eps_singlestat.json.jinja rename to salt/grafana/panels/estimated_eps_singlestat.json.jinja From 694db81b80b890ef27e1139e454c3e254b3b8791 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 12 Jul 2021 10:29:09 -0400 Subject: [PATCH 045/266] fix locations and panel ids --- salt/grafana/defaults.yaml | 2 +- salt/grafana/panels/pcap_packet_loss_singlestat.json.jinja | 2 +- salt/grafana/panels/suricata_packet_loss_singlestat.json.jinja | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 785d17e7c..02fb3eafa 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -99,7 +99,7 @@ grafana: swap_usage_guage: gridPos: x: 12 - y: 1 + y: 5 h: 4 w: 2 rootfs_used_guage: diff --git a/salt/grafana/panels/pcap_packet_loss_singlestat.json.jinja b/salt/grafana/panels/pcap_packet_loss_singlestat.json.jinja index cafc5d628..94f4b883f 100644 --- a/salt/grafana/panels/pcap_packet_loss_singlestat.json.jinja +++ b/salt/grafana/panels/pcap_packet_loss_singlestat.json.jinja @@ -26,7 +26,7 @@ "h": {{ PANELS.pcap_packet_loss_singlestat.gridPos.h }} }, "height": "150", - "id": 23, + "id": 22, "interval": null, "links": [], "mappingType": 1, diff --git a/salt/grafana/panels/suricata_packet_loss_singlestat.json.jinja b/salt/grafana/panels/suricata_packet_loss_singlestat.json.jinja index 35c00939a..549899008 100644 --- a/salt/grafana/panels/suricata_packet_loss_singlestat.json.jinja +++ b/salt/grafana/panels/suricata_packet_loss_singlestat.json.jinja @@ -26,7 +26,7 @@ "h": {{ PANELS.suricata_packet_loss_singlestat.gridPos.h }} }, "height": "150", - "id": 21, + "id": 20, "interval": null, "links": [], "mappingType": 1, From 860b8bf94537c78f85b8fb31a10e38358bcd8b6b Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 12 Jul 2021 10:34:39 -0400 Subject: [PATCH 046/266] panel changes --- .../panels/estimated_eps_singlestat.json.jinja | 12 +++--------- salt/grafana/panels/nsm_used_guage.json.jinja | 4 ++-- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/salt/grafana/panels/estimated_eps_singlestat.json.jinja b/salt/grafana/panels/estimated_eps_singlestat.json.jinja index d4c13ecc1..e2dee3398 100644 --- a/salt/grafana/panels/estimated_eps_singlestat.json.jinja +++ b/salt/grafana/panels/estimated_eps_singlestat.json.jinja @@ -8,17 +8,11 @@ "rgba(50, 172, 45, 0.97)" ], "datasource": "InfluxDB", - "decimals": 2, + "decimals": 0, "editable": true, "error": false, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, + "format": "short", + "gauge": {}, "gridPos": { "x": {{ PANELS.estimated_eps_singlestat.gridPos.x }}, "y": {{ PANELS.estimated_eps_singlestat.gridPos.y }}, diff --git a/salt/grafana/panels/nsm_used_guage.json.jinja b/salt/grafana/panels/nsm_used_guage.json.jinja index 5aabb921f..e6ae2d2b5 100644 --- a/salt/grafana/panels/nsm_used_guage.json.jinja +++ b/salt/grafana/panels/nsm_used_guage.json.jinja @@ -103,8 +103,8 @@ "orderByTime": "ASC" } ], - "thresholds": "70,80,90", - "title": "RootFS used", + "thresholds": "70,80,95", + "title": "NSM used", "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ From 619022ef7f090a5e573601091ca1cb33df02bbde Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 12 Jul 2021 11:09:23 -0400 Subject: [PATCH 047/266] 2 new panels to overview --- salt/grafana/defaults.yaml | 12 ++ .../monitor_traffic_singlestat.json.jinja | 137 ++++++++++++++++++ .../pcap_retention_singlestat.json.jinja | 126 ++++++++++++++++ 3 files changed, 275 insertions(+) create mode 100644 salt/grafana/panels/monitor_traffic_singlestat.json.jinja create mode 100644 salt/grafana/panels/pcap_retention_singlestat.json.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 02fb3eafa..21f421571 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -84,6 +84,12 @@ grafana: y: 5 h: 4 w: 4 + monitor_traffic_singlestat: + gridPos: + x: 4 + y: 5 + h: 4 + w: 4 cpu_usage_guage: gridPos: x: 8 @@ -114,6 +120,12 @@ grafana: y: 5 h: 4 w: 2 + pcap_retention_singlestat: + gridPos: + x: 18 + y: 5 + h: 4 + w: 2 row_docker_details: gridPos: diff --git a/salt/grafana/panels/monitor_traffic_singlestat.json.jinja b/salt/grafana/panels/monitor_traffic_singlestat.json.jinja new file mode 100644 index 000000000..8a7985a59 --- /dev/null +++ b/salt/grafana/panels/monitor_traffic_singlestat.json.jinja @@ -0,0 +1,137 @@ +{ + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "InfluxDB", + "decimals": 2, + "editable": true, + "error": false, + "format": "bps", + "gauge": {}, + "gridPos": { + "x": {{ PANELS.monitor_traffic_singlestat.gridPos.x }}, + "y": {{ PANELS.monitor_traffic_singlestat.gridPos.y }}, + "w": {{ PANELS.monitor_traffic_singlestat.gridPos.w }}, + "h": {{ PANELS.monitor_traffic_singlestat.gridPos.h }} + }, + "height": "150", + "id": 24, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "net", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes_recv" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=", + "value": "$monint" + } + ] + } + ], + "thresholds": ".5,3,5", + "title": "Monitor Traffic", + "type": "singlestat", + "valueFontSize": "100%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current", + "fieldConfig": { + "defaults": {}, + "overrides": [] + } +} diff --git a/salt/grafana/panels/pcap_retention_singlestat.json.jinja b/salt/grafana/panels/pcap_retention_singlestat.json.jinja new file mode 100644 index 000000000..80cb8dedb --- /dev/null +++ b/salt/grafana/panels/pcap_retention_singlestat.json.jinja @@ -0,0 +1,126 @@ +{ + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "InfluxDB", + "editable": true, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "x": {{ PANELS.pcap_retention_singlestat.gridPos.x }}, + "y": {{ PANELS.pcap_retention_singlestat.gridPos.y }}, + "w": {{ PANELS.pcap_retention_singlestat.gridPos.w }}, + "h": {{ PANELS.pcap_retention_singlestat.gridPos.h }} + }, + "height": "150", + "id": 26, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "postfixFontSize": "50%", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "pcapage", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "seconds" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ], + "orderByTime": "ASC" + } + ], + "thresholds": "", + "title": "PCAP Retention", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "cacheTimeout": null, + "colorBackground": false, + "decimals": 0, + "error": false, + "interval": null, + "nullText": null, + "postfix": "", + "prefix": "", + "tableColumn": "" +} From c4ff8f687615ed5e45dd1541c8b6d18797dcc489 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 12 Jul 2021 11:12:28 -0400 Subject: [PATCH 048/266] convert seconds to days --- salt/grafana/panels/pcap_retention_singlestat.json.jinja | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/salt/grafana/panels/pcap_retention_singlestat.json.jinja b/salt/grafana/panels/pcap_retention_singlestat.json.jinja index 80cb8dedb..31bc16747 100644 --- a/salt/grafana/panels/pcap_retention_singlestat.json.jinja +++ b/salt/grafana/panels/pcap_retention_singlestat.json.jinja @@ -82,9 +82,15 @@ ], "type": "field" }, + { + "params": [ + "/86400" + ], + "type": "math" + } { "params": [], - "type": "mean" + "type": "last" } ] ], From cebc2ef09d7079069c18bfbabf63d5448c35e518 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 12 Jul 2021 11:13:32 -0400 Subject: [PATCH 049/266] add missing , --- salt/grafana/panels/pcap_retention_singlestat.json.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/panels/pcap_retention_singlestat.json.jinja b/salt/grafana/panels/pcap_retention_singlestat.json.jinja index 31bc16747..fcec778fc 100644 --- a/salt/grafana/panels/pcap_retention_singlestat.json.jinja +++ b/salt/grafana/panels/pcap_retention_singlestat.json.jinja @@ -87,7 +87,7 @@ "/86400" ], "type": "math" - } + }, { "params": [], "type": "last" From b46456b78e1cb7d7fc23c52e5a1f1d493ff375a4 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 12 Jul 2021 11:16:33 -0400 Subject: [PATCH 050/266] move math, add 2 decimal spot --- .../panels/pcap_retention_singlestat.json.jinja | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/salt/grafana/panels/pcap_retention_singlestat.json.jinja b/salt/grafana/panels/pcap_retention_singlestat.json.jinja index fcec778fc..3294ed808 100644 --- a/salt/grafana/panels/pcap_retention_singlestat.json.jinja +++ b/salt/grafana/panels/pcap_retention_singlestat.json.jinja @@ -82,15 +82,15 @@ ], "type": "field" }, + { + "params": [], + "type": "last" + }, { "params": [ "/86400" ], "type": "math" - }, - { - "params": [], - "type": "last" } ] ], @@ -122,7 +122,7 @@ }, "cacheTimeout": null, "colorBackground": false, - "decimals": 0, + "decimals": 2, "error": false, "interval": null, "nullText": null, From 19d925871783be08ae781f433b8d699d6569bfbe Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 12 Jul 2021 11:22:48 -0400 Subject: [PATCH 051/266] add postfix , change color --- salt/grafana/panels/pcap_retention_singlestat.json.jinja | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/grafana/panels/pcap_retention_singlestat.json.jinja b/salt/grafana/panels/pcap_retention_singlestat.json.jinja index 3294ed808..0bb908d76 100644 --- a/salt/grafana/panels/pcap_retention_singlestat.json.jinja +++ b/salt/grafana/panels/pcap_retention_singlestat.json.jinja @@ -1,7 +1,7 @@ { "colorValue": true, "colors": [ - "rgba(50, 172, 45, 0.97)", + "rgba(255, 255, 255, 0.97)", "rgba(237, 129, 40, 0.89)", "rgba(245, 54, 54, 0.9)" ], @@ -37,6 +37,7 @@ ], "maxDataPoints": 100, "nullPointMode": "connected", + "postfix": " days", "postfixFontSize": "50%", "prefixFontSize": "50%", "rangeMaps": [ From 8491ffde07e210a53e6d15f3cbfd9630ea24bf76 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 12 Jul 2021 14:18:54 -0400 Subject: [PATCH 052/266] add docker container network usage graphs --- salt/grafana/dashboards/sysdash.json | 12982 ++++++++++++++++ salt/grafana/defaults.yaml | 35 +- ..._docker_combined_current_graph.json.jinja} | 8 +- ...pu_docker_combined_trend_graph.json.jinja} | 8 +- ...oad_average_5_minute_singlestat.json.jinja | 2 +- ..._docker_combined_current_graph.json.jinja} | 8 +- ...ed_docker_combined_trend_graph.json.jinja} | 8 +- ...e_docker_combined_current_graph.json.jinja | 231 + ...ocker_combined_trend_graph.json copy.jinja | 231 + 9 files changed, 13477 insertions(+), 36 deletions(-) create mode 100644 salt/grafana/dashboards/sysdash.json rename salt/grafana/panels/{cpu_docker_combined_current.json.jinja => cpu_docker_combined_current_graph.json.jinja} (91%) rename salt/grafana/panels/{cpu_docker_combined_trend.json.jinja => cpu_docker_combined_trend_graph.json.jinja} (91%) rename salt/grafana/panels/{memory_used_docker_combined_current.json.jinja => memory_used_docker_combined_current_graph.json.jinja} (90%) rename salt/grafana/panels/{memory_used_docker_combined_trend.json.jinja => memory_used_docker_combined_trend_graph.json.jinja} (90%) create mode 100644 salt/grafana/panels/network_usage_docker_combined_current_graph.json.jinja create mode 100644 salt/grafana/panels/network_usage_docker_combined_trend_graph.json copy.jinja diff --git a/salt/grafana/dashboards/sysdash.json b/salt/grafana/dashboards/sysdash.json new file mode 100644 index 000000000..a942df647 --- /dev/null +++ b/salt/grafana/dashboards/sysdash.json @@ -0,0 +1,12982 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "InfluxDB dashboards for telegraf metrics", + "editable": true, + "gnetId": 928, + "graphTooltip": 1, + "id": 10, + "iteration": 1625856234816, + "links": [], + "panels": [ + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 62044, + "panels": [], + "repeat": null, + "title": "Quick overview", + "type": "row" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "InfluxDB", + "decimals": 1, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "format": "s", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 0, + "y": 1 + }, + "height": "150", + "id": 61858, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "system", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "uptime" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": "", + "title": "Uptime", + "type": "singlestat", + "valueFontSize": "100%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "InfluxDB", + "decimals": 1, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 2, + "x": 4, + "y": 1 + }, + "height": "150", + "id": 61859, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "system", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "load5" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": "4,8,12", + "title": "LA medium", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "InfluxDB", + "decimals": 0, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 2, + "x": 6, + "y": 1 + }, + "height": "150", + "id": 61862, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "processes", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "zombies" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": "1,5,10", + "title": "Zombies", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "InfluxDB", + "decimals": 0, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 2, + "x": 8, + "y": 1 + }, + "height": "150", + "id": 61864, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "processes", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "total" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": "1,5,10", + "title": "Processes", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "InfluxDB", + "decimals": 0, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 2, + "x": 10, + "y": 1 + }, + "height": "150", + "id": 61865, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "processes", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "total_threads" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": "1,5,10", + "title": "Threads", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 2, + "x": 12, + "y": 1 + }, + "height": "150", + "id": 61861, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "cpu", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_idle" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [ + "* -1 + 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ] + } + ], + "thresholds": "70,80,90", + "title": "CPU usage", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 2, + "x": 14, + "y": 1 + }, + "height": "150", + "id": 61860, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "mem", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "used_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": "70,80,90", + "title": "RAM usage", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "InfluxDB", + "decimals": 0, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 2, + "x": 16, + "y": 1 + }, + "height": "150", + "id": 61863, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "swap", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "used_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": "50,70,90", + "title": "Swap usage", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "InfluxDB", + "decimals": 0, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 2, + "x": 18, + "y": 1 + }, + "height": "150", + "id": 61866, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "disk", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "used_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + }, + { + "condition": "AND", + "key": "path", + "operator": "=", + "value": "/" + } + ] + } + ], + "thresholds": "70,80,90", + "title": "RootFS used", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "InfluxDB", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 20, + "y": 1 + }, + "height": "150", + "id": 61867, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "cpu", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(\"usage_iowait\"), 1s) FROM \"cpu\" WHERE \"host\" =~ /^$server$/ AND \"cpu\" = 'cpu-total' AND $timeFilter GROUP BY time($interval) fill(null)", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_iowait" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ] + } + ], + "thresholds": "30,40,50", + "title": "IOWait", + "type": "singlestat", + "valueFontSize": "100%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 5 + }, + "id": 62045, + "panels": [], + "repeat": null, + "title": "CPU", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 6 + }, + "height": "300", + "hiddenSeries": false, + "id": 28239, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "hide": false, + "measurement": "cpu_percentageBusy", + "policy": "default", + "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /$server$/ and cpu = 'cpu-total' AND $timeFilter GROUP BY time($interval), *", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU usage", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "logBase": 1, + "max": 100, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 14 + }, + "height": "350", + "hiddenSeries": false, + "id": 54694, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "system_load1", + "policy": "default", + "query": "SELECT mean(load1) as short,mean(load5) as medium,mean(load15) as long FROM \"system\" WHERE host =~ /$server$/ AND $timeFilter GROUP BY time($interval), * ORDER BY asc", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Load averages", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 14 + }, + "height": "350", + "hiddenSeries": false, + "id": 61852, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $col", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "processes", + "policy": "default", + "query": "SELECT mean(running) as running, mean(blocked) as blocked, mean(sleeping) as sleeping, mean(stopped) as stopped, mean(zombies) as zombies, mean(paging) as paging, mean(unknown) as unknown FROM \"processes\" WHERE host =~ /$server$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "blocked" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Processes", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 23 + }, + "id": 62046, + "panels": [], + "repeat": null, + "title": "Memory", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 10, + "w": 24, + "x": 0, + "y": 24 + }, + "height": "400", + "hiddenSeries": false, + "id": 12054, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/total/", + "color": "#BF1B00", + "fill": 0, + "linewidth": 2 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "mem_inactive", + "policy": "default", + "query": "SELECT mean(total) as total, mean(used) as used, mean(cached) as cached, mean(free) as free, mean(buffered) as buffered FROM \"mem\" WHERE host =~ /$server$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory usage", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 34 + }, + "id": 62047, + "panels": [], + "repeat": null, + "title": "Kernel", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 35 + }, + "height": "", + "hiddenSeries": false, + "id": 61855, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $col", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "processes", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(context_switches),1s)as \"context switches\" FROM \"kernel\" WHERE host =~ /$server$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "blocked" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Context switches", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 35 + }, + "height": "", + "hiddenSeries": false, + "id": 61960, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $col", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "kernel", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(processes_forked),1s) as forks FROM \"kernel\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval), host fill(null)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "processes_forked" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Forks", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 35 + }, + "height": "", + "hiddenSeries": false, + "id": 62042, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/max/", + "color": "#890F02", + "fill": 0 + }, + { + "alias": "/opened/", + "color": "#0A437C" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $col", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "kernel", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(\"file-max\") as max FROM \"linux_sysctl_fs\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval), host fill(null)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "processes_forked" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "$tag_host: $col", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "kernel", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(\"file-nr\") as opened FROM \"linux_sysctl_fs\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval), host fill(null)", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "processes_forked" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "File descriptors", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 42 + }, + "id": 62048, + "panels": [], + "repeat": null, + "title": "Interrupts", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 43 + }, + "hiddenSeries": false, + "id": 62043, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $tag_irq", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "irq" + ], + "type": "tag" + }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "interrupts", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "total" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "10s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Interrupts", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 50 + }, + "id": 62049, + "panels": [], + "repeat": null, + "title": "Per-cpu usage", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 6, + "x": 0, + "y": 51 + }, + "height": "", + "id": 61868, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "maxPerRow": 4, + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": "cpu", + "scopedVars": { + "cpu": { + "selected": false, + "text": "cpu0", + "value": "cpu0" + } + }, + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $cpu $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "hide": false, + "measurement": "cpu_percentageBusy", + "policy": "default", + "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /$server$/ and cpu = '$cpu' AND $timeFilter GROUP BY time($interval), *", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU usage for $cpu", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "logBase": 1, + "max": 100, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 6, + "x": 6, + "y": 51 + }, + "height": "", + "id": 62058, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "maxPerRow": 4, + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeatIteration": 1625856234816, + "repeatPanelId": 61868, + "scopedVars": { + "cpu": { + "selected": false, + "text": "cpu1", + "value": "cpu1" + } + }, + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $cpu $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "hide": false, + "measurement": "cpu_percentageBusy", + "policy": "default", + "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /$server$/ and cpu = '$cpu' AND $timeFilter GROUP BY time($interval), *", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU usage for $cpu", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "logBase": 1, + "max": 100, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 6, + "x": 12, + "y": 51 + }, + "height": "", + "id": 62059, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "maxPerRow": 4, + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeatIteration": 1625856234816, + "repeatPanelId": 61868, + "scopedVars": { + "cpu": { + "selected": false, + "text": "cpu2", + "value": "cpu2" + } + }, + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $cpu $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "hide": false, + "measurement": "cpu_percentageBusy", + "policy": "default", + "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /$server$/ and cpu = '$cpu' AND $timeFilter GROUP BY time($interval), *", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU usage for $cpu", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "logBase": 1, + "max": 100, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 6, + "x": 18, + "y": 51 + }, + "height": "", + "id": 62060, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "maxPerRow": 4, + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeatIteration": 1625856234816, + "repeatPanelId": 61868, + "scopedVars": { + "cpu": { + "selected": false, + "text": "cpu3", + "value": "cpu3" + } + }, + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $cpu $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "hide": false, + "measurement": "cpu_percentageBusy", + "policy": "default", + "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /$server$/ and cpu = '$cpu' AND $timeFilter GROUP BY time($interval), *", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU usage for $cpu", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "logBase": 1, + "max": 100, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 6, + "x": 0, + "y": 58 + }, + "height": "", + "id": 62061, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "maxPerRow": 4, + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeatIteration": 1625856234816, + "repeatPanelId": 61868, + "scopedVars": { + "cpu": { + "selected": false, + "text": "cpu4", + "value": "cpu4" + } + }, + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $cpu $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "hide": false, + "measurement": "cpu_percentageBusy", + "policy": "default", + "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /$server$/ and cpu = '$cpu' AND $timeFilter GROUP BY time($interval), *", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU usage for $cpu", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "logBase": 1, + "max": 100, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 6, + "x": 6, + "y": 58 + }, + "height": "", + "id": 62062, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "maxPerRow": 4, + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeatIteration": 1625856234816, + "repeatPanelId": 61868, + "scopedVars": { + "cpu": { + "selected": false, + "text": "cpu5", + "value": "cpu5" + } + }, + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $cpu $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "hide": false, + "measurement": "cpu_percentageBusy", + "policy": "default", + "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /$server$/ and cpu = '$cpu' AND $timeFilter GROUP BY time($interval), *", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU usage for $cpu", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "logBase": 1, + "max": 100, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 6, + "x": 12, + "y": 58 + }, + "height": "", + "id": 62063, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "maxPerRow": 4, + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeatIteration": 1625856234816, + "repeatPanelId": 61868, + "scopedVars": { + "cpu": { + "selected": false, + "text": "cpu6", + "value": "cpu6" + } + }, + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $cpu $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "hide": false, + "measurement": "cpu_percentageBusy", + "policy": "default", + "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /$server$/ and cpu = '$cpu' AND $timeFilter GROUP BY time($interval), *", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU usage for $cpu", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "logBase": 1, + "max": 100, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 6, + "x": 18, + "y": 58 + }, + "height": "", + "id": 62064, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "maxPerRow": 4, + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeatIteration": 1625856234816, + "repeatPanelId": 61868, + "scopedVars": { + "cpu": { + "selected": false, + "text": "cpu7", + "value": "cpu7" + } + }, + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $cpu $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "hide": false, + "measurement": "cpu_percentageBusy", + "policy": "default", + "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /$server$/ and cpu = '$cpu' AND $timeFilter GROUP BY time($interval), *", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU usage for $cpu", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "logBase": 1, + "max": 100, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 65 + }, + "id": 62050, + "panels": [], + "repeat": null, + "title": "Conntrack", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 66 + }, + "id": 61991, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/.*: max.*/", + "color": "#890F02", + "fill": 0 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$server: current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "conntrack", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "ip_conntrack_count" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "$server: maximum", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "conntrack", + "policy": "default", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "ip_conntrack_max" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Netfilter conntrack usage", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 73 + }, + "id": 62051, + "panels": [], + "repeat": null, + "title": "Network stack (TCP)", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 74 + }, + "id": 61854, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT mean(tcp_close) as CLOSED, mean(tcp_close_wait) as CLOSE_WAIT, mean(tcp_closing) as CLOSING, mean(tcp_established) as ESTABLISHED, mean(tcp_fin_wait1) as FIN_WAIT1, mean(tcp_fin_wait2) as FIN_WAIT2, mean(tcp_last_ack) as LAST_ACK, mean(tcp_syn_recv) as SYN_RECV, mean(tcp_syn_sent) as SYN_SENT, mean(tcp_time_wait) as TIME_WAIT FROM \"netstat\" WHERE host =~ /$server$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "TCP connections", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 81 + }, + "id": 61969, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/in/", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "on close", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(tcp_estabresets), 1s) FROM \"net\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval) fill(null)", + "rawQuery": false, + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "TcpExtTCPAbortOnClose" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "on data", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(tcp_estabresets), 1s) FROM \"net\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval) fill(null)", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "TcpExtTCPAbortOnData" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "timeout", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(tcp_estabresets), 1s) FROM \"net\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval) fill(null)", + "rawQuery": false, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "TcpExtTCPAbortOnTimeout" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "failed", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(tcp_estabresets), 1s) FROM \"net\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval) fill(null)", + "rawQuery": false, + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "TcpExtTCPAbortFailed" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "linger", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(tcp_estabresets), 1s) FROM \"net\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval) fill(null)", + "rawQuery": false, + "refId": "E", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "TcpExtTCPAbortOnLinger" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "memory", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(tcp_estabresets), 1s) FROM \"net\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval) fill(null)", + "rawQuery": false, + "refId": "F", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "TcpExtTCPAbortOnMemory" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "TCP aborts", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "ops", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "decimals": 0, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 88 + }, + "id": 61968, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/in/", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "estabresets", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "net", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(tcp_estabresets), 1s) FROM \"net\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval) fill(null)", + "rawQuery": true, + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "tcp_estabresets" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "outrsts", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "net", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(tcp_outrsts), 1s) FROM \"net\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval) fill(null)", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "tcp_estabresets" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "activeopens", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "net", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(tcp_activeopens), 1s) FROM \"net\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval) fill(null)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "tcp_estabresets" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "passiveopens", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "net", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(tcp_passiveopens), 1s) FROM \"net\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval) fill(null)", + "rawQuery": true, + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "tcp_estabresets" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "TCP handshake issues", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "ops", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 95 + }, + "id": 61967, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/in/", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "failed", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "TcpExtSyncookiesFailed" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "received", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "TcpExtSyncookiesRecv" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "sent", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "TcpExtSyncookiesSent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "TCP SYN cookies", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 95 + }, + "id": 61978, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/in/", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "in echos", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "IcmpInEchos" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "out echos", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "IcmpOutEchos" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "in echo responses", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "IcmpInEchoReps" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "out echo responses", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "IcmpOutEchoReps" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "ICMP packets", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "decimals": 1, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 95 + }, + "id": 61979, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/in/", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "in errors", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "IcmpInErrors" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "out errors", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "IcmpOutErrors" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "checksum errors", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "IcmpInCsumErrors" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "ICMP errors", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 102 + }, + "id": 61980, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/in/", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "in discards", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "IpInDiscards" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "out discards", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "IpOutDiscards" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "in hdr errors", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "IpInHdrErrors" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "in addr errors", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "IpInAddrErrors" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "out no routes", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "E", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "IpOutNoRoutes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "in unknown protocol", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "F", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "IpInUnknownProtos" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "IPv4 errors", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 102 + }, + "id": 61981, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/in/", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "in discards", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "Ip6InDiscards" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "out discards", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "Ip6OutDiscards" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "in hdr errors", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "Ip6InHdrErrors" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "in addr errors", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "Ip6InAddrErrors" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "out no routes", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "E", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "Ip6OutNoRoutes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "in unknown protocol", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "F", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "Ip6InUnknownProtos" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "IPv6 errors", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 109 + }, + "id": 62052, + "panels": [], + "repeat": null, + "title": "Network stack (UDP)", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 110 + }, + "id": 61893, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/in/", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(udp_indatagrams), 1s) as \"in datagrams\" FROM \"net\" WHERE host =~ /$server/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(udp_outdatagrams), 1s) as \"out datagrams\" FROM \"net\" WHERE host =~ /$server/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "UDP datagrams", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 117 + }, + "id": 61989, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/in/", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Send buffer errors", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "UdpSndbufErrors" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "Receive buffer errors", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "UdpRcvbufErrors" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "UDP buffer errors", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 117 + }, + "id": 61990, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": false, + "hideZero": false, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/in/", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "checksum errors", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "UdpInCsumErrors" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "in errors", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "UdpInErrors" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "no ports", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "nstat", + "policy": "default", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "UdpNoPorts" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "UDP errors", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 124 + }, + "id": 62053, + "panels": [], + "repeat": "netif", + "scopedVars": { + "netif": { + "selected": false, + "text": "bond0", + "value": "bond0" + } + }, + "title": "Network interface stats for $netif", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 125 + }, + "id": 42026, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "scopedVars": { + "netif": { + "selected": false, + "text": "bond0", + "value": "bond0" + } + }, + "seriesOverrides": [ + { + "alias": "/ in$/", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(bytes_recv),1s)*8 as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(bytes_sent),1s)*8 as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Usage", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bps", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 125 + }, + "id": 28572, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "scopedVars": { + "netif": { + "selected": false, + "text": "bond0", + "value": "bond0" + } + }, + "seriesOverrides": [ + { + "alias": "/ in$/", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(packets_recv), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(packets_sent), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Packets", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "decimals": 1, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 132 + }, + "id": 58901, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "scopedVars": { + "netif": { + "selected": false, + "text": "bond0", + "value": "bond0" + } + }, + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(drop_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network drops", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "label": "Drops per second", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 132 + }, + "id": 50643, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "scopedVars": { + "netif": { + "selected": false, + "text": "bond0", + "value": "bond0" + } + }, + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(err_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(err_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network errors", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "Errors per second", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 139 + }, + "id": 62065, + "panels": [], + "repeatIteration": 1625856234816, + "repeatPanelId": 62053, + "scopedVars": { + "netif": { + "selected": false, + "text": "docker0", + "value": "docker0" + } + }, + "title": "Network interface stats for $netif", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 140 + }, + "id": 62066, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeatIteration": 1625856234816, + "repeatPanelId": 42026, + "repeatedByRow": true, + "scopedVars": { + "netif": { + "selected": false, + "text": "docker0", + "value": "docker0" + } + }, + "seriesOverrides": [ + { + "alias": "/ in$/", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(bytes_recv),1s)*8 as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(bytes_sent),1s)*8 as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Usage", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bps", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 140 + }, + "id": 62067, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeatIteration": 1625856234816, + "repeatPanelId": 28572, + "repeatedByRow": true, + "scopedVars": { + "netif": { + "selected": false, + "text": "docker0", + "value": "docker0" + } + }, + "seriesOverrides": [ + { + "alias": "/ in$/", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(packets_recv), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(packets_sent), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Packets", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "decimals": 1, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 147 + }, + "id": 62068, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeatIteration": 1625856234816, + "repeatPanelId": 58901, + "repeatedByRow": true, + "scopedVars": { + "netif": { + "selected": false, + "text": "docker0", + "value": "docker0" + } + }, + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(drop_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network drops", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "label": "Drops per second", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 147 + }, + "id": 62069, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeatIteration": 1625856234816, + "repeatPanelId": 50643, + "repeatedByRow": true, + "scopedVars": { + "netif": { + "selected": false, + "text": "docker0", + "value": "docker0" + } + }, + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(err_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(err_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network errors", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "Errors per second", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 154 + }, + "id": 62070, + "panels": [], + "repeatIteration": 1625856234816, + "repeatPanelId": 62053, + "scopedVars": { + "netif": { + "selected": false, + "text": "eth0", + "value": "eth0" + } + }, + "title": "Network interface stats for $netif", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 155 + }, + "id": 62071, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeatIteration": 1625856234816, + "repeatPanelId": 42026, + "repeatedByRow": true, + "scopedVars": { + "netif": { + "selected": false, + "text": "eth0", + "value": "eth0" + } + }, + "seriesOverrides": [ + { + "alias": "/ in$/", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(bytes_recv),1s)*8 as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(bytes_sent),1s)*8 as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Usage", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bps", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 155 + }, + "id": 62072, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeatIteration": 1625856234816, + "repeatPanelId": 28572, + "repeatedByRow": true, + "scopedVars": { + "netif": { + "selected": false, + "text": "eth0", + "value": "eth0" + } + }, + "seriesOverrides": [ + { + "alias": "/ in$/", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(packets_recv), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(packets_sent), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Packets", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "decimals": 1, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 162 + }, + "id": 62073, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeatIteration": 1625856234816, + "repeatPanelId": 58901, + "repeatedByRow": true, + "scopedVars": { + "netif": { + "selected": false, + "text": "eth0", + "value": "eth0" + } + }, + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(drop_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network drops", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "label": "Drops per second", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 162 + }, + "id": 62074, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeatIteration": 1625856234816, + "repeatPanelId": 50643, + "repeatedByRow": true, + "scopedVars": { + "netif": { + "selected": false, + "text": "eth0", + "value": "eth0" + } + }, + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(err_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(err_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network errors", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "Errors per second", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 169 + }, + "id": 62075, + "panels": [], + "repeatIteration": 1625856234816, + "repeatPanelId": 62053, + "scopedVars": { + "netif": { + "selected": false, + "text": "eth1", + "value": "eth1" + } + }, + "title": "Network interface stats for $netif", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 170 + }, + "id": 62076, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeatIteration": 1625856234816, + "repeatPanelId": 42026, + "repeatedByRow": true, + "scopedVars": { + "netif": { + "selected": false, + "text": "eth1", + "value": "eth1" + } + }, + "seriesOverrides": [ + { + "alias": "/ in$/", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(bytes_recv),1s)*8 as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(bytes_sent),1s)*8 as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Usage", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bps", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 170 + }, + "id": 62077, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeatIteration": 1625856234816, + "repeatPanelId": 28572, + "repeatedByRow": true, + "scopedVars": { + "netif": { + "selected": false, + "text": "eth1", + "value": "eth1" + } + }, + "seriesOverrides": [ + { + "alias": "/ in$/", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(packets_recv), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(packets_sent), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Packets", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "decimals": 1, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 177 + }, + "id": 62078, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeatIteration": 1625856234816, + "repeatPanelId": 58901, + "repeatedByRow": true, + "scopedVars": { + "netif": { + "selected": false, + "text": "eth1", + "value": "eth1" + } + }, + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(drop_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network drops", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "label": "Drops per second", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 177 + }, + "id": 62079, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeatIteration": 1625856234816, + "repeatPanelId": 50643, + "repeatedByRow": true, + "scopedVars": { + "netif": { + "selected": false, + "text": "eth1", + "value": "eth1" + } + }, + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(err_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(err_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network errors", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "Errors per second", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 184 + }, + "id": 62054, + "panels": [], + "repeat": null, + "title": "Swap", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 185 + }, + "id": 26024, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/in/", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "swap_in", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(\"in\")) as \"in\", non_negative_derivative(mean(\"out\")) as \"out\" FROM \"swap\" WHERE host =~ /$server$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Swap I/O bytes", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 185 + }, + "id": 61850, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/total/", + "color": "#890F02", + "fill": 0 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": true, + "targets": [ + { + "alias": "$tag_host: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "swap_in", + "policy": "default", + "query": "SELECT mean(used) as \"used\", mean(total) as \"total\" FROM \"swap\" WHERE host =~ /$server$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Swap usage (bytes)", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 192 + }, + "id": 62055, + "panels": [], + "repeat": "disk", + "scopedVars": { + "disk": { + "selected": false, + "text": "sda", + "value": "sda" + } + }, + "title": "Disk IOPS for /dev/$disk", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 193 + }, + "id": 13782, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "maxPerRow": 6, + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "scopedVars": { + "disk": { + "selected": false, + "text": "sda", + "value": "sda" + } + }, + "seriesOverrides": [ + { + "alias": "/.*write$/", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $tag_name: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "io_reads", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(reads),1s) as \"read\" FROM \"diskio\" WHERE \"host\" =~ /$server$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($interval), *", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_name: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "io_reads", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(writes),1s) as \"write\" FROM \"diskio\" WHERE \"host\" =~ /$server$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($interval), *", + "rawQuery": true, + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O requests for /dev/$disk", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "iops", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 193 + }, + "id": 60200, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "maxPerRow": 6, + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "scopedVars": { + "disk": { + "selected": false, + "text": "sda", + "value": "sda" + } + }, + "seriesOverrides": [ + { + "alias": "/.*write$/", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $tag_name: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "io_reads", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(read_bytes),1s) as \"read\" FROM \"diskio\" WHERE \"host\" =~ /$server$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($interval), *", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_name: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "io_reads", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(write_bytes),1s) as \"write\" FROM \"diskio\" WHERE \"host\" =~ /$server$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($interval), *", + "rawQuery": true, + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O bytes for /dev/$disk", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 193 + }, + "id": 56720, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "maxPerRow": 6, + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "scopedVars": { + "disk": { + "selected": false, + "text": "sda", + "value": "sda" + } + }, + "seriesOverrides": [ + { + "alias": "/.*write$/", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $tag_name: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "io_reads", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(read_time),1s) as \"read\" FROM \"diskio\" WHERE \"host\" =~ /$server$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($interval), *", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_name: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "io_reads", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(write_time),1s) as \"write\" FROM \"diskio\" WHERE \"host\" =~ /$server$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($interval), *", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O time for /dev/$disk", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "ms", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 200 + }, + "id": 62056, + "panels": [], + "repeat": "mountpoint", + "scopedVars": { + "mountpoint": { + "selected": false, + "text": "/", + "value": "/" + } + }, + "title": "Disk space usage for $mountpoint", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 201 + }, + "id": 52240, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "maxPerRow": 4, + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "scopedVars": { + "mountpoint": { + "selected": false, + "text": "/", + "value": "/" + } + }, + "seriesOverrides": [ + { + "alias": "/total/", + "color": "#BF1B00", + "fill": 0, + "linewidth": 2, + "zindex": 3 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": true, + "targets": [ + { + "alias": "$tag_host: mountpoint $tag_path - $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "disk_total", + "policy": "default", + "query": "SELECT mean(total) AS \"total\", mean(used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$server$/ AND \"path\" =~ /^$mountpoint$/AND $timeFilter GROUP BY time($interval), \"host\", \"path\"", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk usage for $mountpoint", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 201 + }, + "id": 33458, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [], + "maxPerRow": 4, + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "scopedVars": { + "mountpoint": { + "selected": false, + "text": "/", + "value": "/" + } + }, + "seriesOverrides": [ + { + "alias": "/used/", + "color": "#447EBC", + "zindex": 3 + }, + { + "alias": "/total/", + "bars": false, + "color": "#BF1B00", + "fill": 0, + "lines": true, + "linewidth": 1 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": true, + "targets": [ + { + "alias": "$tag_host: mountpoint $tag_path - $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "disk_inodes_free", + "policy": "default", + "query": "SELECT mean(inodes_used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$server$/ AND \"path\" =~ /^$mountpoint$/ AND $timeFilter GROUP BY time($interval), \"host\", \"path\"", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: mountpoint $tag_path - $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "disk_inodes_free", + "policy": "default", + "query": "SELECT mean(inodes_free) + mean(inodes_used) as \"total\" FROM \"disk\" WHERE \"host\" =~ /$server$/ AND \"path\" =~ /^$mountpoint$/ AND $timeFilter GROUP BY time($interval), \"host\", \"path\"", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk inodes for $mountpoint", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 208 + }, + "id": 62080, + "panels": [], + "repeatIteration": 1625856234816, + "repeatPanelId": 62056, + "scopedVars": { + "mountpoint": { + "selected": false, + "text": "/nsm", + "value": "/nsm" + } + }, + "title": "Disk space usage for $mountpoint", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 209 + }, + "id": 62081, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "maxPerRow": 4, + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "repeatIteration": 1625856234816, + "repeatPanelId": 52240, + "repeatedByRow": true, + "scopedVars": { + "mountpoint": { + "selected": false, + "text": "/nsm", + "value": "/nsm" + } + }, + "seriesOverrides": [ + { + "alias": "/total/", + "color": "#BF1B00", + "fill": 0, + "linewidth": 2, + "zindex": 3 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": true, + "targets": [ + { + "alias": "$tag_host: mountpoint $tag_path - $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "disk_total", + "policy": "default", + "query": "SELECT mean(total) AS \"total\", mean(used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$server$/ AND \"path\" =~ /^$mountpoint$/AND $timeFilter GROUP BY time($interval), \"host\", \"path\"", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk usage for $mountpoint", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 209 + }, + "id": 62082, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [], + "maxPerRow": 4, + "nullPointMode": "connected", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "repeatIteration": 1625856234816, + "repeatPanelId": 33458, + "repeatedByRow": true, + "scopedVars": { + "mountpoint": { + "selected": false, + "text": "/nsm", + "value": "/nsm" + } + }, + "seriesOverrides": [ + { + "alias": "/used/", + "color": "#447EBC", + "zindex": 3 + }, + { + "alias": "/total/", + "bars": false, + "color": "#BF1B00", + "fill": 0, + "lines": true, + "linewidth": 1 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": true, + "targets": [ + { + "alias": "$tag_host: mountpoint $tag_path - $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "disk_inodes_free", + "policy": "default", + "query": "SELECT mean(inodes_used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$server$/ AND \"path\" =~ /^$mountpoint$/ AND $timeFilter GROUP BY time($interval), \"host\", \"path\"", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: mountpoint $tag_path - $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "disk_inodes_free", + "policy": "default", + "query": "SELECT mean(inodes_free) + mean(inodes_used) as \"total\" FROM \"disk\" WHERE \"host\" =~ /$server$/ AND \"path\" =~ /^$mountpoint$/ AND $timeFilter GROUP BY time($interval), \"host\", \"path\"", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk inodes for $mountpoint", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 216 + }, + "id": 62057, + "panels": [], + "repeat": null, + "title": "Metrics velocity", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 6, + "x": 0, + "y": 217 + }, + "id": 62001, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": false, + "min": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Delivery time", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "internal_write", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "write_time_ns" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "10s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Delivery time", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "ns", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 6, + "x": 6, + "y": 217 + }, + "id": 62004, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": false, + "min": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Gather time", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "internal_gather", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "gather_time_ns" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "10s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Gather time", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "ns", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 6, + "x": 12, + "y": 217 + }, + "id": 62003, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": false, + "min": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Metrics written", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "internal_agent", + "policy": "default", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "metrics_written" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "10s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Written metrics", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 6, + "x": 18, + "y": 217 + }, + "id": 62002, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": false, + "min": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Gather errors", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "internal_agent", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "gather_errors" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "10s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + }, + { + "alias": "Dropped metrics", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "internal_agent", + "policy": "default", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "metrics_dropped" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "10s" + ], + "type": "non_negative_derivative" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Error rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": "1m", + "schemaVersion": 27, + "style": "dark", + "tags": [ + "influxdb", + "telegraf" + ], + "templating": { + "list": [ + { + "allFormat": "glob", + "current": { + "selected": false, + "text": "InfluxDB", + "value": "InfluxDB" + }, + "datasource": "InfluxDB telegraf", + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": "", + "multi": false, + "name": "datasource", + "options": [], + "query": "influxdb", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "auto": true, + "auto_count": 100, + "auto_min": "30s", + "current": { + "selected": false, + "text": "10s", + "value": "10s" + }, + "datasource": null, + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": "Sampling", + "multi": false, + "name": "inter", + "options": [ + { + "selected": false, + "text": "auto", + "value": "$__auto_interval_inter" + }, + { + "selected": true, + "text": "10s", + "value": "10s" + }, + { + "selected": false, + "text": "30s", + "value": "30s" + }, + { + "selected": false, + "text": "1m", + "value": "1m" + }, + { + "selected": false, + "text": "2m", + "value": "2m" + }, + { + "selected": false, + "text": "5m", + "value": "5m" + }, + { + "selected": false, + "text": "10m", + "value": "10m" + }, + { + "selected": false, + "text": "30m", + "value": "30m" + }, + { + "selected": false, + "text": "1h", + "value": "1h" + } + ], + "query": "10s,30s,1m,2m,5m,10m,30m,1h", + "refresh": 2, + "skipUrlSync": false, + "type": "interval" + }, + { + "allValue": null, + "current": { + "selected": false, + "text": "jppce2360sa-influx-scripts", + "value": "jppce2360sa-influx-scripts" + }, + "datasource": "InfluxDB", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": "Server", + "multi": false, + "name": "server", + "options": [], + "query": "SHOW TAG VALUES FROM system WITH KEY=host", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": null, + "tags": [], + "tagsQuery": null, + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": "$datasource", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": true, + "label": "Mountpoint", + "multi": true, + "name": "mountpoint", + "options": [], + "query": "SHOW TAG VALUES FROM \"disk\" WITH KEY = \"path\" WHERE host =~ /$server/", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": null, + "tags": [], + "tagsQuery": null, + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": "$datasource", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": true, + "label": "CPU", + "multi": true, + "name": "cpu", + "options": [], + "query": "SHOW TAG VALUES FROM \"cpu\" WITH KEY = \"cpu\" WHERE host =~ /$server/", + "refresh": 1, + "regex": "/cpu[0-9]/", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": null, + "tags": [], + "tagsQuery": null, + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": "$datasource", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": true, + "label": "Disk", + "multi": true, + "name": "disk", + "options": [], + "query": "SHOW TAG VALUES FROM \"diskio\" WITH KEY = \"name\" WHERE host =~ /$server/", + "refresh": 1, + "regex": "[a-z]d[\\D]$|nvme[\\d]n[\\d]$", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": null, + "tags": [], + "tagsQuery": null, + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": "$datasource", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": true, + "label": "Network interface", + "multi": true, + "name": "netif", + "options": [], + "query": "SHOW TAG VALUES FROM \"net\" WITH KEY = \"interface\" WHERE host =~ /$server/", + "refresh": 1, + "regex": "^(?!.*veth|all|tap).*$", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": null, + "tags": [], + "tagsQuery": null, + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "Telegraf: system dashboard", + "uid": "000000127", + "version": 1 + } diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 21f421571..288a90c16 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -133,42 +133,39 @@ grafana: y: 9 h: 1 w: 24 - cpu_docker_combined_current: + cpu_docker_combined_current_graph: gridPos: x: 0 y: 10 h: 8 w: 24 - cpu_docker_combined_trend: + cpu_docker_combined_trend_graph: gridPos: x: 0 y: 18 h: 8 w: 24 - memory_used_docker_combined_current: + memory_used_docker_combined_current_graph: gridPos: x: 0 y: 26 h: 8 w: 24 - memory_used_docker_combined_trend: + memory_used_docker_combined_trend_graph: gridPos: x: 0 y: 34 h: 8 w: 24 -# cpu_usage_idle: -# enabled: true -# trend: true -# gridPos: -# h: 10 -# w: 20 -# x: 0 -# y: 0 -# cpu_usage_tasks: {} -# disk_io: {} -# disk_used_root: {} -# disk_used_nsm: {} -# elasticsearch_cpu_usage: {} -# elasticsearch_documents_count: {} -# elasticsearch_field_data_cache_size: {} + network_usage_docker_combined_current_graph: + gridPos: + x: 0 + y: 42 + h: 8 + w: 24 + network_usage_docker_combined_trend_graph: + gridPos: + x: 0 + y: 50 + h: 8 + w: 24 diff --git a/salt/grafana/panels/cpu_docker_combined_current.json.jinja b/salt/grafana/panels/cpu_docker_combined_current_graph.json.jinja similarity index 91% rename from salt/grafana/panels/cpu_docker_combined_current.json.jinja rename to salt/grafana/panels/cpu_docker_combined_current_graph.json.jinja index 57d83cba5..72c6e928f 100644 --- a/salt/grafana/panels/cpu_docker_combined_current.json.jinja +++ b/salt/grafana/panels/cpu_docker_combined_current_graph.json.jinja @@ -2,10 +2,10 @@ "type": "graph", "title": "Container CPU Usage Current", "gridPos": { - "x": {{ PANELS.cpu_docker_combined_current.gridPos.x }}, - "y": {{ PANELS.cpu_docker_combined_current.gridPos.y }}, - "w": {{ PANELS.cpu_docker_combined_current.gridPos.w }}, - "h": {{ PANELS.cpu_docker_combined_current.gridPos.h }} + "x": {{ PANELS.cpu_docker_combined_current_graph.gridPos.x }}, + "y": {{ PANELS.cpu_docker_combined_current_graph.gridPos.y }}, + "w": {{ PANELS.cpu_docker_combined_current_graph.gridPos.w }}, + "h": {{ PANELS.cpu_docker_combined_current_graph.gridPos.h }} }, "id": 100, "targets": [ diff --git a/salt/grafana/panels/cpu_docker_combined_trend.json.jinja b/salt/grafana/panels/cpu_docker_combined_trend_graph.json.jinja similarity index 91% rename from salt/grafana/panels/cpu_docker_combined_trend.json.jinja rename to salt/grafana/panels/cpu_docker_combined_trend_graph.json.jinja index f83b0bc8d..c1ffd278b 100644 --- a/salt/grafana/panels/cpu_docker_combined_trend.json.jinja +++ b/salt/grafana/panels/cpu_docker_combined_trend_graph.json.jinja @@ -2,10 +2,10 @@ "type": "graph", "title": "Container CPU Usage Trend", "gridPos": { - "x": {{ PANELS.cpu_docker_combined_trend.gridPos.x }}, - "y": {{ PANELS.cpu_docker_combined_trend.gridPos.y }}, - "w": {{ PANELS.cpu_docker_combined_trend.gridPos.w }}, - "h": {{ PANELS.cpu_docker_combined_trend.gridPos.h }} + "x": {{ PANELS.cpu_docker_combined_trend_graph.gridPos.x }}, + "y": {{ PANELS.cpu_docker_combined_trend_graph.gridPos.y }}, + "w": {{ PANELS.cpu_docker_combined_trend_graph.gridPos.w }}, + "h": {{ PANELS.cpu_docker_combined_trend_graph.gridPos.h }} }, "id": 101, "targets": [ diff --git a/salt/grafana/panels/load_average_5_minute_singlestat.json.jinja b/salt/grafana/panels/load_average_5_minute_singlestat.json.jinja index 082e114bc..97559c163 100644 --- a/salt/grafana/panels/load_average_5_minute_singlestat.json.jinja +++ b/salt/grafana/panels/load_average_5_minute_singlestat.json.jinja @@ -90,7 +90,7 @@ ] } ], - "title": "5 Minute Load Average", + "title": "5 Minute Load Average - $cpucount Cores", "type": "stat", "options": { "reduceOptions": { diff --git a/salt/grafana/panels/memory_used_docker_combined_current.json.jinja b/salt/grafana/panels/memory_used_docker_combined_current_graph.json.jinja similarity index 90% rename from salt/grafana/panels/memory_used_docker_combined_current.json.jinja rename to salt/grafana/panels/memory_used_docker_combined_current_graph.json.jinja index 8fb0a62cc..82a6275e9 100644 --- a/salt/grafana/panels/memory_used_docker_combined_current.json.jinja +++ b/salt/grafana/panels/memory_used_docker_combined_current_graph.json.jinja @@ -2,10 +2,10 @@ "type": "graph", "title": "Container Memory Usage Current", "gridPos": { - "x": {{ PANELS.memory_used_docker_combined_current.gridPos.x }}, - "y": {{ PANELS.memory_used_docker_combined_current.gridPos.y }}, - "w": {{ PANELS.memory_used_docker_combined_current.gridPos.w }}, - "h": {{ PANELS.memory_used_docker_combined_current.gridPos.h }} + "x": {{ PANELS.memory_used_docker_combined_current_graph.gridPos.x }}, + "y": {{ PANELS.memory_used_docker_combined_current_graph.gridPos.y }}, + "w": {{ PANELS.memory_used_docker_combined_current_graph.gridPos.w }}, + "h": {{ PANELS.memory_used_docker_combined_current_graph.gridPos.h }} }, "id": 102, "targets": [ diff --git a/salt/grafana/panels/memory_used_docker_combined_trend.json.jinja b/salt/grafana/panels/memory_used_docker_combined_trend_graph.json.jinja similarity index 90% rename from salt/grafana/panels/memory_used_docker_combined_trend.json.jinja rename to salt/grafana/panels/memory_used_docker_combined_trend_graph.json.jinja index d61bb8ff8..92d7d4741 100644 --- a/salt/grafana/panels/memory_used_docker_combined_trend.json.jinja +++ b/salt/grafana/panels/memory_used_docker_combined_trend_graph.json.jinja @@ -2,10 +2,10 @@ "type": "graph", "title": "Container Memory Usage Trend", "gridPos": { - "x": {{ PANELS.memory_used_docker_combined_trend.gridPos.x }}, - "y": {{ PANELS.memory_used_docker_combined_trend.gridPos.y }}, - "w": {{ PANELS.memory_used_docker_combined_trend.gridPos.w }}, - "h": {{ PANELS.memory_used_docker_combined_trend.gridPos.h }} + "x": {{ PANELS.memory_used_docker_combined_trend_graph.gridPos.x }}, + "y": {{ PANELS.memory_used_docker_combined_trend_graph.gridPos.y }}, + "w": {{ PANELS.memory_used_docker_combined_trend_graph.gridPos.w }}, + "h": {{ PANELS.memory_used_docker_combined_trend_graph.gridPos.h }} }, "id": 103, "targets": [ diff --git a/salt/grafana/panels/network_usage_docker_combined_current_graph.json.jinja b/salt/grafana/panels/network_usage_docker_combined_current_graph.json.jinja new file mode 100644 index 000000000..757f9a76c --- /dev/null +++ b/salt/grafana/panels/network_usage_docker_combined_current_graph.json.jinja @@ -0,0 +1,231 @@ +{ + "aliasColors": {}, + "dashLength": 10, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "gridPos": { + "x": {{ PANELS.network_usage_docker_combined_current_graph.gridPos.x }}, + "y": {{ PANELS.network_usage_docker_combined_current_graph.gridPos.y }}, + "w": {{ PANELS.network_usage_docker_combined_current_graph.gridPos.w }}, + "h": {{ PANELS.network_usage_docker_combined_current_graph.gridPos.h }} + }, + "id": 61868, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideZero": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "pluginVersion": "7.5.4", + "pointradius": 2, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "targets": [ + { + "alias": "$tag_container_name RX", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "container_name" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_net", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "rx_bytes" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_derivative", + "params": [ + "1s" + ] + }, + { + "type": "math", + "params": [ + "*8" + ] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=~", + "value": "/^$containers$/" + } + ] + }, + { + "alias": "$tag_container_name TX", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "container_name" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_net", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "tx_bytes" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_derivative", + "params": [ + "1s" + ] + }, + { + "type": "math", + "params": [ + "*8" + ] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=~", + "value": "/^$containers$/" + } + ], + "hide": false + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Container Network Usage Current", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:315", + "format": "bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:316", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + }, + "bars": false, + "dashes": false, + "decimals": null, + "fillGradient": 0, + "hiddenSeries": false, + "percentage": false, + "points": false, + "stack": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null, + "description": "" +} diff --git a/salt/grafana/panels/network_usage_docker_combined_trend_graph.json copy.jinja b/salt/grafana/panels/network_usage_docker_combined_trend_graph.json copy.jinja new file mode 100644 index 000000000..1121cbaf0 --- /dev/null +++ b/salt/grafana/panels/network_usage_docker_combined_trend_graph.json copy.jinja @@ -0,0 +1,231 @@ +{ + "aliasColors": {}, + "dashLength": 10, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "gridPos": { + "x": {{ PANELS.network_usage_docker_combined_trend_graph.gridPos.x }}, + "y": {{ PANELS.network_usage_docker_combined_trend_graph.gridPos.y }}, + "w": {{ PANELS.network_usage_docker_combined_trend_graph.gridPos.w }}, + "h": {{ PANELS.network_usage_docker_combined_trend_graph.gridPos.h }} + }, + "id": 61461, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideZero": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "pluginVersion": "7.5.4", + "pointradius": 2, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "targets": [ + { + "alias": "$tag_container_name RX", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "container_name" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_net", + "orderByTime": "ASC", + "policy": "so_long_term", + "queryType": "randomWalk", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "rx_bytes" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_derivative", + "params": [ + "1s" + ] + }, + { + "type": "math", + "params": [ + "*8" + ] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=~", + "value": "/^$containers$/" + } + ] + }, + { + "alias": "$tag_container_name TX", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "container_name" + ], + "type": "tag" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "docker_container_net", + "orderByTime": "ASC", + "policy": "so_long_term", + "queryType": "randomWalk", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "tx_bytes" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "non_negative_derivative", + "params": [ + "1s" + ] + }, + { + "type": "math", + "params": [ + "*8" + ] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=~", + "value": "/^$containers$/" + } + ], + "hide": false + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Container Network Usage Trend", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:315", + "format": "bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:316", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + }, + "bars": false, + "dashes": false, + "decimals": null, + "fillGradient": 0, + "hiddenSeries": false, + "percentage": false, + "points": false, + "stack": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null, + "description": "" +} From 0acc3cc5376a271518861e9609fc630eb6b720e0 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 12 Jul 2021 14:32:37 -0400 Subject: [PATCH 053/266] rename --- salt/grafana/dashboards/sysdash.json | 12982 ---------------- ...ge_docker_combined_trend_graph.json.jinja} | 0 2 files changed, 12982 deletions(-) delete mode 100644 salt/grafana/dashboards/sysdash.json rename salt/grafana/panels/{network_usage_docker_combined_trend_graph.json copy.jinja => network_usage_docker_combined_trend_graph.json.jinja} (100%) diff --git a/salt/grafana/dashboards/sysdash.json b/salt/grafana/dashboards/sysdash.json deleted file mode 100644 index a942df647..000000000 --- a/salt/grafana/dashboards/sysdash.json +++ /dev/null @@ -1,12982 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "InfluxDB dashboards for telegraf metrics", - "editable": true, - "gnetId": 928, - "graphTooltip": 1, - "id": 10, - "iteration": 1625856234816, - "links": [], - "panels": [ - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 62044, - "panels": [], - "repeat": null, - "title": "Quick overview", - "type": "row" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "InfluxDB", - "decimals": 1, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "format": "s", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 4, - "x": 0, - "y": 1 - }, - "height": "150", - "id": 61858, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "uptime" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": "", - "title": "Uptime", - "type": "singlestat", - "valueFontSize": "100%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "InfluxDB", - "decimals": 1, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 2, - "x": 4, - "y": 1 - }, - "height": "150", - "id": 61859, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load5" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": "4,8,12", - "title": "LA medium", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "InfluxDB", - "decimals": 0, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 2, - "x": 6, - "y": 1 - }, - "height": "150", - "id": 61862, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "zombies" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": "1,5,10", - "title": "Zombies", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "InfluxDB", - "decimals": 0, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 2, - "x": 8, - "y": 1 - }, - "height": "150", - "id": 61864, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": "1,5,10", - "title": "Processes", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "InfluxDB", - "decimals": 0, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 2, - "x": 10, - "y": 1 - }, - "height": "150", - "id": 61865, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": "1,5,10", - "title": "Threads", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 2, - "x": 12, - "y": 1 - }, - "height": "150", - "id": 61861, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": "70,80,90", - "title": "CPU usage", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 2, - "x": 14, - "y": 1 - }, - "height": "150", - "id": 61860, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": "70,80,90", - "title": "RAM usage", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "InfluxDB", - "decimals": 0, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 2, - "x": 16, - "y": 1 - }, - "height": "150", - "id": 61863, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "swap", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": "50,70,90", - "title": "Swap usage", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "InfluxDB", - "decimals": 0, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 2, - "x": 18, - "y": 1 - }, - "height": "150", - "id": 61866, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - } - ], - "thresholds": "70,80,90", - "title": "RootFS used", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "InfluxDB", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 4, - "x": 20, - "y": 1 - }, - "height": "150", - "id": 61867, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(\"usage_iowait\"), 1s) FROM \"cpu\" WHERE \"host\" =~ /^$server$/ AND \"cpu\" = 'cpu-total' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": "30,40,50", - "title": "IOWait", - "type": "singlestat", - "valueFontSize": "100%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 5 - }, - "id": 62045, - "panels": [], - "repeat": null, - "title": "CPU", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 6 - }, - "height": "300", - "hiddenSeries": false, - "id": 28239, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "hide": false, - "measurement": "cpu_percentageBusy", - "policy": "default", - "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /$server$/ and cpu = 'cpu-total' AND $timeFilter GROUP BY time($interval), *", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU usage", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "logBase": 1, - "max": 100, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 14 - }, - "height": "350", - "hiddenSeries": false, - "id": 54694, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "system_load1", - "policy": "default", - "query": "SELECT mean(load1) as short,mean(load5) as medium,mean(load15) as long FROM \"system\" WHERE host =~ /$server$/ AND $timeFilter GROUP BY time($interval), * ORDER BY asc", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Load averages", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 14 - }, - "height": "350", - "hiddenSeries": false, - "id": 61852, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $col", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "policy": "default", - "query": "SELECT mean(running) as running, mean(blocked) as blocked, mean(sleeping) as sleeping, mean(stopped) as stopped, mean(zombies) as zombies, mean(paging) as paging, mean(unknown) as unknown FROM \"processes\" WHERE host =~ /$server$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "blocked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Processes", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 23 - }, - "id": 62046, - "panels": [], - "repeat": null, - "title": "Memory", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 10, - "w": 24, - "x": 0, - "y": 24 - }, - "height": "400", - "hiddenSeries": false, - "id": 12054, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/total/", - "color": "#BF1B00", - "fill": 0, - "linewidth": 2 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "mem_inactive", - "policy": "default", - "query": "SELECT mean(total) as total, mean(used) as used, mean(cached) as cached, mean(free) as free, mean(buffered) as buffered FROM \"mem\" WHERE host =~ /$server$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory usage", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 34 - }, - "id": 62047, - "panels": [], - "repeat": null, - "title": "Kernel", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 35 - }, - "height": "", - "hiddenSeries": false, - "id": 61855, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $col", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(context_switches),1s)as \"context switches\" FROM \"kernel\" WHERE host =~ /$server$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "blocked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Context switches", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 35 - }, - "height": "", - "hiddenSeries": false, - "id": 61960, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $col", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "kernel", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(processes_forked),1s) as forks FROM \"kernel\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval), host fill(null)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "processes_forked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Forks", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 35 - }, - "height": "", - "hiddenSeries": false, - "id": 62042, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/max/", - "color": "#890F02", - "fill": 0 - }, - { - "alias": "/opened/", - "color": "#0A437C" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $col", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "kernel", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"file-max\") as max FROM \"linux_sysctl_fs\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval), host fill(null)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "processes_forked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "$tag_host: $col", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "kernel", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"file-nr\") as opened FROM \"linux_sysctl_fs\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval), host fill(null)", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "processes_forked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "File descriptors", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 42 - }, - "id": 62048, - "panels": [], - "repeat": null, - "title": "Interrupts", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 43 - }, - "hiddenSeries": false, - "id": 62043, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $tag_irq", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "irq" - ], - "type": "tag" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "interrupts", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "10s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Interrupts", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 50 - }, - "id": 62049, - "panels": [], - "repeat": null, - "title": "Per-cpu usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 51 - }, - "height": "", - "id": 61868, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 4, - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": "cpu", - "scopedVars": { - "cpu": { - "selected": false, - "text": "cpu0", - "value": "cpu0" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $cpu $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "hide": false, - "measurement": "cpu_percentageBusy", - "policy": "default", - "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /$server$/ and cpu = '$cpu' AND $timeFilter GROUP BY time($interval), *", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU usage for $cpu", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "logBase": 1, - "max": 100, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 51 - }, - "height": "", - "id": 62058, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 4, - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatIteration": 1625856234816, - "repeatPanelId": 61868, - "scopedVars": { - "cpu": { - "selected": false, - "text": "cpu1", - "value": "cpu1" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $cpu $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "hide": false, - "measurement": "cpu_percentageBusy", - "policy": "default", - "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /$server$/ and cpu = '$cpu' AND $timeFilter GROUP BY time($interval), *", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU usage for $cpu", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "logBase": 1, - "max": 100, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 51 - }, - "height": "", - "id": 62059, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 4, - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatIteration": 1625856234816, - "repeatPanelId": 61868, - "scopedVars": { - "cpu": { - "selected": false, - "text": "cpu2", - "value": "cpu2" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $cpu $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "hide": false, - "measurement": "cpu_percentageBusy", - "policy": "default", - "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /$server$/ and cpu = '$cpu' AND $timeFilter GROUP BY time($interval), *", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU usage for $cpu", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "logBase": 1, - "max": 100, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 51 - }, - "height": "", - "id": 62060, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 4, - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatIteration": 1625856234816, - "repeatPanelId": 61868, - "scopedVars": { - "cpu": { - "selected": false, - "text": "cpu3", - "value": "cpu3" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $cpu $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "hide": false, - "measurement": "cpu_percentageBusy", - "policy": "default", - "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /$server$/ and cpu = '$cpu' AND $timeFilter GROUP BY time($interval), *", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU usage for $cpu", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "logBase": 1, - "max": 100, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 58 - }, - "height": "", - "id": 62061, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 4, - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatIteration": 1625856234816, - "repeatPanelId": 61868, - "scopedVars": { - "cpu": { - "selected": false, - "text": "cpu4", - "value": "cpu4" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $cpu $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "hide": false, - "measurement": "cpu_percentageBusy", - "policy": "default", - "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /$server$/ and cpu = '$cpu' AND $timeFilter GROUP BY time($interval), *", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU usage for $cpu", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "logBase": 1, - "max": 100, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 58 - }, - "height": "", - "id": 62062, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 4, - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatIteration": 1625856234816, - "repeatPanelId": 61868, - "scopedVars": { - "cpu": { - "selected": false, - "text": "cpu5", - "value": "cpu5" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $cpu $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "hide": false, - "measurement": "cpu_percentageBusy", - "policy": "default", - "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /$server$/ and cpu = '$cpu' AND $timeFilter GROUP BY time($interval), *", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU usage for $cpu", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "logBase": 1, - "max": 100, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 58 - }, - "height": "", - "id": 62063, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 4, - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatIteration": 1625856234816, - "repeatPanelId": 61868, - "scopedVars": { - "cpu": { - "selected": false, - "text": "cpu6", - "value": "cpu6" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $cpu $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "hide": false, - "measurement": "cpu_percentageBusy", - "policy": "default", - "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /$server$/ and cpu = '$cpu' AND $timeFilter GROUP BY time($interval), *", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU usage for $cpu", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "logBase": 1, - "max": 100, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 58 - }, - "height": "", - "id": 62064, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 4, - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatIteration": 1625856234816, - "repeatPanelId": 61868, - "scopedVars": { - "cpu": { - "selected": false, - "text": "cpu7", - "value": "cpu7" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $cpu $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "hide": false, - "measurement": "cpu_percentageBusy", - "policy": "default", - "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /$server$/ and cpu = '$cpu' AND $timeFilter GROUP BY time($interval), *", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU usage for $cpu", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "logBase": 1, - "max": 100, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 65 - }, - "id": 62050, - "panels": [], - "repeat": null, - "title": "Conntrack", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 66 - }, - "id": 61991, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*: max.*/", - "color": "#890F02", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$server: current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "conntrack", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "ip_conntrack_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "$server: maximum", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "conntrack", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "ip_conntrack_max" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Netfilter conntrack usage", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 73 - }, - "id": 62051, - "panels": [], - "repeat": null, - "title": "Network stack (TCP)", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 74 - }, - "id": 61854, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "sort": "avg", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT mean(tcp_close) as CLOSED, mean(tcp_close_wait) as CLOSE_WAIT, mean(tcp_closing) as CLOSING, mean(tcp_established) as ESTABLISHED, mean(tcp_fin_wait1) as FIN_WAIT1, mean(tcp_fin_wait2) as FIN_WAIT2, mean(tcp_last_ack) as LAST_ACK, mean(tcp_syn_recv) as SYN_RECV, mean(tcp_syn_sent) as SYN_SENT, mean(tcp_time_wait) as TIME_WAIT FROM \"netstat\" WHERE host =~ /$server$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "TCP connections", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 81 - }, - "id": 61969, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "sort": "avg", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/in/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "on close", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(tcp_estabresets), 1s) FROM \"net\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "TcpExtTCPAbortOnClose" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "on data", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(tcp_estabresets), 1s) FROM \"net\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "TcpExtTCPAbortOnData" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "timeout", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(tcp_estabresets), 1s) FROM \"net\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "TcpExtTCPAbortOnTimeout" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "failed", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(tcp_estabresets), 1s) FROM \"net\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "TcpExtTCPAbortFailed" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "linger", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(tcp_estabresets), 1s) FROM \"net\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "TcpExtTCPAbortOnLinger" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "memory", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(tcp_estabresets), 1s) FROM \"net\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "TcpExtTCPAbortOnMemory" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "TCP aborts", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "decimals": 0, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 88 - }, - "id": 61968, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "sort": "avg", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/in/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "estabresets", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(tcp_estabresets), 1s) FROM \"net\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": true, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tcp_estabresets" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "outrsts", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(tcp_outrsts), 1s) FROM \"net\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tcp_estabresets" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "activeopens", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(tcp_activeopens), 1s) FROM \"net\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tcp_estabresets" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "passiveopens", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(tcp_passiveopens), 1s) FROM \"net\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": true, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tcp_estabresets" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "TCP handshake issues", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 95 - }, - "id": 61967, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "sort": "avg", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/in/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "failed", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "TcpExtSyncookiesFailed" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "received", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "TcpExtSyncookiesRecv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "sent", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "TcpExtSyncookiesSent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "TCP SYN cookies", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 95 - }, - "id": 61978, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "sort": "avg", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/in/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "in echos", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "IcmpInEchos" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "out echos", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "IcmpOutEchos" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "in echo responses", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "IcmpInEchoReps" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "out echo responses", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "IcmpOutEchoReps" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "ICMP packets", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "decimals": 1, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 95 - }, - "id": 61979, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "sort": "avg", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/in/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "in errors", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "IcmpInErrors" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "out errors", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "IcmpOutErrors" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "checksum errors", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "IcmpInCsumErrors" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "ICMP errors", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 102 - }, - "id": 61980, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "sort": "avg", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/in/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "in discards", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "IpInDiscards" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "out discards", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "IpOutDiscards" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "in hdr errors", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "IpInHdrErrors" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "in addr errors", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "IpInAddrErrors" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "out no routes", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "IpOutNoRoutes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "in unknown protocol", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "IpInUnknownProtos" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "IPv4 errors", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 102 - }, - "id": 61981, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "sort": "avg", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/in/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "in discards", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "Ip6InDiscards" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "out discards", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "Ip6OutDiscards" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "in hdr errors", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "Ip6InHdrErrors" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "in addr errors", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "Ip6InAddrErrors" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "out no routes", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "Ip6OutNoRoutes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "in unknown protocol", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "Ip6InUnknownProtos" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "IPv6 errors", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 109 - }, - "id": 62052, - "panels": [], - "repeat": null, - "title": "Network stack (UDP)", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 110 - }, - "id": 61893, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/in/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(udp_indatagrams), 1s) as \"in datagrams\" FROM \"net\" WHERE host =~ /$server/ AND $timeFilter GROUP BY time($interval), * fill(none)", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(udp_outdatagrams), 1s) as \"out datagrams\" FROM \"net\" WHERE host =~ /$server/ AND $timeFilter GROUP BY time($interval), * fill(none)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "UDP datagrams", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 117 - }, - "id": 61989, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "sort": "avg", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/in/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Send buffer errors", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "UdpSndbufErrors" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "Receive buffer errors", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "UdpRcvbufErrors" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "UDP buffer errors", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 117 - }, - "id": 61990, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "sort": "avg", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/in/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "checksum errors", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "UdpInCsumErrors" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "in errors", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "UdpInErrors" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "no ports", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "nstat", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "UdpNoPorts" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "UDP errors", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 124 - }, - "id": 62053, - "panels": [], - "repeat": "netif", - "scopedVars": { - "netif": { - "selected": false, - "text": "bond0", - "value": "bond0" - } - }, - "title": "Network interface stats for $netif", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 125 - }, - "id": 42026, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "scopedVars": { - "netif": { - "selected": false, - "text": "bond0", - "value": "bond0" - } - }, - "seriesOverrides": [ - { - "alias": "/ in$/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(bytes_recv),1s)*8 as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(bytes_sent),1s)*8 as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Usage", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 125 - }, - "id": 28572, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "scopedVars": { - "netif": { - "selected": false, - "text": "bond0", - "value": "bond0" - } - }, - "seriesOverrides": [ - { - "alias": "/ in$/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(packets_recv), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(packets_sent), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Packets", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "decimals": 1, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 132 - }, - "id": 58901, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "scopedVars": { - "netif": { - "selected": false, - "text": "bond0", - "value": "bond0" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(drop_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network drops", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "label": "Drops per second", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 132 - }, - "id": 50643, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "scopedVars": { - "netif": { - "selected": false, - "text": "bond0", - "value": "bond0" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(err_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(err_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network errors", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Errors per second", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 139 - }, - "id": 62065, - "panels": [], - "repeatIteration": 1625856234816, - "repeatPanelId": 62053, - "scopedVars": { - "netif": { - "selected": false, - "text": "docker0", - "value": "docker0" - } - }, - "title": "Network interface stats for $netif", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 140 - }, - "id": 62066, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatIteration": 1625856234816, - "repeatPanelId": 42026, - "repeatedByRow": true, - "scopedVars": { - "netif": { - "selected": false, - "text": "docker0", - "value": "docker0" - } - }, - "seriesOverrides": [ - { - "alias": "/ in$/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(bytes_recv),1s)*8 as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(bytes_sent),1s)*8 as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Usage", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 140 - }, - "id": 62067, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatIteration": 1625856234816, - "repeatPanelId": 28572, - "repeatedByRow": true, - "scopedVars": { - "netif": { - "selected": false, - "text": "docker0", - "value": "docker0" - } - }, - "seriesOverrides": [ - { - "alias": "/ in$/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(packets_recv), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(packets_sent), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Packets", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "decimals": 1, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 147 - }, - "id": 62068, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatIteration": 1625856234816, - "repeatPanelId": 58901, - "repeatedByRow": true, - "scopedVars": { - "netif": { - "selected": false, - "text": "docker0", - "value": "docker0" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(drop_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network drops", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "label": "Drops per second", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 147 - }, - "id": 62069, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatIteration": 1625856234816, - "repeatPanelId": 50643, - "repeatedByRow": true, - "scopedVars": { - "netif": { - "selected": false, - "text": "docker0", - "value": "docker0" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(err_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(err_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network errors", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Errors per second", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 154 - }, - "id": 62070, - "panels": [], - "repeatIteration": 1625856234816, - "repeatPanelId": 62053, - "scopedVars": { - "netif": { - "selected": false, - "text": "eth0", - "value": "eth0" - } - }, - "title": "Network interface stats for $netif", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 155 - }, - "id": 62071, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatIteration": 1625856234816, - "repeatPanelId": 42026, - "repeatedByRow": true, - "scopedVars": { - "netif": { - "selected": false, - "text": "eth0", - "value": "eth0" - } - }, - "seriesOverrides": [ - { - "alias": "/ in$/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(bytes_recv),1s)*8 as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(bytes_sent),1s)*8 as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Usage", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 155 - }, - "id": 62072, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatIteration": 1625856234816, - "repeatPanelId": 28572, - "repeatedByRow": true, - "scopedVars": { - "netif": { - "selected": false, - "text": "eth0", - "value": "eth0" - } - }, - "seriesOverrides": [ - { - "alias": "/ in$/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(packets_recv), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(packets_sent), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Packets", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "decimals": 1, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 162 - }, - "id": 62073, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatIteration": 1625856234816, - "repeatPanelId": 58901, - "repeatedByRow": true, - "scopedVars": { - "netif": { - "selected": false, - "text": "eth0", - "value": "eth0" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(drop_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network drops", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "label": "Drops per second", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 162 - }, - "id": 62074, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatIteration": 1625856234816, - "repeatPanelId": 50643, - "repeatedByRow": true, - "scopedVars": { - "netif": { - "selected": false, - "text": "eth0", - "value": "eth0" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(err_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(err_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network errors", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Errors per second", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 169 - }, - "id": 62075, - "panels": [], - "repeatIteration": 1625856234816, - "repeatPanelId": 62053, - "scopedVars": { - "netif": { - "selected": false, - "text": "eth1", - "value": "eth1" - } - }, - "title": "Network interface stats for $netif", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 170 - }, - "id": 62076, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatIteration": 1625856234816, - "repeatPanelId": 42026, - "repeatedByRow": true, - "scopedVars": { - "netif": { - "selected": false, - "text": "eth1", - "value": "eth1" - } - }, - "seriesOverrides": [ - { - "alias": "/ in$/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(bytes_recv),1s)*8 as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(bytes_sent),1s)*8 as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Usage", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 170 - }, - "id": 62077, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatIteration": 1625856234816, - "repeatPanelId": 28572, - "repeatedByRow": true, - "scopedVars": { - "netif": { - "selected": false, - "text": "eth1", - "value": "eth1" - } - }, - "seriesOverrides": [ - { - "alias": "/ in$/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(packets_recv), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(packets_sent), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Packets", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "decimals": 1, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 177 - }, - "id": 62078, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatIteration": 1625856234816, - "repeatPanelId": 58901, - "repeatedByRow": true, - "scopedVars": { - "netif": { - "selected": false, - "text": "eth1", - "value": "eth1" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(drop_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network drops", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "label": "Drops per second", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 177 - }, - "id": 62079, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatIteration": 1625856234816, - "repeatPanelId": 50643, - "repeatedByRow": true, - "scopedVars": { - "netif": { - "selected": false, - "text": "eth1", - "value": "eth1" - } - }, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(err_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "dsType": "influxdb", - "function": "derivative", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "interface", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "net_bytes_recv", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(err_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network errors", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Errors per second", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 184 - }, - "id": 62054, - "panels": [], - "repeat": null, - "title": "Swap", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 185 - }, - "id": 26024, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/in/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "swap_in", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(\"in\")) as \"in\", non_negative_derivative(mean(\"out\")) as \"out\" FROM \"swap\" WHERE host =~ /$server$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Swap I/O bytes", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 185 - }, - "id": 61850, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/total/", - "color": "#890F02", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "alias": "$tag_host: $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "swap_in", - "policy": "default", - "query": "SELECT mean(used) as \"used\", mean(total) as \"total\" FROM \"swap\" WHERE host =~ /$server$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Swap usage (bytes)", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 192 - }, - "id": 62055, - "panels": [], - "repeat": "disk", - "scopedVars": { - "disk": { - "selected": false, - "text": "sda", - "value": "sda" - } - }, - "title": "Disk IOPS for /dev/$disk", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 193 - }, - "id": 13782, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "scopedVars": { - "disk": { - "selected": false, - "text": "sda", - "value": "sda" - } - }, - "seriesOverrides": [ - { - "alias": "/.*write$/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $tag_name: $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "path", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "io_reads", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(reads),1s) as \"read\" FROM \"diskio\" WHERE \"host\" =~ /$server$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($interval), *", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_name: $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "path", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "io_reads", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(writes),1s) as \"write\" FROM \"diskio\" WHERE \"host\" =~ /$server$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($interval), *", - "rawQuery": true, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk I/O requests for /dev/$disk", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "iops", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 193 - }, - "id": 60200, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "scopedVars": { - "disk": { - "selected": false, - "text": "sda", - "value": "sda" - } - }, - "seriesOverrides": [ - { - "alias": "/.*write$/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $tag_name: $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "path", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "io_reads", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(read_bytes),1s) as \"read\" FROM \"diskio\" WHERE \"host\" =~ /$server$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($interval), *", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_name: $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "path", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "io_reads", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(write_bytes),1s) as \"write\" FROM \"diskio\" WHERE \"host\" =~ /$server$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($interval), *", - "rawQuery": true, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk I/O bytes for /dev/$disk", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 193 - }, - "id": 56720, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "scopedVars": { - "disk": { - "selected": false, - "text": "sda", - "value": "sda" - } - }, - "seriesOverrides": [ - { - "alias": "/.*write$/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $tag_name: $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "path", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "io_reads", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(read_time),1s) as \"read\" FROM \"diskio\" WHERE \"host\" =~ /$server$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($interval), *", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_name: $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "path", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "io_reads", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(write_time),1s) as \"write\" FROM \"diskio\" WHERE \"host\" =~ /$server$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($interval), *", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk I/O time for /dev/$disk", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 200 - }, - "id": 62056, - "panels": [], - "repeat": "mountpoint", - "scopedVars": { - "mountpoint": { - "selected": false, - "text": "/", - "value": "/" - } - }, - "title": "Disk space usage for $mountpoint", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 201 - }, - "id": 52240, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 4, - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "scopedVars": { - "mountpoint": { - "selected": false, - "text": "/", - "value": "/" - } - }, - "seriesOverrides": [ - { - "alias": "/total/", - "color": "#BF1B00", - "fill": 0, - "linewidth": 2, - "zindex": 3 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "alias": "$tag_host: mountpoint $tag_path - $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "path", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "disk_total", - "policy": "default", - "query": "SELECT mean(total) AS \"total\", mean(used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$server$/ AND \"path\" =~ /^$mountpoint$/AND $timeFilter GROUP BY time($interval), \"host\", \"path\"", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk usage for $mountpoint", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 201 - }, - "id": 33458, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "maxPerRow": 4, - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "scopedVars": { - "mountpoint": { - "selected": false, - "text": "/", - "value": "/" - } - }, - "seriesOverrides": [ - { - "alias": "/used/", - "color": "#447EBC", - "zindex": 3 - }, - { - "alias": "/total/", - "bars": false, - "color": "#BF1B00", - "fill": 0, - "lines": true, - "linewidth": 1 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "alias": "$tag_host: mountpoint $tag_path - $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "path", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "disk_inodes_free", - "policy": "default", - "query": "SELECT mean(inodes_used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$server$/ AND \"path\" =~ /^$mountpoint$/ AND $timeFilter GROUP BY time($interval), \"host\", \"path\"", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: mountpoint $tag_path - $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "path", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "disk_inodes_free", - "policy": "default", - "query": "SELECT mean(inodes_free) + mean(inodes_used) as \"total\" FROM \"disk\" WHERE \"host\" =~ /$server$/ AND \"path\" =~ /^$mountpoint$/ AND $timeFilter GROUP BY time($interval), \"host\", \"path\"", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk inodes for $mountpoint", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 208 - }, - "id": 62080, - "panels": [], - "repeatIteration": 1625856234816, - "repeatPanelId": 62056, - "scopedVars": { - "mountpoint": { - "selected": false, - "text": "/nsm", - "value": "/nsm" - } - }, - "title": "Disk space usage for $mountpoint", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 209 - }, - "id": 62081, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 4, - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "repeatIteration": 1625856234816, - "repeatPanelId": 52240, - "repeatedByRow": true, - "scopedVars": { - "mountpoint": { - "selected": false, - "text": "/nsm", - "value": "/nsm" - } - }, - "seriesOverrides": [ - { - "alias": "/total/", - "color": "#BF1B00", - "fill": 0, - "linewidth": 2, - "zindex": 3 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "alias": "$tag_host: mountpoint $tag_path - $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "path", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "disk_total", - "policy": "default", - "query": "SELECT mean(total) AS \"total\", mean(used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$server$/ AND \"path\" =~ /^$mountpoint$/AND $timeFilter GROUP BY time($interval), \"host\", \"path\"", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk usage for $mountpoint", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 209 - }, - "id": 62082, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "maxPerRow": 4, - "nullPointMode": "connected", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "repeatIteration": 1625856234816, - "repeatPanelId": 33458, - "repeatedByRow": true, - "scopedVars": { - "mountpoint": { - "selected": false, - "text": "/nsm", - "value": "/nsm" - } - }, - "seriesOverrides": [ - { - "alias": "/used/", - "color": "#447EBC", - "zindex": 3 - }, - { - "alias": "/total/", - "bars": false, - "color": "#BF1B00", - "fill": 0, - "lines": true, - "linewidth": 1 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": true, - "targets": [ - { - "alias": "$tag_host: mountpoint $tag_path - $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "path", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "disk_inodes_free", - "policy": "default", - "query": "SELECT mean(inodes_used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$server$/ AND \"path\" =~ /^$mountpoint$/ AND $timeFilter GROUP BY time($interval), \"host\", \"path\"", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: mountpoint $tag_path - $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "path", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "disk_inodes_free", - "policy": "default", - "query": "SELECT mean(inodes_free) + mean(inodes_used) as \"total\" FROM \"disk\" WHERE \"host\" =~ /$server$/ AND \"path\" =~ /^$mountpoint$/ AND $timeFilter GROUP BY time($interval), \"host\", \"path\"", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk inodes for $mountpoint", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 216 - }, - "id": 62057, - "panels": [], - "repeat": null, - "title": "Metrics velocity", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 217 - }, - "id": 62001, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Delivery time", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "internal_write", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "write_time_ns" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "10s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Delivery time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ns", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 217 - }, - "id": 62004, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Gather time", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "internal_gather", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "gather_time_ns" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "10s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Gather time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ns", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 217 - }, - "id": 62003, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Metrics written", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "internal_agent", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "metrics_written" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "10s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Written metrics", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 217 - }, - "id": 62002, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Gather errors", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "internal_agent", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "gather_errors" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "10s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "Dropped metrics", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "internal_agent", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "metrics_dropped" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "10s" - ], - "type": "non_negative_derivative" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Error rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "1m", - "schemaVersion": 27, - "style": "dark", - "tags": [ - "influxdb", - "telegraf" - ], - "templating": { - "list": [ - { - "allFormat": "glob", - "current": { - "selected": false, - "text": "InfluxDB", - "value": "InfluxDB" - }, - "datasource": "InfluxDB telegraf", - "description": null, - "error": null, - "hide": 0, - "includeAll": false, - "label": "", - "multi": false, - "name": "datasource", - "options": [], - "query": "influxdb", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - }, - { - "auto": true, - "auto_count": 100, - "auto_min": "30s", - "current": { - "selected": false, - "text": "10s", - "value": "10s" - }, - "datasource": null, - "description": null, - "error": null, - "hide": 0, - "includeAll": false, - "label": "Sampling", - "multi": false, - "name": "inter", - "options": [ - { - "selected": false, - "text": "auto", - "value": "$__auto_interval_inter" - }, - { - "selected": true, - "text": "10s", - "value": "10s" - }, - { - "selected": false, - "text": "30s", - "value": "30s" - }, - { - "selected": false, - "text": "1m", - "value": "1m" - }, - { - "selected": false, - "text": "2m", - "value": "2m" - }, - { - "selected": false, - "text": "5m", - "value": "5m" - }, - { - "selected": false, - "text": "10m", - "value": "10m" - }, - { - "selected": false, - "text": "30m", - "value": "30m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - } - ], - "query": "10s,30s,1m,2m,5m,10m,30m,1h", - "refresh": 2, - "skipUrlSync": false, - "type": "interval" - }, - { - "allValue": null, - "current": { - "selected": false, - "text": "jppce2360sa-influx-scripts", - "value": "jppce2360sa-influx-scripts" - }, - "datasource": "InfluxDB", - "definition": "", - "description": null, - "error": null, - "hide": 0, - "includeAll": false, - "label": "Server", - "multi": false, - "name": "server", - "options": [], - "query": "SHOW TAG VALUES FROM system WITH KEY=host", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": null, - "tags": [], - "tagsQuery": null, - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": "$datasource", - "definition": "", - "description": null, - "error": null, - "hide": 0, - "includeAll": true, - "label": "Mountpoint", - "multi": true, - "name": "mountpoint", - "options": [], - "query": "SHOW TAG VALUES FROM \"disk\" WITH KEY = \"path\" WHERE host =~ /$server/", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": null, - "tags": [], - "tagsQuery": null, - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": "$datasource", - "definition": "", - "description": null, - "error": null, - "hide": 0, - "includeAll": true, - "label": "CPU", - "multi": true, - "name": "cpu", - "options": [], - "query": "SHOW TAG VALUES FROM \"cpu\" WITH KEY = \"cpu\" WHERE host =~ /$server/", - "refresh": 1, - "regex": "/cpu[0-9]/", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": null, - "tags": [], - "tagsQuery": null, - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": "$datasource", - "definition": "", - "description": null, - "error": null, - "hide": 0, - "includeAll": true, - "label": "Disk", - "multi": true, - "name": "disk", - "options": [], - "query": "SHOW TAG VALUES FROM \"diskio\" WITH KEY = \"name\" WHERE host =~ /$server/", - "refresh": 1, - "regex": "[a-z]d[\\D]$|nvme[\\d]n[\\d]$", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": null, - "tags": [], - "tagsQuery": null, - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": "$datasource", - "definition": "", - "description": null, - "error": null, - "hide": 0, - "includeAll": true, - "label": "Network interface", - "multi": true, - "name": "netif", - "options": [], - "query": "SHOW TAG VALUES FROM \"net\" WITH KEY = \"interface\" WHERE host =~ /$server/", - "refresh": 1, - "regex": "^(?!.*veth|all|tap).*$", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": null, - "tags": [], - "tagsQuery": null, - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Telegraf: system dashboard", - "uid": "000000127", - "version": 1 - } diff --git a/salt/grafana/panels/network_usage_docker_combined_trend_graph.json copy.jinja b/salt/grafana/panels/network_usage_docker_combined_trend_graph.json.jinja similarity index 100% rename from salt/grafana/panels/network_usage_docker_combined_trend_graph.json copy.jinja rename to salt/grafana/panels/network_usage_docker_combined_trend_graph.json.jinja From 98fe7e8700e1384d6ff2d594601ac32e0beccb1d Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 12 Jul 2021 14:37:17 -0400 Subject: [PATCH 054/266] fix mean --- .../network_usage_docker_combined_trend_graph.json.jinja | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/grafana/panels/network_usage_docker_combined_trend_graph.json.jinja b/salt/grafana/panels/network_usage_docker_combined_trend_graph.json.jinja index 1121cbaf0..f07c3e158 100644 --- a/salt/grafana/panels/network_usage_docker_combined_trend_graph.json.jinja +++ b/salt/grafana/panels/network_usage_docker_combined_trend_graph.json.jinja @@ -71,7 +71,7 @@ { "type": "field", "params": [ - "rx_bytes" + "mean_rx_bytes" ] }, { @@ -139,7 +139,7 @@ { "type": "field", "params": [ - "tx_bytes" + "mean_tx_bytes" ] }, { From b6e31278a74e90c063f18f4fc9aa2bfbd303ebac Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Jul 2021 08:57:01 -0400 Subject: [PATCH 055/266] move old panels into old for organization --- salt/grafana/panels/{ => old}/cpu_usage_idle.json.jinja | 0 salt/grafana/panels/{ => old}/cpu_usage_tasks.json.jinja | 0 salt/grafana/panels/{ => old}/disk_io.json.jinja | 0 salt/grafana/panels/{ => old}/disk_used_nsm.json.jinja | 0 salt/grafana/panels/{ => old}/disk_used_root.json.jinja | 0 salt/grafana/panels/{ => old}/elasticsearch_cpu_usage.json.jinja | 0 .../panels/{ => old}/elasticsearch_documents_count.json.jinja | 0 .../{ => old}/elasticsearch_field_data_cache_size.json.jinja | 0 salt/grafana/panels/{ => old}/elasticsearch_store_size.json.jinja | 0 .../panels/{ => old}/elasticsearch_thread_count.json.jinja | 0 salt/grafana/panels/{ => old}/estimated_eps.json.jinja | 0 salt/grafana/panels/{ => old}/estimated_eps_singlestat.json.jinja | 0 salt/grafana/panels/{ => old}/influxdb_cpu_usage.json.jinja | 0 salt/grafana/panels/{ => old}/influxdb_size.json.jinja | 0 salt/grafana/panels/{ => old}/influxdb_traffic.json.jinja | 0 salt/grafana/panels/{ => old}/io_wait.json.jinja | 0 salt/grafana/panels/{ => old}/io_wait_singlestat.json.jinja | 0 salt/grafana/panels/{ => old}/kibana_cpu_usage.json.jinja | 0 salt/grafana/panels/{ => old}/load_average.json.jinja | 0 salt/grafana/panels/{ => old}/logstash_cpu_usage.json.jinja | 0 salt/grafana/panels/{ => old}/logstash_traffic.json.jinja | 0 salt/grafana/panels/{ => old}/management_traffic.json.jinja | 0 salt/grafana/panels/{ => old}/memory_usage_current.json.jinja | 0 salt/grafana/panels/{ => old}/memory_used.json.jinja | 0 salt/grafana/panels/{ => old}/monitor_traffic.json.jinja | 0 salt/grafana/panels/{ => old}/pcap_packet_loss.json.jinja | 0 salt/grafana/panels/{ => old}/pcap_retention.json.jinja | 0 salt/grafana/panels/{ => old}/processes_states.json.jinja | 0 salt/grafana/panels/{ => old}/proxy_traffic.json.jinja | 0 salt/grafana/panels/{ => old}/redis_cpu_usage.json.jinja | 0 salt/grafana/panels/{ => old}/redis_memory_usage.json.jinja | 0 salt/grafana/panels/{ => old}/redis_queue.json.jinja | 0 salt/grafana/panels/{ => old}/stenographer_cpu_usage.json.jinja | 0 .../grafana/panels/{ => old}/stenographer_memory_usage.json.jinja | 0 salt/grafana/panels/{ => old}/suricata_cpu_usage.json.jinja | 0 salt/grafana/panels/{ => old}/suricata_memory_usage.json.jinja | 0 salt/grafana/panels/{ => old}/suricata_packet_loss.json.jinja | 0 salt/grafana/panels/{ => old}/total_threads.json.jinja | 0 salt/grafana/panels/{ => old}/zeek_capture_loss.json.jinja | 0 salt/grafana/panels/{ => old}/zeek_cpu_usage.json.jinja | 0 salt/grafana/panels/{ => old}/zeek_memory_usage.json.jinja | 0 salt/grafana/panels/{ => old}/zeek_packet_loss.json.jinja | 0 .../grafana/panels/{ => old}/zeek_restarts_healthcheck.json.jinja | 0 43 files changed, 0 insertions(+), 0 deletions(-) rename salt/grafana/panels/{ => old}/cpu_usage_idle.json.jinja (100%) rename salt/grafana/panels/{ => old}/cpu_usage_tasks.json.jinja (100%) rename salt/grafana/panels/{ => old}/disk_io.json.jinja (100%) rename salt/grafana/panels/{ => old}/disk_used_nsm.json.jinja (100%) rename salt/grafana/panels/{ => old}/disk_used_root.json.jinja (100%) rename salt/grafana/panels/{ => old}/elasticsearch_cpu_usage.json.jinja (100%) rename salt/grafana/panels/{ => old}/elasticsearch_documents_count.json.jinja (100%) rename salt/grafana/panels/{ => old}/elasticsearch_field_data_cache_size.json.jinja (100%) rename salt/grafana/panels/{ => old}/elasticsearch_store_size.json.jinja (100%) rename salt/grafana/panels/{ => old}/elasticsearch_thread_count.json.jinja (100%) rename salt/grafana/panels/{ => old}/estimated_eps.json.jinja (100%) rename salt/grafana/panels/{ => old}/estimated_eps_singlestat.json.jinja (100%) rename salt/grafana/panels/{ => old}/influxdb_cpu_usage.json.jinja (100%) rename salt/grafana/panels/{ => old}/influxdb_size.json.jinja (100%) rename salt/grafana/panels/{ => old}/influxdb_traffic.json.jinja (100%) rename salt/grafana/panels/{ => old}/io_wait.json.jinja (100%) rename salt/grafana/panels/{ => old}/io_wait_singlestat.json.jinja (100%) rename salt/grafana/panels/{ => old}/kibana_cpu_usage.json.jinja (100%) rename salt/grafana/panels/{ => old}/load_average.json.jinja (100%) rename salt/grafana/panels/{ => old}/logstash_cpu_usage.json.jinja (100%) rename salt/grafana/panels/{ => old}/logstash_traffic.json.jinja (100%) rename salt/grafana/panels/{ => old}/management_traffic.json.jinja (100%) rename salt/grafana/panels/{ => old}/memory_usage_current.json.jinja (100%) rename salt/grafana/panels/{ => old}/memory_used.json.jinja (100%) rename salt/grafana/panels/{ => old}/monitor_traffic.json.jinja (100%) rename salt/grafana/panels/{ => old}/pcap_packet_loss.json.jinja (100%) rename salt/grafana/panels/{ => old}/pcap_retention.json.jinja (100%) rename salt/grafana/panels/{ => old}/processes_states.json.jinja (100%) rename salt/grafana/panels/{ => old}/proxy_traffic.json.jinja (100%) rename salt/grafana/panels/{ => old}/redis_cpu_usage.json.jinja (100%) rename salt/grafana/panels/{ => old}/redis_memory_usage.json.jinja (100%) rename salt/grafana/panels/{ => old}/redis_queue.json.jinja (100%) rename salt/grafana/panels/{ => old}/stenographer_cpu_usage.json.jinja (100%) rename salt/grafana/panels/{ => old}/stenographer_memory_usage.json.jinja (100%) rename salt/grafana/panels/{ => old}/suricata_cpu_usage.json.jinja (100%) rename salt/grafana/panels/{ => old}/suricata_memory_usage.json.jinja (100%) rename salt/grafana/panels/{ => old}/suricata_packet_loss.json.jinja (100%) rename salt/grafana/panels/{ => old}/total_threads.json.jinja (100%) rename salt/grafana/panels/{ => old}/zeek_capture_loss.json.jinja (100%) rename salt/grafana/panels/{ => old}/zeek_cpu_usage.json.jinja (100%) rename salt/grafana/panels/{ => old}/zeek_memory_usage.json.jinja (100%) rename salt/grafana/panels/{ => old}/zeek_packet_loss.json.jinja (100%) rename salt/grafana/panels/{ => old}/zeek_restarts_healthcheck.json.jinja (100%) diff --git a/salt/grafana/panels/cpu_usage_idle.json.jinja b/salt/grafana/panels/old/cpu_usage_idle.json.jinja similarity index 100% rename from salt/grafana/panels/cpu_usage_idle.json.jinja rename to salt/grafana/panels/old/cpu_usage_idle.json.jinja diff --git a/salt/grafana/panels/cpu_usage_tasks.json.jinja b/salt/grafana/panels/old/cpu_usage_tasks.json.jinja similarity index 100% rename from salt/grafana/panels/cpu_usage_tasks.json.jinja rename to salt/grafana/panels/old/cpu_usage_tasks.json.jinja diff --git a/salt/grafana/panels/disk_io.json.jinja b/salt/grafana/panels/old/disk_io.json.jinja similarity index 100% rename from salt/grafana/panels/disk_io.json.jinja rename to salt/grafana/panels/old/disk_io.json.jinja diff --git a/salt/grafana/panels/disk_used_nsm.json.jinja b/salt/grafana/panels/old/disk_used_nsm.json.jinja similarity index 100% rename from salt/grafana/panels/disk_used_nsm.json.jinja rename to salt/grafana/panels/old/disk_used_nsm.json.jinja diff --git a/salt/grafana/panels/disk_used_root.json.jinja b/salt/grafana/panels/old/disk_used_root.json.jinja similarity index 100% rename from salt/grafana/panels/disk_used_root.json.jinja rename to salt/grafana/panels/old/disk_used_root.json.jinja diff --git a/salt/grafana/panels/elasticsearch_cpu_usage.json.jinja b/salt/grafana/panels/old/elasticsearch_cpu_usage.json.jinja similarity index 100% rename from salt/grafana/panels/elasticsearch_cpu_usage.json.jinja rename to salt/grafana/panels/old/elasticsearch_cpu_usage.json.jinja diff --git a/salt/grafana/panels/elasticsearch_documents_count.json.jinja b/salt/grafana/panels/old/elasticsearch_documents_count.json.jinja similarity index 100% rename from salt/grafana/panels/elasticsearch_documents_count.json.jinja rename to salt/grafana/panels/old/elasticsearch_documents_count.json.jinja diff --git a/salt/grafana/panels/elasticsearch_field_data_cache_size.json.jinja b/salt/grafana/panels/old/elasticsearch_field_data_cache_size.json.jinja similarity index 100% rename from salt/grafana/panels/elasticsearch_field_data_cache_size.json.jinja rename to salt/grafana/panels/old/elasticsearch_field_data_cache_size.json.jinja diff --git a/salt/grafana/panels/elasticsearch_store_size.json.jinja b/salt/grafana/panels/old/elasticsearch_store_size.json.jinja similarity index 100% rename from salt/grafana/panels/elasticsearch_store_size.json.jinja rename to salt/grafana/panels/old/elasticsearch_store_size.json.jinja diff --git a/salt/grafana/panels/elasticsearch_thread_count.json.jinja b/salt/grafana/panels/old/elasticsearch_thread_count.json.jinja similarity index 100% rename from salt/grafana/panels/elasticsearch_thread_count.json.jinja rename to salt/grafana/panels/old/elasticsearch_thread_count.json.jinja diff --git a/salt/grafana/panels/estimated_eps.json.jinja b/salt/grafana/panels/old/estimated_eps.json.jinja similarity index 100% rename from salt/grafana/panels/estimated_eps.json.jinja rename to salt/grafana/panels/old/estimated_eps.json.jinja diff --git a/salt/grafana/panels/estimated_eps_singlestat.json.jinja b/salt/grafana/panels/old/estimated_eps_singlestat.json.jinja similarity index 100% rename from salt/grafana/panels/estimated_eps_singlestat.json.jinja rename to salt/grafana/panels/old/estimated_eps_singlestat.json.jinja diff --git a/salt/grafana/panels/influxdb_cpu_usage.json.jinja b/salt/grafana/panels/old/influxdb_cpu_usage.json.jinja similarity index 100% rename from salt/grafana/panels/influxdb_cpu_usage.json.jinja rename to salt/grafana/panels/old/influxdb_cpu_usage.json.jinja diff --git a/salt/grafana/panels/influxdb_size.json.jinja b/salt/grafana/panels/old/influxdb_size.json.jinja similarity index 100% rename from salt/grafana/panels/influxdb_size.json.jinja rename to salt/grafana/panels/old/influxdb_size.json.jinja diff --git a/salt/grafana/panels/influxdb_traffic.json.jinja b/salt/grafana/panels/old/influxdb_traffic.json.jinja similarity index 100% rename from salt/grafana/panels/influxdb_traffic.json.jinja rename to salt/grafana/panels/old/influxdb_traffic.json.jinja diff --git a/salt/grafana/panels/io_wait.json.jinja b/salt/grafana/panels/old/io_wait.json.jinja similarity index 100% rename from salt/grafana/panels/io_wait.json.jinja rename to salt/grafana/panels/old/io_wait.json.jinja diff --git a/salt/grafana/panels/io_wait_singlestat.json.jinja b/salt/grafana/panels/old/io_wait_singlestat.json.jinja similarity index 100% rename from salt/grafana/panels/io_wait_singlestat.json.jinja rename to salt/grafana/panels/old/io_wait_singlestat.json.jinja diff --git a/salt/grafana/panels/kibana_cpu_usage.json.jinja b/salt/grafana/panels/old/kibana_cpu_usage.json.jinja similarity index 100% rename from salt/grafana/panels/kibana_cpu_usage.json.jinja rename to salt/grafana/panels/old/kibana_cpu_usage.json.jinja diff --git a/salt/grafana/panels/load_average.json.jinja b/salt/grafana/panels/old/load_average.json.jinja similarity index 100% rename from salt/grafana/panels/load_average.json.jinja rename to salt/grafana/panels/old/load_average.json.jinja diff --git a/salt/grafana/panels/logstash_cpu_usage.json.jinja b/salt/grafana/panels/old/logstash_cpu_usage.json.jinja similarity index 100% rename from salt/grafana/panels/logstash_cpu_usage.json.jinja rename to salt/grafana/panels/old/logstash_cpu_usage.json.jinja diff --git a/salt/grafana/panels/logstash_traffic.json.jinja b/salt/grafana/panels/old/logstash_traffic.json.jinja similarity index 100% rename from salt/grafana/panels/logstash_traffic.json.jinja rename to salt/grafana/panels/old/logstash_traffic.json.jinja diff --git a/salt/grafana/panels/management_traffic.json.jinja b/salt/grafana/panels/old/management_traffic.json.jinja similarity index 100% rename from salt/grafana/panels/management_traffic.json.jinja rename to salt/grafana/panels/old/management_traffic.json.jinja diff --git a/salt/grafana/panels/memory_usage_current.json.jinja b/salt/grafana/panels/old/memory_usage_current.json.jinja similarity index 100% rename from salt/grafana/panels/memory_usage_current.json.jinja rename to salt/grafana/panels/old/memory_usage_current.json.jinja diff --git a/salt/grafana/panels/memory_used.json.jinja b/salt/grafana/panels/old/memory_used.json.jinja similarity index 100% rename from salt/grafana/panels/memory_used.json.jinja rename to salt/grafana/panels/old/memory_used.json.jinja diff --git a/salt/grafana/panels/monitor_traffic.json.jinja b/salt/grafana/panels/old/monitor_traffic.json.jinja similarity index 100% rename from salt/grafana/panels/monitor_traffic.json.jinja rename to salt/grafana/panels/old/monitor_traffic.json.jinja diff --git a/salt/grafana/panels/pcap_packet_loss.json.jinja b/salt/grafana/panels/old/pcap_packet_loss.json.jinja similarity index 100% rename from salt/grafana/panels/pcap_packet_loss.json.jinja rename to salt/grafana/panels/old/pcap_packet_loss.json.jinja diff --git a/salt/grafana/panels/pcap_retention.json.jinja b/salt/grafana/panels/old/pcap_retention.json.jinja similarity index 100% rename from salt/grafana/panels/pcap_retention.json.jinja rename to salt/grafana/panels/old/pcap_retention.json.jinja diff --git a/salt/grafana/panels/processes_states.json.jinja b/salt/grafana/panels/old/processes_states.json.jinja similarity index 100% rename from salt/grafana/panels/processes_states.json.jinja rename to salt/grafana/panels/old/processes_states.json.jinja diff --git a/salt/grafana/panels/proxy_traffic.json.jinja b/salt/grafana/panels/old/proxy_traffic.json.jinja similarity index 100% rename from salt/grafana/panels/proxy_traffic.json.jinja rename to salt/grafana/panels/old/proxy_traffic.json.jinja diff --git a/salt/grafana/panels/redis_cpu_usage.json.jinja b/salt/grafana/panels/old/redis_cpu_usage.json.jinja similarity index 100% rename from salt/grafana/panels/redis_cpu_usage.json.jinja rename to salt/grafana/panels/old/redis_cpu_usage.json.jinja diff --git a/salt/grafana/panels/redis_memory_usage.json.jinja b/salt/grafana/panels/old/redis_memory_usage.json.jinja similarity index 100% rename from salt/grafana/panels/redis_memory_usage.json.jinja rename to salt/grafana/panels/old/redis_memory_usage.json.jinja diff --git a/salt/grafana/panels/redis_queue.json.jinja b/salt/grafana/panels/old/redis_queue.json.jinja similarity index 100% rename from salt/grafana/panels/redis_queue.json.jinja rename to salt/grafana/panels/old/redis_queue.json.jinja diff --git a/salt/grafana/panels/stenographer_cpu_usage.json.jinja b/salt/grafana/panels/old/stenographer_cpu_usage.json.jinja similarity index 100% rename from salt/grafana/panels/stenographer_cpu_usage.json.jinja rename to salt/grafana/panels/old/stenographer_cpu_usage.json.jinja diff --git a/salt/grafana/panels/stenographer_memory_usage.json.jinja b/salt/grafana/panels/old/stenographer_memory_usage.json.jinja similarity index 100% rename from salt/grafana/panels/stenographer_memory_usage.json.jinja rename to salt/grafana/panels/old/stenographer_memory_usage.json.jinja diff --git a/salt/grafana/panels/suricata_cpu_usage.json.jinja b/salt/grafana/panels/old/suricata_cpu_usage.json.jinja similarity index 100% rename from salt/grafana/panels/suricata_cpu_usage.json.jinja rename to salt/grafana/panels/old/suricata_cpu_usage.json.jinja diff --git a/salt/grafana/panels/suricata_memory_usage.json.jinja b/salt/grafana/panels/old/suricata_memory_usage.json.jinja similarity index 100% rename from salt/grafana/panels/suricata_memory_usage.json.jinja rename to salt/grafana/panels/old/suricata_memory_usage.json.jinja diff --git a/salt/grafana/panels/suricata_packet_loss.json.jinja b/salt/grafana/panels/old/suricata_packet_loss.json.jinja similarity index 100% rename from salt/grafana/panels/suricata_packet_loss.json.jinja rename to salt/grafana/panels/old/suricata_packet_loss.json.jinja diff --git a/salt/grafana/panels/total_threads.json.jinja b/salt/grafana/panels/old/total_threads.json.jinja similarity index 100% rename from salt/grafana/panels/total_threads.json.jinja rename to salt/grafana/panels/old/total_threads.json.jinja diff --git a/salt/grafana/panels/zeek_capture_loss.json.jinja b/salt/grafana/panels/old/zeek_capture_loss.json.jinja similarity index 100% rename from salt/grafana/panels/zeek_capture_loss.json.jinja rename to salt/grafana/panels/old/zeek_capture_loss.json.jinja diff --git a/salt/grafana/panels/zeek_cpu_usage.json.jinja b/salt/grafana/panels/old/zeek_cpu_usage.json.jinja similarity index 100% rename from salt/grafana/panels/zeek_cpu_usage.json.jinja rename to salt/grafana/panels/old/zeek_cpu_usage.json.jinja diff --git a/salt/grafana/panels/zeek_memory_usage.json.jinja b/salt/grafana/panels/old/zeek_memory_usage.json.jinja similarity index 100% rename from salt/grafana/panels/zeek_memory_usage.json.jinja rename to salt/grafana/panels/old/zeek_memory_usage.json.jinja diff --git a/salt/grafana/panels/zeek_packet_loss.json.jinja b/salt/grafana/panels/old/zeek_packet_loss.json.jinja similarity index 100% rename from salt/grafana/panels/zeek_packet_loss.json.jinja rename to salt/grafana/panels/old/zeek_packet_loss.json.jinja diff --git a/salt/grafana/panels/zeek_restarts_healthcheck.json.jinja b/salt/grafana/panels/old/zeek_restarts_healthcheck.json.jinja similarity index 100% rename from salt/grafana/panels/zeek_restarts_healthcheck.json.jinja rename to salt/grafana/panels/old/zeek_restarts_healthcheck.json.jinja From 0b35b8f6d61ca6cd8b06e31e3451ae2ad23b01e1 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Jul 2021 10:19:20 -0400 Subject: [PATCH 056/266] add cpu row --- salt/grafana/defaults.yaml | 39 ++--- .../panels/cpu_usage_tasks_graph.json.jinja | 146 ++++++++++++++++++ .../panels/load_averages_graph.json.jinja | 137 ++++++++++++++++ .../panels/process_status_graph.json.jinja | 143 +++++++++++++++++ salt/grafana/panels/row_cpu.json.jinja | 15 ++ .../panels/row_docker_details.json.jinja | 2 +- salt/grafana/panels/row_memory.json.jinja | 15 ++ 7 files changed, 466 insertions(+), 31 deletions(-) create mode 100644 salt/grafana/panels/cpu_usage_tasks_graph.json.jinja create mode 100644 salt/grafana/panels/load_averages_graph.json.jinja create mode 100644 salt/grafana/panels/process_status_graph.json.jinja create mode 100644 salt/grafana/panels/row_cpu.json.jinja create mode 100644 salt/grafana/panels/row_memory.json.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 288a90c16..1eed1bb93 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -52,7 +52,6 @@ grafana: y: 1 h: 4 w: 4 - zeek_packet_loss_singlestat: gridPos: x: 8 @@ -77,7 +76,6 @@ grafana: y: 1 h: 4 w: 4 - io_wait_singlestat: gridPos: x: 0 @@ -127,45 +125,26 @@ grafana: h: 4 w: 2 - row_docker_details: - gridPos: + row_cpu: x: 0 y: 9 h: 1 w: 24 - cpu_docker_combined_current_graph: + cpu_usage_tasks_graph: gridPos: x: 0 y: 10 h: 8 w: 24 - cpu_docker_combined_trend_graph: + load_average_graph: gridPos: x: 0 - y: 18 + y: 10 h: 8 - w: 24 - memory_used_docker_combined_current_graph: + w: 12 + process_status_graph: gridPos: - x: 0 - y: 26 + x: 12 + y: 10 h: 8 - w: 24 - memory_used_docker_combined_trend_graph: - gridPos: - x: 0 - y: 34 - h: 8 - w: 24 - network_usage_docker_combined_current_graph: - gridPos: - x: 0 - y: 42 - h: 8 - w: 24 - network_usage_docker_combined_trend_graph: - gridPos: - x: 0 - y: 50 - h: 8 - w: 24 + w: 12 diff --git a/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja new file mode 100644 index 000000000..607c9e3c1 --- /dev/null +++ b/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja @@ -0,0 +1,146 @@ +{ + "aliasColors": {}, + "dashLength": 10, + "datasource": "InfluxDB", + "editable": true, + "fill": 1, + "grid": {}, + "gridPos": { + "x": {{ PANELS.cpu_usage_tasks_graph.gridPos.x }}, + "y": {{ PANELS.cpu_usage_tasks_graph.gridPos.y }}, + "w": {{ PANELS.cpu_usage_tasks_graph.gridPos.w }}, + "h": {{ PANELS.cpu_usage_tasks_graph.gridPos.h }} + }, + "height": "300", + "id": 28239, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "pointradius": 5, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "targets": [ + { + "alias": "$tag_host: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "hide": false, + "measurement": "cpu_percentageBusy", + "policy": "default", + "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /$servername$/ and cpu = 'cpu-total' AND $timeFilter GROUP BY time($interval), *", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [], + "orderByTime": "ASC" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "CPU usage", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "logBase": 1, + "max": 100, + "min": 0, + "show": true, + "$$hashKey": "object:1007" + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true, + "$$hashKey": "object:1008" + } + ], + "yaxis": { + "align": false, + "alignLevel": null + }, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "bars": false, + "dashes": false, + "error": false, + "fillGradient": 0, + "percentage": false, + "points": false, + "stack": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null, + "hiddenSeries": false +} diff --git a/salt/grafana/panels/load_averages_graph.json.jinja b/salt/grafana/panels/load_averages_graph.json.jinja new file mode 100644 index 000000000..0911ffc1b --- /dev/null +++ b/salt/grafana/panels/load_averages_graph.json.jinja @@ -0,0 +1,137 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fill": 0, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "x": {{ PANELS.load_averages_graph.gridPos.x }}, + "y": {{ PANELS.load_averages_graph.gridPos.y }}, + "w": {{ PANELS.load_averages_graph.gridPos.w }}, + "h": {{ PANELS.load_averages_graph.gridPos.h }} + }, + "height": "350", + "id": 54694, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "system_load1", + "policy": "default", + "query": "SELECT mean(load1) as 1m,mean(load5) as 5m,mean(load15) as 15m FROM \"system\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), * ORDER BY asc", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Load averages", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + }, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "hiddenSeries": false +} diff --git a/salt/grafana/panels/process_status_graph.json.jinja b/salt/grafana/panels/process_status_graph.json.jinja new file mode 100644 index 000000000..61ea03d1e --- /dev/null +++ b/salt/grafana/panels/process_status_graph.json.jinja @@ -0,0 +1,143 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "x": {{ PANELS.process_status_graph.gridPos.x }}, + "y": {{ PANELS.process_status_graph.gridPos.y }}, + "w": {{ PANELS.process_status_graph.gridPos.w }}, + "h": {{ PANELS.process_status_graph.gridPos.h }} + }, + "height": "350", + "id": 61852, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $col", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "processes", + "policy": "default", + "query": "SELECT mean(running) as running, mean(blocked) as blocked, mean(sleeping) as sleeping, mean(stopped) as stopped, mean(zombies) as zombies, mean(paging) as paging, mean(unknown) as unknown FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "blocked" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Process Status", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + }, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "hiddenSeries": false +} diff --git a/salt/grafana/panels/row_cpu.json.jinja b/salt/grafana/panels/row_cpu.json.jinja new file mode 100644 index 000000000..6384048d6 --- /dev/null +++ b/salt/grafana/panels/row_cpu.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_cpu.gridPos.x }}, + "y": {{ PANELS.row_cpu.gridPos.y }}, + "w": {{ PANELS.row_cpu.gridPos.w }}, + "h": {{ PANELS.row_cpu.gridPos.h }} + }, + "id": 2, + "panels": [], + "repeat": null, + "title": "CPU", + "type": "row" + } diff --git a/salt/grafana/panels/row_docker_details.json.jinja b/salt/grafana/panels/row_docker_details.json.jinja index 55eb4db93..bb06a57ed 100644 --- a/salt/grafana/panels/row_docker_details.json.jinja +++ b/salt/grafana/panels/row_docker_details.json.jinja @@ -7,7 +7,7 @@ "w": {{ PANELS.row_docker_details.gridPos.w }}, "h": {{ PANELS.row_docker_details.gridPos.h }} }, - "id": 2, + "id": 4, "panels": [], "repeat": null, "title": "Docker Details", diff --git a/salt/grafana/panels/row_memory.json.jinja b/salt/grafana/panels/row_memory.json.jinja new file mode 100644 index 000000000..33d203138 --- /dev/null +++ b/salt/grafana/panels/row_memory.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_memory.gridPos.x }}, + "y": {{ PANELS.row_memory.gridPos.y }}, + "w": {{ PANELS.row_memory.gridPos.w }}, + "h": {{ PANELS.row_memory.gridPos.h }} + }, + "id": 3, + "panels": [], + "repeat": null, + "title": "Memory", + "type": "row" + } From 2ab9ade7615d2b2526683bc3e9b1d5c4080b5aa8 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Jul 2021 10:22:48 -0400 Subject: [PATCH 057/266] add missing gridPos --- salt/grafana/defaults.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 1eed1bb93..7aba03677 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -126,6 +126,7 @@ grafana: w: 2 row_cpu: + gridPos: x: 0 y: 9 h: 1 From e01e3cdd43ed069c315506f3bf10384619d926c3 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Jul 2021 10:25:26 -0400 Subject: [PATCH 058/266] change file name --- salt/grafana/defaults.yaml | 2 +- salt/grafana/panels/load_averages_graph.json.jinja | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 7aba03677..4d5bd364f 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -137,7 +137,7 @@ grafana: y: 10 h: 8 w: 24 - load_average_graph: + load_averages_graph: gridPos: x: 0 y: 10 diff --git a/salt/grafana/panels/load_averages_graph.json.jinja b/salt/grafana/panels/load_averages_graph.json.jinja index 0911ffc1b..0765825ca 100644 --- a/salt/grafana/panels/load_averages_graph.json.jinja +++ b/salt/grafana/panels/load_averages_graph.json.jinja @@ -91,7 +91,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "Load averages", + "title": "Load Averages", "tooltip": { "msResolution": false, "shared": true, From c87ca8f5dc1f5965a1b5141b1fd653d6de1206ab Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Jul 2021 10:42:33 -0400 Subject: [PATCH 059/266] spacing --- salt/grafana/panels/load_averages_graph.json.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/panels/load_averages_graph.json.jinja b/salt/grafana/panels/load_averages_graph.json.jinja index 0765825ca..92080618f 100644 --- a/salt/grafana/panels/load_averages_graph.json.jinja +++ b/salt/grafana/panels/load_averages_graph.json.jinja @@ -9,7 +9,7 @@ "fill": 0, "fillGradient": 0, "grid": {}, - "gridPos": { + "gridPos": { "x": {{ PANELS.load_averages_graph.gridPos.x }}, "y": {{ PANELS.load_averages_graph.gridPos.y }}, "w": {{ PANELS.load_averages_graph.gridPos.w }}, From e059c25ebce24e8f9bf5abe8052d02dd39ecb4ea Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 13 Jul 2021 11:05:05 -0400 Subject: [PATCH 060/266] [fix][wip] Fix pipeline parsing errors --- salt/elasticsearch/files/ingest/logscan | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/salt/elasticsearch/files/ingest/logscan b/salt/elasticsearch/files/ingest/logscan index 68c6aae44..6cd32dcbc 100644 --- a/salt/elasticsearch/files/ingest/logscan +++ b/salt/elasticsearch/files/ingest/logscan @@ -1,22 +1,23 @@ { "description": "logscan", "processors": [ - { "set": { "target_field": "event.severity", "value": 2 } }, + { "set": { "field": "event.severity", "value": 2 } }, { "rename": { "field": "@timestamp", "target_field": "event.ingested", "ignore_missing": true } }, - { "date": { "field": "timestamp", "target_field": "event.created", "formats": [ "ISO8601", "UNIX" ], "ignore_failures": true } }, - { "date": { "field": "start_time", "target_field": "@timestamp", "formats": [ "ISO8601", "UNIX" ], "ignore_failures": true } }, - { "date": { "field": "start_time", "target_field": "event.start", "formats": [ "ISO8601", "UNIX" ], "ignore_failures": true } }, - { "date": { "field": "end_time", "target_field": "event.end", "formats": [ "ISO8601", "UNIX" ], "ignore_failures": true } }, + { "date": { "field": "timestamp", "target_field": "event.created", "formats": [ "ISO8601", "UNIX" ], "ignore_failure": true } }, + { "date": { "field": "start_time", "target_field": "@timestamp", "formats": [ "ISO8601", "UNIX" ], "ignore_failure": true } }, + { "date": { "field": "start_time", "target_field": "event.start", "formats": [ "ISO8601", "UNIX" ], "ignore_failure": true } }, + { "date": { "field": "end_time", "target_field": "event.end", "formats": [ "ISO8601", "UNIX" ], "ignore_failure": true } }, { "rename": { "field": "source_ip", "target_field": "source.ip" } }, { "append": { "field": "logsscan.source.ips", "value": "{{{source.ip}}}" } }, { "rename": { "field": "source_ips", "target_field": "logscan.source.ips" } }, - { "set": { "if": "model == kff", "field": "rule.name", "value": "LOGSCAN KFF MODEL THRESHOLD" } }, - { "set": { "if": "model == kff", "field": "rule.description", "value": "High ratio of login failures in 5 minute window" } }, - { "set": { "if": "model == kl", "field": "rule.name", "value": "LOGSCAN KL MODEL THRESHOLD" } }, - { "set": { "if": "model == kl", "field": "rule.description", "value": "Large number of login failures in 1 hour window" } }, + { "set": { "if": "ctx.model == kff", "field": "rule.name", "value": "LOGSCAN KFF MODEL THRESHOLD" } }, + { "set": { "if": "ctx.model == kff", "field": "rule.description", "value": "High ratio of login failures in 5 minute window" } }, + { "set": { "if": "ctx.model == kl", "field": "rule.name", "value": "LOGSCAN KL MODEL THRESHOLD" } }, + { "set": { "if": "ctx.model == kl", "field": "rule.description", "value": "Large number of login failures in 1 hour window" } }, + { "rename": { "field": "model", "target_field": "logscan.model" } } { "rename": { "field": "num_attempts", "target_field": "logscan.attempts.total.amount", "ignore_missing": true } }, { "rename": { "field": "num_failed", "target_field": "logscan.attempts.failed.amount", "ignore_missing": true } }, - { "script": { "lang": "painless", "source": "logscan.attempts.succeeded.amount = logscan.attempts.total.amount - logscan.attempts.failed.amount" , "ignore_failure": true} }, + { "script": { "lang": "painless", "source": "ctx.logscan.attempts.succeeded.amount = ctx.logscan.attempts.total.amount - ctx.logscan.attempts.failed.amount" , "ignore_failure": true} }, { "rename": { "field": "avg_failure_interval", "target_field": "logscan.attempts.failed.avg_interval", "ignore_missing": true } }, { "pipeline": { "name": "common" } } ] From bab72393e6a3c2b1964d39c871754eaf4a7266a7 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Jul 2021 11:23:06 -0400 Subject: [PATCH 061/266] query and id changes --- salt/grafana/panels/cpu_usage_tasks_graph.json.jinja | 6 +++--- salt/grafana/panels/load_averages_graph.json.jinja | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja index 607c9e3c1..48743d013 100644 --- a/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja @@ -5,14 +5,14 @@ "editable": true, "fill": 1, "grid": {}, - "gridPos": { + "gridPos": { "x": {{ PANELS.cpu_usage_tasks_graph.gridPos.x }}, "y": {{ PANELS.cpu_usage_tasks_graph.gridPos.y }}, "w": {{ PANELS.cpu_usage_tasks_graph.gridPos.w }}, "h": {{ PANELS.cpu_usage_tasks_graph.gridPos.h }} }, "height": "300", - "id": 28239, + "id": 27, "interval": "$inter", "legend": { "alignAsTable": true, @@ -62,7 +62,7 @@ } ], "hide": false, - "measurement": "cpu_percentageBusy", + "measurement": "cpu", "policy": "default", "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /$servername$/ and cpu = 'cpu-total' AND $timeFilter GROUP BY time($interval), *", "rawQuery": true, diff --git a/salt/grafana/panels/load_averages_graph.json.jinja b/salt/grafana/panels/load_averages_graph.json.jinja index 92080618f..72e770c2c 100644 --- a/salt/grafana/panels/load_averages_graph.json.jinja +++ b/salt/grafana/panels/load_averages_graph.json.jinja @@ -16,7 +16,7 @@ "h": {{ PANELS.load_averages_graph.gridPos.h }} }, "height": "350", - "id": 54694, + "id": 21, "interval": "$inter", "legend": { "alignAsTable": true, @@ -64,7 +64,7 @@ "type": "tag" } ], - "measurement": "system_load1", + "measurement": "system", "policy": "default", "query": "SELECT mean(load1) as 1m,mean(load5) as 5m,mean(load15) as 15m FROM \"system\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), * ORDER BY asc", "rawQuery": true, From 8900d52c33358ade147ec42c67ec07f81d451ce2 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Jul 2021 11:30:14 -0400 Subject: [PATCH 062/266] change y --- salt/grafana/defaults.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 4d5bd364f..ecb4883d8 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -140,12 +140,12 @@ grafana: load_averages_graph: gridPos: x: 0 - y: 10 + y: 18 h: 8 w: 12 process_status_graph: gridPos: x: 12 - y: 10 + y: 18 h: 8 w: 12 From ddfab448833b949d129bfd792111ba24c8d217a7 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Jul 2021 11:59:01 -0400 Subject: [PATCH 063/266] new id --- salt/grafana/panels/load_averages_graph.json.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/panels/load_averages_graph.json.jinja b/salt/grafana/panels/load_averages_graph.json.jinja index 72e770c2c..f4e99e691 100644 --- a/salt/grafana/panels/load_averages_graph.json.jinja +++ b/salt/grafana/panels/load_averages_graph.json.jinja @@ -16,7 +16,7 @@ "h": {{ PANELS.load_averages_graph.gridPos.h }} }, "height": "350", - "id": 21, + "id": 28, "interval": "$inter", "legend": { "alignAsTable": true, From 115e0a6fee52cf9a789209d0668b97050f2e72bf Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 13 Jul 2021 12:04:10 -0400 Subject: [PATCH 064/266] [fix] Add missing comma --- salt/elasticsearch/files/ingest/logscan | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/files/ingest/logscan b/salt/elasticsearch/files/ingest/logscan index 6cd32dcbc..d199161a5 100644 --- a/salt/elasticsearch/files/ingest/logscan +++ b/salt/elasticsearch/files/ingest/logscan @@ -14,7 +14,7 @@ { "set": { "if": "ctx.model == kff", "field": "rule.description", "value": "High ratio of login failures in 5 minute window" } }, { "set": { "if": "ctx.model == kl", "field": "rule.name", "value": "LOGSCAN KL MODEL THRESHOLD" } }, { "set": { "if": "ctx.model == kl", "field": "rule.description", "value": "Large number of login failures in 1 hour window" } }, - { "rename": { "field": "model", "target_field": "logscan.model" } } + { "rename": { "field": "model", "target_field": "logscan.model" } }, { "rename": { "field": "num_attempts", "target_field": "logscan.attempts.total.amount", "ignore_missing": true } }, { "rename": { "field": "num_failed", "target_field": "logscan.attempts.failed.amount", "ignore_missing": true } }, { "script": { "lang": "painless", "source": "ctx.logscan.attempts.succeeded.amount = ctx.logscan.attempts.total.amount - ctx.logscan.attempts.failed.amount" , "ignore_failure": true} }, From 65127eb22613fe297603d76c5f660471d0628c58 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Jul 2021 12:04:52 -0400 Subject: [PATCH 065/266] fix servername var --- salt/grafana/panels/cpu_usage_tasks_graph.json.jinja | 2 +- salt/grafana/panels/load_averages_graph.json.jinja | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja index 48743d013..5e3e43c03 100644 --- a/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja @@ -64,7 +64,7 @@ "hide": false, "measurement": "cpu", "policy": "default", - "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /$servername$/ and cpu = 'cpu-total' AND $timeFilter GROUP BY time($interval), *", + "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /^$servername$/ and cpu = 'cpu-total' AND $timeFilter GROUP BY time($interval), *", "rawQuery": true, "refId": "B", "resultFormat": "time_series", diff --git a/salt/grafana/panels/load_averages_graph.json.jinja b/salt/grafana/panels/load_averages_graph.json.jinja index f4e99e691..6c263c2f1 100644 --- a/salt/grafana/panels/load_averages_graph.json.jinja +++ b/salt/grafana/panels/load_averages_graph.json.jinja @@ -66,7 +66,7 @@ ], "measurement": "system", "policy": "default", - "query": "SELECT mean(load1) as 1m,mean(load5) as 5m,mean(load15) as 15m FROM \"system\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), * ORDER BY asc", + "query": "SELECT mean(load1) as 1m,mean(load5) as 5m,mean(load15) as 15m FROM \"system\" WHERE host =~ /^$servername$/ AND $timeFilter GROUP BY time($interval), * ORDER BY asc", "rawQuery": true, "refId": "A", "resultFormat": "time_series", From 5b3751da7045b506ac8e8a233eb90a4ad7349649 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Jul 2021 12:24:32 -0400 Subject: [PATCH 066/266] new load averages panel --- .../panels/load_averages_graph.json.jinja | 172 +++++++++--------- 1 file changed, 81 insertions(+), 91 deletions(-) diff --git a/salt/grafana/panels/load_averages_graph.json.jinja b/salt/grafana/panels/load_averages_graph.json.jinja index 6c263c2f1..a338ee3dd 100644 --- a/salt/grafana/panels/load_averages_graph.json.jinja +++ b/salt/grafana/panels/load_averages_graph.json.jinja @@ -1,137 +1,127 @@ { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fill": 0, - "fillGradient": 0, - "grid": {}, - "gridPos": { + "type": "graph", + "title": "Load Averages", + "gridPos": { "x": {{ PANELS.load_averages_graph.gridPos.x }}, "y": {{ PANELS.load_averages_graph.gridPos.y }}, "w": {{ PANELS.load_averages_graph.gridPos.w }}, "h": {{ PANELS.load_averages_graph.gridPos.h }} }, - "height": "350", - "id": 28, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "id": 61869, "targets": [ { - "alias": "$tag_host: $col", - "dsType": "influxdb", - "function": "mean", + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], "groupBy": [ { - "interval": "auto", + "type": "time", "params": [ - "auto" - ], - "type": "time" + "$__interval" + ] }, { - "key": "host", + "type": "fill", "params": [ - "tag" - ], - "type": "tag" + "null" + ] } ], - "measurement": "system", - "policy": "default", - "query": "SELECT mean(load1) as 1m,mean(load5) as 5m,mean(load15) as 15m FROM \"system\" WHERE host =~ /^$servername$/ AND $timeFilter GROUP BY time($interval), * ORDER BY asc", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", "select": [ [ { + "type": "field", "params": [ "value" - ], - "type": "field" + ] }, { - "params": [], - "type": "mean" + "type": "mean", + "params": [] } ] ], - "tags": [] + "query": "SELECT mean(load1) as \"1m\", mean(load5) as \"5m\", mean(load15) as \"15m\" FROM \"system\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), * ORDER BY asc", + "rawQuery": true, + "alias": "$tag_host: $col" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Load Averages", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" + "options": { + "alertThreshold": true }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] }, + "pluginVersion": "7.5.4", + "renderer": "flot", "yaxes": [ { - "format": "short", + "label": null, + "show": true, "logBase": 1, + "min": null, "max": null, - "min": 0, - "show": true + "format": "short", + "$$hashKey": "object:287" }, { - "format": "short", + "label": null, + "show": true, "logBase": 1, - "max": null, "min": null, - "show": true + "max": null, + "format": "short", + "$$hashKey": "object:288" } ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, "yaxis": { "align": false, "alignLevel": null }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] + "lines": true, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": true, + "min": true, + "max": true, + "current": true, + "total": false, + "avg": true, + "alignAsTable": true }, - "pluginVersion": "7.5.4", - "hiddenSeries": false + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "fill": 0, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false } From 9a6ac7bd208c1d565f97d715a7e0de587db77702 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Jul 2021 12:30:45 -0400 Subject: [PATCH 067/266] change panels --- .../panels/cpu_usage_tasks_graph.json.jinja | 182 ++++++++---------- .../panels/load_averages_graph.json.jinja | 2 +- 2 files changed, 84 insertions(+), 100 deletions(-) diff --git a/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja index 5e3e43c03..17182c7b3 100644 --- a/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja @@ -1,146 +1,130 @@ { - "aliasColors": {}, - "dashLength": 10, - "datasource": "InfluxDB", - "editable": true, - "fill": 1, - "grid": {}, - "gridPos": { + "type": "graph", + "title": "CPU Usage", + "gridPos": { "x": {{ PANELS.cpu_usage_tasks_graph.gridPos.x }}, "y": {{ PANELS.cpu_usage_tasks_graph.gridPos.y }}, "w": {{ PANELS.cpu_usage_tasks_graph.gridPos.w }}, "h": {{ PANELS.cpu_usage_tasks_graph.gridPos.h }} }, - "height": "300", - "id": 27, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "pointradius": 5, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, + "id": 61871, "targets": [ { - "alias": "$tag_host: $col", - "dsType": "influxdb", - "function": "mean", + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], "groupBy": [ { - "interval": "auto", + "type": "time", "params": [ - "auto" - ], - "type": "time" + "$__interval" + ] }, { - "key": "host", + "type": "fill", "params": [ - "tag" - ], - "type": "tag" + "null" + ] } ], - "hide": false, - "measurement": "cpu", - "policy": "default", - "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /^$servername$/ and cpu = 'cpu-total' AND $timeFilter GROUP BY time($interval), *", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", "select": [ [ { + "type": "field", "params": [ "value" - ], - "type": "field" + ] }, { - "params": [], - "type": "mean" + "type": "mean", + "params": [] } ] ], - "tags": [], - "orderByTime": "ASC" + "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /^$servername$/ and cpu = 'cpu-total' AND $timeFilter GROUP BY time($interval), *", + "rawQuery": true, + "alias": "$tag_host: $col" } ], - "thresholds": [], - "timeRegions": [], - "title": "CPU usage", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" + "options": { + "alertThreshold": true }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] }, + "pluginVersion": "7.5.4", + "renderer": "flot", "yaxes": [ { - "format": "percent", - "logBase": 1, - "max": 100, - "min": 0, + "label": null, "show": true, - "$$hashKey": "object:1007" + "logBase": 1, + "min": "0", + "max": "100", + "format": "percent", + "$$hashKey": "object:202", + "decimals": null }, { - "format": "short", - "logBase": 1, - "max": null, - "min": null, + "label": null, "show": true, - "$$hashKey": "object:1008" + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:203" } ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, "yaxis": { "align": false, "alignLevel": null }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": true, + "min": true, + "max": true, + "current": true, + "total": false, + "avg": true, + "alignAsTable": true, + "hideEmpty": true, + "hideZero": true }, - "pluginVersion": "7.5.4", - "bars": false, - "dashes": false, - "error": false, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], "fillGradient": 0, - "percentage": false, + "dashes": false, + "hiddenSeries": false, "points": false, + "bars": false, "stack": false, - "steppedLine": false, - "timeFrom": null, - "timeShift": null, - "hiddenSeries": false + "percentage": false, + "steppedLine": false } diff --git a/salt/grafana/panels/load_averages_graph.json.jinja b/salt/grafana/panels/load_averages_graph.json.jinja index a338ee3dd..ffdf22d56 100644 --- a/salt/grafana/panels/load_averages_graph.json.jinja +++ b/salt/grafana/panels/load_averages_graph.json.jinja @@ -44,7 +44,7 @@ } ] ], - "query": "SELECT mean(load1) as \"1m\", mean(load5) as \"5m\", mean(load15) as \"15m\" FROM \"system\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), * ORDER BY asc", + "query": "SELECT mean(load1) as \"1 minute\", mean(load5) as \"5 minutes\", mean(load15) as \"15 minutes\" FROM \"system\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), * ORDER BY asc", "rawQuery": true, "alias": "$tag_host: $col" } From 6c12e26632ad09e0b6026151a209272d3ecfd37e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Jul 2021 13:55:01 -0400 Subject: [PATCH 068/266] add mem usage, add docker graphs back, update nsm usage thresh --- .../panels/memory_usage_graph.json.jinja | 146 ++++++++++++++++++ salt/grafana/panels/nsm_used_guage.json.jinja | 2 +- 2 files changed, 147 insertions(+), 1 deletion(-) create mode 100644 salt/grafana/panels/memory_usage_graph.json.jinja diff --git a/salt/grafana/panels/memory_usage_graph.json.jinja b/salt/grafana/panels/memory_usage_graph.json.jinja new file mode 100644 index 000000000..f80ad3112 --- /dev/null +++ b/salt/grafana/panels/memory_usage_graph.json.jinja @@ -0,0 +1,146 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "x": {{ PANELS.memory_usage_graph.gridPos.x }}, + "y": {{ PANELS.memory_usage_graph.gridPos.y }}, + "w": {{ PANELS.memory_usage_graph.gridPos.w }}, + "h": {{ PANELS.memory_usage_graph.gridPos.h }} + }, + "height": "400", + "id": 12054, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/total/", + "color": "#BF1B00", + "fill": 0, + "linewidth": 2 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "mem_inactive", + "policy": "default", + "query": "SELECT mean(total) as total, mean(used) as used, mean(cached) as cached, mean(free) as free, mean(buffered) as buffered FROM \"mem\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + }, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "hiddenSeries": false +} diff --git a/salt/grafana/panels/nsm_used_guage.json.jinja b/salt/grafana/panels/nsm_used_guage.json.jinja index e6ae2d2b5..f939b67d6 100644 --- a/salt/grafana/panels/nsm_used_guage.json.jinja +++ b/salt/grafana/panels/nsm_used_guage.json.jinja @@ -103,7 +103,7 @@ "orderByTime": "ASC" } ], - "thresholds": "70,80,95", + "thresholds": "85,95,100", "title": "NSM used", "type": "singlestat", "valueFontSize": "80%", From ec8f9228e80095315189eafa72b27509a10044b5 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Jul 2021 14:01:42 -0400 Subject: [PATCH 069/266] add memory and docker container rows --- salt/grafana/defaults.yaml | 66 +++++++++++++++++++++++++++++++++++--- 1 file changed, 61 insertions(+), 5 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index ecb4883d8..6af462225 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -135,17 +135,73 @@ grafana: gridPos: x: 0 y: 10 - h: 8 + h: 6 w: 24 load_averages_graph: gridPos: x: 0 - y: 18 - h: 8 + y: 16 + h: 6 w: 12 process_status_graph: gridPos: x: 12 - y: 18 - h: 8 + y: 16 + h: 6 w: 12 + + row_memory: + gridPos: + x: 0 + y: 22 + h: 1 + w: 24 + memory_usage_graph: + gridPos: + x: 0 + y: 23 + h: 6 + w: 24 + + row_docker_details: + gridPos: + x: 0 + y: 29 + h: 1 + w: 24 + cpu_docker_combined_current_graph: + gridPos: + x: 0 + y: 30 + h: 8 + w: 24 + cpu_docker_combined_trend_graph: + gridPos: + x: 0 + y: 38 + h: 8 + w: 24 + memory_used_docker_combined_current_graph: + gridPos: + x: 0 + y: 46 + h: 8 + w: 24 + memory_used_docker_combined_trend_graph: + gridPos: + x: 0 + y: 54 + h: 8 + w: 24 + network_usage_docker_combined_current_graph: + gridPos: + x: 0 + y: 62 + h: 8 + w: 24 + network_usage_docker_combined_trend_graph: + gridPos: + x: 0 + y: 70 + h: 8 + w: 24 From e7a6172d7e439d2d2fe4adfe951e8b84e2d23720 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 13 Jul 2021 14:07:27 -0400 Subject: [PATCH 070/266] [fix] Add single quotes to strings --- salt/elasticsearch/files/ingest/logscan | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/elasticsearch/files/ingest/logscan b/salt/elasticsearch/files/ingest/logscan index d199161a5..9a094f4c6 100644 --- a/salt/elasticsearch/files/ingest/logscan +++ b/salt/elasticsearch/files/ingest/logscan @@ -10,10 +10,10 @@ { "rename": { "field": "source_ip", "target_field": "source.ip" } }, { "append": { "field": "logsscan.source.ips", "value": "{{{source.ip}}}" } }, { "rename": { "field": "source_ips", "target_field": "logscan.source.ips" } }, - { "set": { "if": "ctx.model == kff", "field": "rule.name", "value": "LOGSCAN KFF MODEL THRESHOLD" } }, - { "set": { "if": "ctx.model == kff", "field": "rule.description", "value": "High ratio of login failures in 5 minute window" } }, - { "set": { "if": "ctx.model == kl", "field": "rule.name", "value": "LOGSCAN KL MODEL THRESHOLD" } }, - { "set": { "if": "ctx.model == kl", "field": "rule.description", "value": "Large number of login failures in 1 hour window" } }, + { "set": { "if": "ctx.model == 'kff'", "field": "rule.name", "value": "LOGSCAN KFF MODEL THRESHOLD" } }, + { "set": { "if": "ctx.model == 'kff'", "field": "rule.description", "value": "High ratio of login failures in 5 minute window" } }, + { "set": { "if": "ctx.model == 'kl'", "field": "rule.name", "value": "LOGSCAN KL MODEL THRESHOLD" } }, + { "set": { "if": "ctx.model == 'kl'", "field": "rule.description", "value": "Large number of login failures in 1 hour window" } }, { "rename": { "field": "model", "target_field": "logscan.model" } }, { "rename": { "field": "num_attempts", "target_field": "logscan.attempts.total.amount", "ignore_missing": true } }, { "rename": { "field": "num_failed", "target_field": "logscan.attempts.failed.amount", "ignore_missing": true } }, From f9e29eaede3a91e09ea01334526abe5c06a4a863 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Jul 2021 14:09:23 -0400 Subject: [PATCH 071/266] update memory usage graph panel --- .../panels/memory_usage_graph.json.jinja | 199 +++++++++--------- 1 file changed, 94 insertions(+), 105 deletions(-) diff --git a/salt/grafana/panels/memory_usage_graph.json.jinja b/salt/grafana/panels/memory_usage_graph.json.jinja index f80ad3112..4c19bdb05 100644 --- a/salt/grafana/panels/memory_usage_graph.json.jinja +++ b/salt/grafana/panels/memory_usage_graph.json.jinja @@ -1,146 +1,135 @@ { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "x": {{ PANELS.memory_usage_graph.gridPos.x }}, - "y": {{ PANELS.memory_usage_graph.gridPos.y }}, - "w": {{ PANELS.memory_usage_graph.gridPos.w }}, - "h": {{ PANELS.memory_usage_graph.gridPos.h }} - }, - "height": "400", - "id": 12054, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/total/", - "color": "#BF1B00", - "fill": 0, - "linewidth": 2 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "type": "graph", + "title": "Memory Usage", + "gridPos": { + "x": {{ PANELS.row_memory.gridPos.x }}, + "y": {{ PANELS.row_memory.gridPos.y }}, + "w": {{ PANELS.row_memory.gridPos.w }}, + "h": {{ PANELS.row_memory.gridPos.h }} + }, + "id": 61873, "targets": [ { - "alias": "$tag_host: $col", - "dsType": "influxdb", - "function": "mean", + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], "groupBy": [ { - "interval": "auto", + "type": "time", "params": [ - "auto" - ], - "type": "time" + "$__interval" + ] }, { - "key": "host", + "type": "fill", "params": [ - "tag" - ], - "type": "tag" + "null" + ] } ], - "measurement": "mem_inactive", - "policy": "default", - "query": "SELECT mean(total) as total, mean(used) as used, mean(cached) as cached, mean(free) as free, mean(buffered) as buffered FROM \"mem\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", "select": [ [ { + "type": "field", "params": [ "value" - ], - "type": "field" + ] }, { - "params": [], - "type": "mean" + "type": "mean", + "params": [] } ] ], - "tags": [] + "query": "SELECT mean(total) as total, mean(used) as used, mean(cached) as cached, mean(free) as free, mean(buffered) as buffered FROM \"mem\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", + "rawQuery": true, + "alias": "$tag_host: $col" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" + "options": { + "alertThreshold": true }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] }, + "pluginVersion": "7.5.4", + "renderer": "flot", "yaxes": [ { - "format": "bytes", + "label": null, + "show": true, "logBase": 1, + "min": "0", "max": null, - "min": 0, - "show": true + "format": "bytes", + "$$hashKey": "object:235" }, { - "format": "short", + "label": null, + "show": true, "logBase": 1, - "max": null, "min": null, - "show": true + "max": null, + "format": "short", + "$$hashKey": "object:236" } ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, "yaxis": { "align": false, "alignLevel": null }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": true, + "min": true, + "max": true, + "current": true, + "total": false, + "avg": true, + "alignAsTable": true }, - "pluginVersion": "7.5.4", - "hiddenSeries": false + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [ + { + "$$hashKey": "object:295", + "alias": "/total/", + "fill": 0, + "color": "#C4162A" + } + ], + "thresholds": [], + "timeRegions": [], + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "description": "" } From f111106a9fda1fe309dc18865bb5b795716b15ae Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Jul 2021 14:13:19 -0400 Subject: [PATCH 072/266] fix cords --- salt/grafana/panels/memory_usage_graph.json.jinja | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/grafana/panels/memory_usage_graph.json.jinja b/salt/grafana/panels/memory_usage_graph.json.jinja index 4c19bdb05..43315f771 100644 --- a/salt/grafana/panels/memory_usage_graph.json.jinja +++ b/salt/grafana/panels/memory_usage_graph.json.jinja @@ -2,10 +2,10 @@ "type": "graph", "title": "Memory Usage", "gridPos": { - "x": {{ PANELS.row_memory.gridPos.x }}, - "y": {{ PANELS.row_memory.gridPos.y }}, - "w": {{ PANELS.row_memory.gridPos.w }}, - "h": {{ PANELS.row_memory.gridPos.h }} + "x": {{ PANELS.memory_usage_graph.gridPos.x }}, + "y": {{ PANELS.memory_usage_graph.gridPos.y }}, + "w": {{ PANELS.memory_usage_graph.gridPos.w }}, + "h": {{ PANELS.memory_usage_graph.gridPos.h }} }, "id": 61873, "targets": [ From e41811fbd01824999ff5012e13ec2a9dc8dba1b0 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 13 Jul 2021 15:14:13 -0400 Subject: [PATCH 073/266] [fix] Typo --- pillar/logstash/search.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pillar/logstash/search.sls b/pillar/logstash/search.sls index 2f287f533..55b2070ce 100644 --- a/pillar/logstash/search.sls +++ b/pillar/logstash/search.sls @@ -13,4 +13,4 @@ logstash: - so/9500_output_beats.conf.jinja - so/9600_output_ossec.conf.jinja - so/9700_output_strelka.conf.jinja - - so/9800_ouput_logscan.conf.jinja + - so/9800_output_logscan.conf.jinja From 1d23d1b2e26f1a6ae65fbb71f2d5fa36c353f4a6 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 09:21:46 -0400 Subject: [PATCH 074/266] start network row --- salt/grafana/defaults.yaml | 19 + .../management_traffic_graph.json.jinja | 355 ++++++++++++++++++ .../panels/monitor_traffic_graph.json.jinja | 230 ++++++++++++ salt/grafana/panels/row_network.json.jinja | 15 + 4 files changed, 619 insertions(+) create mode 100644 salt/grafana/panels/management_traffic_graph.json.jinja create mode 100644 salt/grafana/panels/monitor_traffic_graph.json.jinja create mode 100644 salt/grafana/panels/row_network.json.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 6af462225..711519a6b 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -205,3 +205,22 @@ grafana: y: 70 h: 8 w: 24 + + row_network: + gridPos: + x: 0 + y: 78 + h: 1 + w: 24 + management_traffic_graph: + gridPos: + x: 0 + y: 79 + h: 6 + w: 24 + monitor_traffic_graph: + gridPos: + x: 0 + y: 85 + h: 6 + w: 24 diff --git a/salt/grafana/panels/management_traffic_graph.json.jinja b/salt/grafana/panels/management_traffic_graph.json.jinja new file mode 100644 index 000000000..150944a78 --- /dev/null +++ b/salt/grafana/panels/management_traffic_graph.json.jinja @@ -0,0 +1,355 @@ +{ + "aliasColors": { + "InBound": "#629E51", + "OutBound": "#5195CE", + "net.non_negative_derivative": "super-light-blue" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "x": {{ PANELS.management_traffic_graph.gridPos.x }}, + "y": {{ PANELS.management_traffic_graph.gridPos.y }}, + "w": {{ PANELS.management_traffic_graph.gridPos.w }}, + "h": {{ PANELS.management_traffic_graph.gridPos.h }} + }, + "hiddenSeries": false, + "id": 18, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Inbound Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "net", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes_recv" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=", + "value": "$manint" + } + ] + }, + { + "alias": "Outbound Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "net", + "orderByTime": "ASC", + "policy": "default", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes_sent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=", + "value": "$manint" + } + ] + }, + { + "alias": "Inbound Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "net", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_bytes_recv" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=", + "value": "$manint" + } + ] + }, + { + "alias": "Outbound Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "net", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_bytes_sent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=", + "value": "$manint" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Management Traffic", + "tooltip": { + "msResolution": true, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bps", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/monitor_traffic_graph.json.jinja b/salt/grafana/panels/monitor_traffic_graph.json.jinja new file mode 100644 index 000000000..aec9446b0 --- /dev/null +++ b/salt/grafana/panels/monitor_traffic_graph.json.jinja @@ -0,0 +1,230 @@ +{ + "aliasColors": { + "InBound": "#629E51", + "OutBound": "#5195CE", + "net.non_negative_derivative": "light-orange" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "x": {{ PANELS.monitor_traffic_graph.gridPos.x }}, + "y": {{ PANELS.monitor_traffic_graph.gridPos.y }}, + "w": {{ PANELS.monitor_traffic_graph.gridPos.w }}, + "h": {{ PANELS.monitor_traffic_graph.gridPos.h }} + }, + "hiddenSeries": false, + "id": 10, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Inbound Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "net", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes_recv" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=", + "value": "$monint" + } + ] + }, + { + "alias": "Inbound Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "net", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_bytes_recv" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=", + "value": "$monint" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Monitor Traffic", + "tooltip": { + "msResolution": true, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bps", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/row_network.json.jinja b/salt/grafana/panels/row_network.json.jinja new file mode 100644 index 000000000..6f611f580 --- /dev/null +++ b/salt/grafana/panels/row_network.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_network.gridPos.x }}, + "y": {{ PANELS.row_network.gridPos.y }}, + "w": {{ PANELS.row_network.gridPos.w }}, + "h": {{ PANELS.row_network.gridPos.h }} + }, + "id": 333, + "panels": [], + "repeat": null, + "title": "Network", + "type": "row" + } From 53c6edcbdb0457105237f23dd5c4fc9a8d7df8c8 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 09:57:43 -0400 Subject: [PATCH 075/266] add trends memory usage and network graphs --- .../management_traffic_graph.json.jinja | 2 +- .../panels/memory_usage_graph.json.jinja | 270 +++++++++++------- .../panels/monitor_traffic_graph.json.jinja | 2 +- 3 files changed, 162 insertions(+), 112 deletions(-) diff --git a/salt/grafana/panels/management_traffic_graph.json.jinja b/salt/grafana/panels/management_traffic_graph.json.jinja index 150944a78..e5f803329 100644 --- a/salt/grafana/panels/management_traffic_graph.json.jinja +++ b/salt/grafana/panels/management_traffic_graph.json.jinja @@ -316,7 +316,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "Management Traffic", + "title": "Management Traffic - $manint", "tooltip": { "msResolution": true, "shared": true, diff --git a/salt/grafana/panels/memory_usage_graph.json.jinja b/salt/grafana/panels/memory_usage_graph.json.jinja index 43315f771..6d17db7e8 100644 --- a/salt/grafana/panels/memory_usage_graph.json.jinja +++ b/salt/grafana/panels/memory_usage_graph.json.jinja @@ -1,135 +1,185 @@ { - "type": "graph", - "title": "Memory Usage", - "gridPos": { - "x": {{ PANELS.memory_usage_graph.gridPos.x }}, - "y": {{ PANELS.memory_usage_graph.gridPos.y }}, - "w": {{ PANELS.memory_usage_graph.gridPos.w }}, - "h": {{ PANELS.memory_usage_graph.gridPos.h }} - }, - "id": 61873, - "targets": [ - { - "refId": "A", - "queryType": "randomWalk", - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "value" - ] - }, - { - "type": "mean", - "params": [] - } - ] - ], - "query": "SELECT mean(total) as total, mean(used) as used, mean(cached) as cached, mean(free) as free, mean(buffered) as buffered FROM \"mem\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", - "rawQuery": true, - "alias": "$tag_host: $col" - } - ], - "options": { - "alertThreshold": true - }, + "aliasColors": {}, + "dashLength": 10, "datasource": "InfluxDB", "fieldConfig": { "defaults": {}, "overrides": [] }, - "pluginVersion": "7.5.4", - "renderer": "flot", - "yaxes": [ - { - "label": null, - "show": true, - "logBase": 1, - "min": "0", - "max": null, - "format": "bytes", - "$$hashKey": "object:235" - }, - { - "label": null, - "show": true, - "logBase": 1, - "min": null, - "max": null, - "format": "short", - "$$hashKey": "object:236" - } - ], - "xaxis": { - "show": true, - "mode": "time", - "name": null, - "values": [], - "buckets": null + "fill": 1, + "gridPos": { + "x": {{ PANELS.memory_usage_graph.gridPos.x }}, + "y": {{ PANELS.memory_usage_graph.gridPos.y }}, + "w": {{ PANELS.memory_usage_graph.gridPos.w }}, + "h": {{ PANELS.memory_usage_graph.gridPos.h }} }, - "yaxis": { - "align": false, - "alignLevel": null + "id": 61873, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "show": true, + "total": false, + "values": true }, "lines": true, - "fill": 1, "linewidth": 1, - "dashLength": 10, - "spaceLength": 10, - "pointradius": 2, - "legend": { - "show": true, - "values": true, - "min": true, - "max": true, - "current": true, - "total": false, - "avg": true, - "alignAsTable": true - }, "nullPointMode": "connected", - "tooltip": { - "value_type": "individual", - "shared": true, - "sort": 0 + "options": { + "alertThreshold": true }, - "aliasColors": {}, + "pluginVersion": "7.5.4", + "pointradius": 2, + "renderer": "flot", "seriesOverrides": [ { "$$hashKey": "object:295", "alias": "/total/", + "color": "#C4162A", + "fill": 0 + }, + { + "$$hashKey": "object:164", + "alias": "/trend/", "fill": 0, - "color": "#C4162A" + "linewidth": 4, + "dashes": true, + "dashLength": 4 + } + ], + "spaceLength": 10, + "targets": [ + { + "alias": "$tag_host: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(total) as total, mean(used) as used, mean(cached) as cached, mean(free) as free, mean(buffered) as buffered FROM \"mem\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(mean_total) as trend_total, mean(mean_used) as trend_used, mean(mean_cached) as trean_cached, mean(mean_free) as trend_free, mean(mean_buffered) as trend_buffered FROM \"so_long_term\".\"mem\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [], + "hide": false } ], "thresholds": [], "timeRegions": [], - "fillGradient": 0, - "dashes": false, - "hiddenSeries": false, - "points": false, + "title": "Memory Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:235", + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "$$hashKey": "object:236", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + }, "bars": false, - "stack": false, + "dashes": false, + "description": "", + "fillGradient": 0, + "hiddenSeries": false, "percentage": false, + "points": false, + "stack": false, "steppedLine": false, - "description": "" + "timeFrom": null, + "timeShift": null } diff --git a/salt/grafana/panels/monitor_traffic_graph.json.jinja b/salt/grafana/panels/monitor_traffic_graph.json.jinja index aec9446b0..15290b83f 100644 --- a/salt/grafana/panels/monitor_traffic_graph.json.jinja +++ b/salt/grafana/panels/monitor_traffic_graph.json.jinja @@ -191,7 +191,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "Monitor Traffic", + "title": "Monitor Traffic - $monint", "tooltip": { "msResolution": true, "shared": true, From dae64b82ff133a31416909375710edf663a58a75 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 10:09:34 -0400 Subject: [PATCH 076/266] add trend to cpu --- .../panels/cpu_usage_tasks_graph.json.jinja | 259 +++++++++++------- 1 file changed, 155 insertions(+), 104 deletions(-) diff --git a/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja index 17182c7b3..999d3e205 100644 --- a/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja @@ -1,130 +1,181 @@ { - "type": "graph", - "title": "CPU Usage", - "gridPos": { + "aliasColors": {}, + "dashLength": 10, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "gridPos": { "x": {{ PANELS.cpu_usage_tasks_graph.gridPos.x }}, "y": {{ PANELS.cpu_usage_tasks_graph.gridPos.y }}, "w": {{ PANELS.cpu_usage_tasks_graph.gridPos.w }}, "h": {{ PANELS.cpu_usage_tasks_graph.gridPos.h }} }, "id": 61871, - "targets": [ - { - "refId": "A", - "queryType": "randomWalk", - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "value" - ] - }, - { - "type": "mean", - "params": [] - } - ] - ], - "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /^$servername$/ and cpu = 'cpu-total' AND $timeFilter GROUP BY time($interval), *", - "rawQuery": true, - "alias": "$tag_host: $col" - } - ], + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", "options": { "alertThreshold": true }, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, "pluginVersion": "7.5.4", + "pointradius": 2, "renderer": "flot", - "yaxes": [ + "seriesOverrides": [ { - "label": null, - "show": true, - "logBase": 1, - "min": "0", - "max": "100", - "format": "percent", - "$$hashKey": "object:202", - "decimals": null - }, - { - "label": null, - "show": true, - "logBase": 1, - "min": null, - "max": null, - "format": "short", - "$$hashKey": "object:203" + "$$hashKey": "object:266", + "alias": "/trend/", + "fill": 0, + "linewidth": 4, + "dashes": true, + "dashLength": 4 } ], + "spaceLength": 10, + "targets": [ + { + "alias": "$tag_host: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /^$servername$/ and cpu = 'cpu-total' AND $timeFilter GROUP BY time($interval), *", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(mean_usage_user) as \"trend_user\", mean(mean_usage_system) as \"trend_system\", mean(mean_usage_softirq) as \"trend_softirq\", mean(mean_usage_steal) as \"trend_steal\", mean(mean_usage_nice) as \"trend_nice\", mean(mean_usage_irq) as \"trend_irq\", mean(mean_usage_iowait) as \"trend_iowait\", mean(mean_usage_guest) as \"trend_guest\", mean(mean_usage_guest_nice) as \"trend_guest_nice\" FROM \"so_long_term\".\"cpu\" WHERE \"host\" =~ /^$servername$/ and cpu = 'cpu-total' AND $timeFilter GROUP BY time($interval), *", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [], + "hide": false + } + ], + "thresholds": [], + "timeRegions": [], + "title": "CPU Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", "xaxis": { - "show": true, + "buckets": null, "mode": "time", "name": null, - "values": [], - "buckets": null + "show": true, + "values": [] }, + "yaxes": [ + { + "$$hashKey": "object:202", + "decimals": null, + "format": "percent", + "label": null, + "logBase": 1, + "max": "100", + "min": "0", + "show": true + }, + { + "$$hashKey": "object:203", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], "yaxis": { "align": false, "alignLevel": null }, - "lines": true, - "fill": 1, - "linewidth": 1, - "dashLength": 10, - "spaceLength": 10, - "pointradius": 2, - "legend": { - "show": true, - "values": true, - "min": true, - "max": true, - "current": true, - "total": false, - "avg": true, - "alignAsTable": true, - "hideEmpty": true, - "hideZero": true - }, - "nullPointMode": "connected", - "tooltip": { - "value_type": "individual", - "shared": true, - "sort": 0 - }, - "aliasColors": {}, - "seriesOverrides": [], - "thresholds": [], - "timeRegions": [], - "fillGradient": 0, - "dashes": false, - "hiddenSeries": false, - "points": false, "bars": false, - "stack": false, + "dashes": false, + "fillGradient": 0, + "hiddenSeries": false, "percentage": false, - "steppedLine": false + "points": false, + "stack": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null } From 818f912a905a8d15cfab13c9dfe22800fe7237cf Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 14 Jul 2021 10:13:14 -0400 Subject: [PATCH 077/266] [fix] Remove indent --- salt/filebeat/etc/filebeat.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml index 39257c991..68fc32d7c 100644 --- a/salt/filebeat/etc/filebeat.yml +++ b/salt/filebeat/etc/filebeat.yml @@ -119,7 +119,7 @@ filebeat.inputs: module: logscan dataset: alert processors: - - drop_fields: + - drop_fields: fields: ["source", "prospector", "input", "offset", "beat"] fields_under_root: true clean_removed: true From 4b4ceb525aa79638cd18cea59e033d1102730525 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 10:29:35 -0400 Subject: [PATCH 078/266] trends for load and process status --- .../panels/load_averages_graph.json.jinja | 249 +++++++++++------- .../panels/process_status_graph.json.jinja | 105 ++++++-- 2 files changed, 232 insertions(+), 122 deletions(-) diff --git a/salt/grafana/panels/load_averages_graph.json.jinja b/salt/grafana/panels/load_averages_graph.json.jinja index ffdf22d56..c137e8abe 100644 --- a/salt/grafana/panels/load_averages_graph.json.jinja +++ b/salt/grafana/panels/load_averages_graph.json.jinja @@ -1,127 +1,178 @@ { - "type": "graph", - "title": "Load Averages", - "gridPos": { + "aliasColors": {}, + "dashLength": 10, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "gridPos": { "x": {{ PANELS.load_averages_graph.gridPos.x }}, "y": {{ PANELS.load_averages_graph.gridPos.y }}, "w": {{ PANELS.load_averages_graph.gridPos.w }}, "h": {{ PANELS.load_averages_graph.gridPos.h }} }, "id": 61869, - "targets": [ - { - "refId": "A", - "queryType": "randomWalk", - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "value" - ] - }, - { - "type": "mean", - "params": [] - } - ] - ], - "query": "SELECT mean(load1) as \"1 minute\", mean(load5) as \"5 minutes\", mean(load15) as \"15 minutes\" FROM \"system\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), * ORDER BY asc", - "rawQuery": true, - "alias": "$tag_host: $col" - } - ], + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", "options": { "alertThreshold": true }, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, "pluginVersion": "7.5.4", + "pointradius": 2, "renderer": "flot", - "yaxes": [ + "seriesOverrides": [ { - "label": null, - "show": true, - "logBase": 1, - "min": null, - "max": null, - "format": "short", - "$$hashKey": "object:287" - }, - { - "label": null, - "show": true, - "logBase": 1, - "min": null, - "max": null, - "format": "short", - "$$hashKey": "object:288" + "$$hashKey": "object:364", + "alias": "/trend/", + "fill": 0, + "linewidth": 4, + "dashes": true, + "dashLength": 4 } ], + "spaceLength": 10, + "targets": [ + { + "alias": "$tag_host: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(load1) as \"1 minute\", mean(load5) as \"5 minutes\", mean(load15) as \"15 minutes\" FROM \"system\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), * ORDER BY asc", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $col", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(mean_load1) as \"trend_1 minute\", mean(mean_load5) as \"trend_5 minutes\", mean(mean_load15) as \"trend_15 minutes\" FROM \"so_long_term\".\"system\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), * ORDER BY asc", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [], + "hide": false + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Load Averages - $cpucount Cores", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", "xaxis": { - "show": true, + "buckets": null, "mode": "time", "name": null, - "values": [], - "buckets": null + "show": true, + "values": [] }, + "yaxes": [ + { + "$$hashKey": "object:287", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:288", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], "yaxis": { "align": false, "alignLevel": null }, - "lines": true, - "linewidth": 1, - "dashLength": 10, - "spaceLength": 10, - "pointradius": 2, - "legend": { - "show": true, - "values": true, - "min": true, - "max": true, - "current": true, - "total": false, - "avg": true, - "alignAsTable": true - }, - "nullPointMode": "connected", - "tooltip": { - "value_type": "individual", - "shared": true, - "sort": 0 - }, - "aliasColors": {}, - "seriesOverrides": [], - "thresholds": [], - "timeRegions": [], + "bars": false, + "dashes": false, "fill": 0, "fillGradient": 0, - "dashes": false, "hiddenSeries": false, - "points": false, - "bars": false, - "stack": false, "percentage": false, - "steppedLine": false + "points": false, + "stack": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null } diff --git a/salt/grafana/panels/process_status_graph.json.jinja b/salt/grafana/panels/process_status_graph.json.jinja index 61ea03d1e..b4ca1ff66 100644 --- a/salt/grafana/panels/process_status_graph.json.jinja +++ b/salt/grafana/panels/process_status_graph.json.jinja @@ -1,14 +1,16 @@ { "aliasColors": {}, - "bars": false, "dashLength": 10, - "dashes": false, "datasource": "InfluxDB", "editable": true, - "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, "fill": 1, - "fillGradient": 0, - "gridPos": { + "gridPos": { "x": {{ PANELS.process_status_graph.gridPos.x }}, "y": {{ PANELS.process_status_graph.gridPos.y }}, "w": {{ PANELS.process_status_graph.gridPos.w }}, @@ -36,14 +38,20 @@ "options": { "alertThreshold": true }, - "percentage": false, + "pluginVersion": "7.5.4", "pointradius": 5, - "points": false, "renderer": "flot", - "seriesOverrides": [], + "seriesOverrides": [ + { + "$$hashKey": "object:549", + "alias": "/trend/", + "fill": 0, + "linewidth": 4, + "dashes": true, + "dashLength": 4 + } + ], "spaceLength": 10, - "stack": false, - "steppedLine": false, "targets": [ { "alias": "$tag_host: $col", @@ -88,13 +96,59 @@ "operator": "=~", "value": "/^$server$/" } - ] + ], + "orderByTime": "ASC" + }, + { + "alias": "$tag_host: $col", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "processes", + "policy": "default", + "query": "SELECT mean(mean_running) as trend_running, mean(mean_blocked) as trend_blocked, mean(mean_sleeping) as trend_sleeping, mean(mean_stopped) as trend_stopped, mean(mean_zombies) as trend_zombies, mean(mean_paging) as trend_paging, mean(mean_unknown) as trend_unknown FROM \"so_long_term\".\"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "blocked" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ], + "orderByTime": "ASC", + "hide": false } ], "thresholds": [], - "timeFrom": null, "timeRegions": [], - "timeShift": null, "title": "Process Status", "tooltip": { "msResolution": false, @@ -117,7 +171,8 @@ "logBase": 1, "max": null, "min": null, - "show": true + "show": true, + "$$hashKey": "object:512" }, { "format": "short", @@ -125,19 +180,23 @@ "logBase": 1, "max": null, "min": null, - "show": true + "show": true, + "$$hashKey": "object:513" } ], "yaxis": { "align": false, "alignLevel": null }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "pluginVersion": "7.5.4", - "hiddenSeries": false + "bars": false, + "dashes": false, + "error": false, + "fillGradient": 0, + "hiddenSeries": false, + "percentage": false, + "points": false, + "stack": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null } From 7f8212fdba6ba42048f9ee2ab0d326d9918c6c32 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 11:31:48 -0400 Subject: [PATCH 079/266] add trend, add network graphs --- salt/grafana/defaults.yaml | 55 +--- .../panels/cpu_usage_tasks_graph.json.jinja | 2 +- ...anagement_interface_drops_graph.json.jinja | 261 ++++++++++++++++++ ...agement_interface_packets_graph.json.jinja | 259 +++++++++++++++++ .../monitor_interface_drops_graph.json.jinja | 261 ++++++++++++++++++ ...monitor_interface_packets_graph.json.jinja | 259 +++++++++++++++++ 6 files changed, 1047 insertions(+), 50 deletions(-) create mode 100644 salt/grafana/panels/management_interface_drops_graph.json.jinja create mode 100644 salt/grafana/panels/management_interface_packets_graph.json.jinja create mode 100644 salt/grafana/panels/monitor_interface_drops_graph.json.jinja create mode 100644 salt/grafana/panels/monitor_interface_packets_graph.json.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 711519a6b..c694a24d2 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -163,64 +163,21 @@ grafana: h: 6 w: 24 - row_docker_details: + row_network: gridPos: x: 0 y: 29 h: 1 w: 24 - cpu_docker_combined_current_graph: - gridPos: - x: 0 - y: 30 - h: 8 - w: 24 - cpu_docker_combined_trend_graph: - gridPos: - x: 0 - y: 38 - h: 8 - w: 24 - memory_used_docker_combined_current_graph: - gridPos: - x: 0 - y: 46 - h: 8 - w: 24 - memory_used_docker_combined_trend_graph: - gridPos: - x: 0 - y: 54 - h: 8 - w: 24 - network_usage_docker_combined_current_graph: - gridPos: - x: 0 - y: 62 - h: 8 - w: 24 - network_usage_docker_combined_trend_graph: - gridPos: - x: 0 - y: 70 - h: 8 - w: 24 - - row_network: - gridPos: - x: 0 - y: 78 - h: 1 - w: 24 management_traffic_graph: gridPos: x: 0 - y: 79 + y: 30 h: 6 - w: 24 + w: 12 monitor_traffic_graph: gridPos: - x: 0 - y: 85 + x: 12 + y: 30 h: 6 - w: 24 + w: 12 diff --git a/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja index 999d3e205..f12d163c5 100644 --- a/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja @@ -11,7 +11,7 @@ "x": {{ PANELS.cpu_usage_tasks_graph.gridPos.x }}, "y": {{ PANELS.cpu_usage_tasks_graph.gridPos.y }}, "w": {{ PANELS.cpu_usage_tasks_graph.gridPos.w }}, - "h": {{ PANELS.cpu_usage_tasks_graph.gridPos.h }} + "h": {{ PANELS.cpu_usage_tasks_graph .gridPos.h }} }, "id": 61871, "legend": { diff --git a/salt/grafana/panels/management_interface_drops_graph.json.jinja b/salt/grafana/panels/management_interface_drops_graph.json.jinja new file mode 100644 index 000000000..c315467b9 --- /dev/null +++ b/salt/grafana/panels/management_interface_drops_graph.json.jinja @@ -0,0 +1,261 @@ +{ + "type": "graph", + "title": "Management Interface Drops", + "gridPos": { + "x": {{ PANELS.management_interface_drops_graph.gridPos.x }}, + "y": {{ PANELS.management_interface_drops_graph.gridPos.y }}, + "w": {{ PANELS.management_interface_drops_graph.gridPos.w }}, + "h": {{ PANELS.management_interface_drops_graph.gridPos.h }} + }, + "id": 61877, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "alias": "$tag_host: $tag_interface: $col" + }, + { + "refId": "B", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT non_negative_derivative(mean(drop_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "alias": "$tag_host: $tag_interface: $col" + }, + { + "refId": "C", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT non_negative_derivative(mean(mean_drop_in), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "alias": "$tag_host: $tag_interface: $col", + "hide": false + }, + { + "refId": "D", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT non_negative_derivative(mean(mean_drop_out), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "alias": "$tag_host: $tag_interface: $col" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": "Drops per second", + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "pps", + "$$hashKey": "object:500" + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:501" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": true, + "min": false, + "max": true, + "current": true, + "total": false, + "avg": true, + "alignAsTable": true + }, + "nullPointMode": "null", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [ + { + "$$hashKey": "object:592", + "alias": "/veth/", + "hiddenSeries": true, + "legend": false + }, + { + "$$hashKey": "object:621", + "alias": "/trend/", + "fill": 0, + "linewidth": 4, + "dashes": true, + "dashLength": 4 + } + ], + "thresholds": [], + "timeRegions": [], + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "decimals": 0 +} diff --git a/salt/grafana/panels/management_interface_packets_graph.json.jinja b/salt/grafana/panels/management_interface_packets_graph.json.jinja new file mode 100644 index 000000000..c6b4bb2c2 --- /dev/null +++ b/salt/grafana/panels/management_interface_packets_graph.json.jinja @@ -0,0 +1,259 @@ +{ + "type": "graph", + "title": "Management Interface Packets", + "gridPos": { + "x": {{ PANELS.management_interface_packets_graph.gridPos.x }}, + "y": {{ PANELS.management_interface_packets_graph.gridPos.y }}, + "w": {{ PANELS.management_interface_packets_graph.gridPos.w }}, + "h": {{ PANELS.management_interface_packets_graph.gridPos.h }} + }, + "id": 61875, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT non_negative_derivative(mean(packets_recv), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "alias": "$tag_host: $tag_interface: $col" + }, + { + "refId": "B", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT non_negative_derivative(mean(packets_sent), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "alias": "$tag_host: $tag_interface: $col" + }, + { + "refId": "C", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT non_negative_derivative(mean(mean_packets_recv), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "alias": "$tag_host: $tag_interface: $col", + "hide": false + }, + { + "refId": "D", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT non_negative_derivative(mean(mean_packets_sent), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "alias": "$tag_host: $tag_interface: $col" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": "Packets per second", + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "pps", + "$$hashKey": "object:241" + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:242" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "nullPointMode": "null", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [ + { + "$$hashKey": "object:413", + "alias": "/veth/", + "hiddenSeries": true, + "legend": false + }, + { + "$$hashKey": "object:442", + "alias": "/trend/", + "fill": 0, + "linewidth": 4, + "dashes": true, + "dashLength": 4 + } + ], + "thresholds": [], + "timeRegions": [], + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false +} diff --git a/salt/grafana/panels/monitor_interface_drops_graph.json.jinja b/salt/grafana/panels/monitor_interface_drops_graph.json.jinja new file mode 100644 index 000000000..1830fad2f --- /dev/null +++ b/salt/grafana/panels/monitor_interface_drops_graph.json.jinja @@ -0,0 +1,261 @@ +{ + "type": "graph", + "title": "Monitor Interface Drops", + "gridPos": { + "x": {{ PANELS.monitor_interface_drops_graph.gridPos.x }}, + "y": {{ PANELS.monitor_interface_drops_graph.gridPos.y }}, + "w": {{ PANELS.monitor_interface_drops_graph.gridPos.w }}, + "h": {{ PANELS.monitor_interface_drops_graph.gridPos.h }} + }, + "id": 61387, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "alias": "$tag_host: $tag_interface: $col" + }, + { + "refId": "B", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT non_negative_derivative(mean(drop_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "alias": "$tag_host: $tag_interface: $col" + }, + { + "refId": "C", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT non_negative_derivative(mean(mean_drop_in), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "alias": "$tag_host: $tag_interface: $col", + "hide": false + }, + { + "refId": "D", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT non_negative_derivative(mean(mean_drop_out), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "rawQuery": true, + "alias": "$tag_host: $tag_interface: $col" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": "Drops per second", + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "pps", + "$$hashKey": "object:500" + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:501" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": true, + "min": false, + "max": true, + "current": true, + "total": false, + "avg": true, + "alignAsTable": true + }, + "nullPointMode": "null", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [ + { + "$$hashKey": "object:592", + "alias": "/veth/", + "hiddenSeries": true, + "legend": false + }, + { + "$$hashKey": "object:621", + "alias": "/trend/", + "fill": 0, + "linewidth": 4, + "dashes": true, + "dashLength": 4 + } + ], + "thresholds": [], + "timeRegions": [], + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "decimals": 0 +} diff --git a/salt/grafana/panels/monitor_interface_packets_graph.json.jinja b/salt/grafana/panels/monitor_interface_packets_graph.json.jinja new file mode 100644 index 000000000..5fe51a912 --- /dev/null +++ b/salt/grafana/panels/monitor_interface_packets_graph.json.jinja @@ -0,0 +1,259 @@ +{ + "type": "graph", + "title": "Monitor Interface Packets", + "gridPos": { + "x": {{ PANELS.monitor_interface_packets_graph.gridPos.x }}, + "y": {{ PANELS.monitor_interface_packets_graph.gridPos.y }}, + "w": {{ PANELS.monitor_interface_packets_graph.gridPos.w }}, + "h": {{ PANELS.monitor_interface_packets_graph.gridPos.h }} + }, + "id": 61878, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT non_negative_derivative(mean(packets_recv), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "alias": "$tag_host: $tag_interface: $col" + }, + { + "refId": "B", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT non_negative_derivative(mean(packets_sent), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "alias": "$tag_host: $tag_interface: $col" + }, + { + "refId": "C", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT non_negative_derivative(mean(mean_packets_recv), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "alias": "$tag_host: $tag_interface: $col", + "hide": false + }, + { + "refId": "D", + "hide": false, + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT non_negative_derivative(mean(mean_packets_sent), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "alias": "$tag_host: $tag_interface: $col" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": "Packets per second", + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "pps", + "$$hashKey": "object:241" + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:242" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "nullPointMode": "null", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [ + { + "$$hashKey": "object:413", + "alias": "/veth/", + "hiddenSeries": true, + "legend": false + }, + { + "$$hashKey": "object:442", + "alias": "/trend/", + "fill": 0, + "linewidth": 4, + "dashes": true, + "dashLength": 4 + } + ], + "thresholds": [], + "timeRegions": [], + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false +} From b4111a9f797f8fcd941e43fed8af08f5dd7e659e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 11:38:16 -0400 Subject: [PATCH 080/266] fix network cords --- salt/grafana/defaults.yaml | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index c694a24d2..867e408b6 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -174,10 +174,34 @@ grafana: x: 0 y: 30 h: 6 - w: 12 - monitor_traffic_graph: + w: 24 + management_interface_packets_graph: gridPos: - x: 12 - y: 30 + x: 0 + y: 36 h: 6 w: 12 + management_interface_drops_graph: + gridPos: + x: 12 + y: 36 + h: 6 + w: 24 + monitor_traffic_graph: + gridPos: + x: 0 + y: 42 + h: 6 + w: 24 + monitor_interface_packets_graph: + gridPos: + x: 0 + y: 48 + h: 6 + w: 12 + monitor_interface_drops_graph: + gridPos: + x: 12 + y: 48 + h: 6 + w: 24 From 2d9697cd66c09f9cd37e661f04e0358a09b0891d Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 11:40:31 -0400 Subject: [PATCH 081/266] fix network cords --- salt/grafana/defaults.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 867e408b6..964d13673 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -183,7 +183,7 @@ grafana: w: 12 management_interface_drops_graph: gridPos: - x: 12 + x: 13 y: 36 h: 6 w: 24 @@ -201,7 +201,7 @@ grafana: w: 12 monitor_interface_drops_graph: gridPos: - x: 12 + x: 13 y: 48 h: 6 w: 24 From ca2989c0e5e7e8bb9bb6bcaa3ed4bf042e43664c Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 11:42:01 -0400 Subject: [PATCH 082/266] fix network cords --- salt/grafana/defaults.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 964d13673..4cfbbc3bc 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -183,10 +183,10 @@ grafana: w: 12 management_interface_drops_graph: gridPos: - x: 13 + x: 12 y: 36 h: 6 - w: 24 + w: 12 monitor_traffic_graph: gridPos: x: 0 @@ -201,7 +201,7 @@ grafana: w: 12 monitor_interface_drops_graph: gridPos: - x: 13 + x: 12 y: 48 h: 6 - w: 24 + w: 12 From 902f04efb4da402d8aace622d63ff308b79fc994 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 11:44:14 -0400 Subject: [PATCH 083/266] set 0 as min --- salt/grafana/panels/management_interface_drops_graph.json.jinja | 2 +- .../panels/management_interface_packets_graph.json.jinja | 2 +- salt/grafana/panels/monitor_interface_drops_graph.json.jinja | 2 +- salt/grafana/panels/monitor_interface_packets_graph.json.jinja | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/grafana/panels/management_interface_drops_graph.json.jinja b/salt/grafana/panels/management_interface_drops_graph.json.jinja index c315467b9..a7abdac25 100644 --- a/salt/grafana/panels/management_interface_drops_graph.json.jinja +++ b/salt/grafana/panels/management_interface_drops_graph.json.jinja @@ -182,7 +182,7 @@ "label": "Drops per second", "show": true, "logBase": 1, - "min": null, + "min": 0, "max": null, "format": "pps", "$$hashKey": "object:500" diff --git a/salt/grafana/panels/management_interface_packets_graph.json.jinja b/salt/grafana/panels/management_interface_packets_graph.json.jinja index c6b4bb2c2..dce90f6a2 100644 --- a/salt/grafana/panels/management_interface_packets_graph.json.jinja +++ b/salt/grafana/panels/management_interface_packets_graph.json.jinja @@ -182,7 +182,7 @@ "label": "Packets per second", "show": true, "logBase": 1, - "min": null, + "min": 0, "max": null, "format": "pps", "$$hashKey": "object:241" diff --git a/salt/grafana/panels/monitor_interface_drops_graph.json.jinja b/salt/grafana/panels/monitor_interface_drops_graph.json.jinja index 1830fad2f..3c6035889 100644 --- a/salt/grafana/panels/monitor_interface_drops_graph.json.jinja +++ b/salt/grafana/panels/monitor_interface_drops_graph.json.jinja @@ -182,7 +182,7 @@ "label": "Drops per second", "show": true, "logBase": 1, - "min": null, + "min": 0, "max": null, "format": "pps", "$$hashKey": "object:500" diff --git a/salt/grafana/panels/monitor_interface_packets_graph.json.jinja b/salt/grafana/panels/monitor_interface_packets_graph.json.jinja index 5fe51a912..c02bf4fe9 100644 --- a/salt/grafana/panels/monitor_interface_packets_graph.json.jinja +++ b/salt/grafana/panels/monitor_interface_packets_graph.json.jinja @@ -182,7 +182,7 @@ "label": "Packets per second", "show": true, "logBase": 1, - "min": null, + "min": 0, "max": null, "format": "pps", "$$hashKey": "object:241" From 294f91473c9e13e38571697f3a13c65b54806cdc Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 11:49:24 -0400 Subject: [PATCH 084/266] fix packets legend --- .../panels/management_interface_packets_graph.json.jinja | 9 +++++---- .../panels/monitor_interface_packets_graph.json.jinja | 9 +++++---- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/salt/grafana/panels/management_interface_packets_graph.json.jinja b/salt/grafana/panels/management_interface_packets_graph.json.jinja index dce90f6a2..1c5305c9d 100644 --- a/salt/grafana/panels/management_interface_packets_graph.json.jinja +++ b/salt/grafana/panels/management_interface_packets_graph.json.jinja @@ -216,12 +216,13 @@ "pointradius": 2, "legend": { "show": true, - "values": false, + "values": true, "min": false, - "max": false, - "current": false, + "max": true, + "current": true, "total": false, - "avg": false + "avg": true, + "alignAsTable": true }, "nullPointMode": "null", "tooltip": { diff --git a/salt/grafana/panels/monitor_interface_packets_graph.json.jinja b/salt/grafana/panels/monitor_interface_packets_graph.json.jinja index c02bf4fe9..14a93f16c 100644 --- a/salt/grafana/panels/monitor_interface_packets_graph.json.jinja +++ b/salt/grafana/panels/monitor_interface_packets_graph.json.jinja @@ -216,12 +216,13 @@ "pointradius": 2, "legend": { "show": true, - "values": false, + "values": true, "min": false, - "max": false, - "current": false, + "max": true, + "current": true, "total": false, - "avg": false + "avg": true, + "alignAsTable": true }, "nullPointMode": "null", "tooltip": { From b6deacf86db14215a50d162a55d404b4fdb2def3 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 13:11:48 -0400 Subject: [PATCH 085/266] cords --- salt/grafana/defaults.yaml | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 4cfbbc3bc..5b1d5a0d2 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -135,73 +135,73 @@ grafana: gridPos: x: 0 y: 10 - h: 6 + h: 8 w: 24 load_averages_graph: gridPos: x: 0 - y: 16 - h: 6 + y: 18 + h: 8 w: 12 process_status_graph: gridPos: x: 12 - y: 16 - h: 6 + y: 26 + h: 8 w: 12 row_memory: gridPos: x: 0 - y: 22 + y: 34 h: 1 w: 24 memory_usage_graph: gridPos: x: 0 - y: 23 - h: 6 + y: 25 + h: 8 w: 24 row_network: gridPos: x: 0 - y: 29 + y: 33 h: 1 w: 24 management_traffic_graph: gridPos: x: 0 - y: 30 - h: 6 + y: 34 + h: 8 w: 24 management_interface_packets_graph: gridPos: x: 0 - y: 36 + y: 42 h: 6 w: 12 management_interface_drops_graph: gridPos: x: 12 - y: 36 + y: 42 h: 6 w: 12 monitor_traffic_graph: gridPos: x: 0 - y: 42 - h: 6 + y: 48 + h: 8 w: 24 monitor_interface_packets_graph: gridPos: x: 0 - y: 48 + y: 56 h: 6 w: 12 monitor_interface_drops_graph: gridPos: x: 12 - y: 48 + y: 56 h: 6 w: 12 From 1c868f85c471f5abdc55ff9a32510182830405dc Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 13:25:17 -0400 Subject: [PATCH 086/266] fix cords; --- salt/grafana/defaults.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 5b1d5a0d2..8d88bebe3 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -146,7 +146,7 @@ grafana: process_status_graph: gridPos: x: 12 - y: 26 + y: 18 h: 8 w: 12 From 275a491cac3cac2268ba9d7efbd1717dcd519362 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 13:44:47 -0400 Subject: [PATCH 087/266] cords --- salt/grafana/defaults.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 8d88bebe3..ec57e99e1 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -153,55 +153,55 @@ grafana: row_memory: gridPos: x: 0 - y: 34 + y: 26 h: 1 w: 24 memory_usage_graph: gridPos: x: 0 - y: 25 + y: 27 h: 8 w: 24 row_network: gridPos: x: 0 - y: 33 + y: 35 h: 1 w: 24 management_traffic_graph: gridPos: x: 0 - y: 34 + y: 36 h: 8 w: 24 management_interface_packets_graph: gridPos: x: 0 - y: 42 + y: 44 h: 6 w: 12 management_interface_drops_graph: gridPos: x: 12 - y: 42 + y: 44 h: 6 w: 12 monitor_traffic_graph: gridPos: x: 0 - y: 48 + y: 50 h: 8 w: 24 monitor_interface_packets_graph: gridPos: x: 0 - y: 56 + y: 58 h: 6 w: 12 monitor_interface_drops_graph: gridPos: x: 12 - y: 56 + y: 58 h: 6 w: 12 From 98ce77c2b1b12a56ac43ff9df42149db0c042b6d Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 14:28:25 -0400 Subject: [PATCH 088/266] add disk usage graphs --- salt/grafana/defaults.yaml | 33 +++- .../panels/disk_usage_nsm_graph.json.jinja | 184 ++++++++++++++++++ .../panels/disk_usage_root_graph.json.jinja | 184 ++++++++++++++++++ salt/grafana/panels/row_disk.json.jinja | 15 ++ 4 files changed, 409 insertions(+), 7 deletions(-) create mode 100644 salt/grafana/panels/disk_usage_nsm_graph.json.jinja create mode 100644 salt/grafana/panels/disk_usage_root_graph.json.jinja create mode 100644 salt/grafana/panels/row_disk.json.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index ec57e99e1..59d3f9444 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -179,29 +179,48 @@ grafana: gridPos: x: 0 y: 44 - h: 6 + h: 8 w: 12 management_interface_drops_graph: gridPos: x: 12 y: 44 - h: 6 + h: 8 w: 12 monitor_traffic_graph: gridPos: x: 0 - y: 50 + y: 52 h: 8 w: 24 monitor_interface_packets_graph: gridPos: x: 0 - y: 58 - h: 6 + y: 60 + h: 8 w: 12 monitor_interface_drops_graph: gridPos: x: 12 - y: 58 - h: 6 + y: 60 + h: 8 + w: 12 + + row_disk: + gridPos: + x: 0 + y: 68 + h: 1 + w: 24 + disk_usage_root_graph: + gridPos: + x: 0 + y: 69 + h: 8 + w: 12 + disk_usage_nsm_graph: + gridPos: + x: 12 + y: 69 + h: 8 w: 12 diff --git a/salt/grafana/panels/disk_usage_nsm_graph.json.jinja b/salt/grafana/panels/disk_usage_nsm_graph.json.jinja new file mode 100644 index 000000000..2d9522d4f --- /dev/null +++ b/salt/grafana/panels/disk_usage_nsm_graph.json.jinja @@ -0,0 +1,184 @@ +{ + "type": "graph", + "title": "Disk Usage /nsm", + "gridPos": { + "x": {{ PANELS.disk_usage_nsm_graph.gridPos.x }}, + "y": {{ PANELS.disk_usage_nsm_graph.gridPos.y }}, + "w": {{ PANELS.disk_usage_nsm_graph.gridPos.w }}, + "h": {{ PANELS.disk_usage_nsm_graph.gridPos.h }} + }, + "id": 68888, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT mean(total) AS \"total\", mean(used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/nsm' AND $timeFilter GROUP BY time($interval), \"host\", \"path\"", + "rawQuery": true, + "alias": "$tag_host: mountpoint $tag_path - $col" + }, + { + "refId": "B", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT mean(mean_total) AS \"trend_total\", mean(mean_used) as \"trend_used\" FROM \"so_long_term\".\"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/nsm' AND $timeFilter GROUP BY time($interval), \"host\", \"path\"", + "rawQuery": true, + "alias": "$tag_host: mountpoint $tag_path - $col", + "hide": false + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": "0", + "max": null, + "format": "bytes", + "$$hashKey": "object:235" + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:236" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": true, + "min": false, + "max": true, + "current": true, + "total": false, + "avg": true, + "alignAsTable": true + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [ + { + "$$hashKey": "object:486", + "alias": "/total/", + "fill": 0, + "linewidth": 2, + "color": "#C4162A", + "zindex": 3 + }, + { + "$$hashKey": "object:829", + "alias": "/trend/", + "fill": 0, + "linewidth": 4, + "dashes": true, + "dashLength": 4 + } + ], + "thresholds": [], + "timeRegions": [], + "steppedLine": true, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false +} diff --git a/salt/grafana/panels/disk_usage_root_graph.json.jinja b/salt/grafana/panels/disk_usage_root_graph.json.jinja new file mode 100644 index 000000000..82c56cb5c --- /dev/null +++ b/salt/grafana/panels/disk_usage_root_graph.json.jinja @@ -0,0 +1,184 @@ +{ + "type": "graph", + "title": "Disk Usage /", + "gridPos": { + "x": {{ PANELS.disk_usage_root_graph.gridPos.x }}, + "y": {{ PANELS.disk_usage_root_graph.gridPos.y }}, + "w": {{ PANELS.disk_usage_root_graph.gridPos.w }}, + "h": {{ PANELS.disk_usage_root_graph.gridPos.h }} + }, + "id": 61880, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT mean(total) AS \"total\", mean(used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/' AND $timeFilter GROUP BY time($interval), \"host\", \"path\"", + "rawQuery": true, + "alias": "$tag_host: mountpoint $tag_path - $col" + }, + { + "refId": "B", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT mean(mean_total) AS \"trend_total\", mean(mean_used) as \"trend_used\" FROM \"so_long_term\".\"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/' AND $timeFilter GROUP BY time($interval), \"host\", \"path\"", + "rawQuery": true, + "alias": "$tag_host: mountpoint $tag_path - $col", + "hide": false + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": "0", + "max": null, + "format": "bytes", + "$$hashKey": "object:235" + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:236" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": true, + "min": false, + "max": true, + "current": true, + "total": false, + "avg": true, + "alignAsTable": true + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [ + { + "$$hashKey": "object:486", + "alias": "/total/", + "fill": 0, + "linewidth": 2, + "color": "#C4162A", + "zindex": 3 + }, + { + "$$hashKey": "object:829", + "alias": "/trend/", + "fill": 0, + "linewidth": 4, + "dashes": true, + "dashLength": 4 + } + ], + "thresholds": [], + "timeRegions": [], + "steppedLine": true, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false +} diff --git a/salt/grafana/panels/row_disk.json.jinja b/salt/grafana/panels/row_disk.json.jinja new file mode 100644 index 000000000..3f6270ed9 --- /dev/null +++ b/salt/grafana/panels/row_disk.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_disk.gridPos.x }}, + "y": {{ PANELS.row_disk.gridPos.y }}, + "w": {{ PANELS.row_disk.gridPos.w }}, + "h": {{ PANELS.row_disk.gridPos.h }} + }, + "id": 333, + "panels": [], + "repeat": null, + "title": "Disk", + "type": "row" + } From be13f0a06662bd35fc87c42782ae3d7ed99dd08c Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 14:31:25 -0400 Subject: [PATCH 089/266] change id --- salt/grafana/panels/row_disk.json.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/panels/row_disk.json.jinja b/salt/grafana/panels/row_disk.json.jinja index 3f6270ed9..881b6747f 100644 --- a/salt/grafana/panels/row_disk.json.jinja +++ b/salt/grafana/panels/row_disk.json.jinja @@ -7,7 +7,7 @@ "w": {{ PANELS.row_disk.gridPos.w }}, "h": {{ PANELS.row_disk.gridPos.h }} }, - "id": 333, + "id": 3333, "panels": [], "repeat": null, "title": "Disk", From a44a7b71619872441cdeb6bd4854064059e27006 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 14:45:17 -0400 Subject: [PATCH 090/266] change title --- salt/grafana/panels/management_traffic_graph.json.jinja | 2 +- salt/grafana/panels/monitor_traffic_graph.json.jinja | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/grafana/panels/management_traffic_graph.json.jinja b/salt/grafana/panels/management_traffic_graph.json.jinja index e5f803329..f784b6347 100644 --- a/salt/grafana/panels/management_traffic_graph.json.jinja +++ b/salt/grafana/panels/management_traffic_graph.json.jinja @@ -316,7 +316,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "Management Traffic - $manint", + "title": "Management Interface Traffic - $manint", "tooltip": { "msResolution": true, "shared": true, diff --git a/salt/grafana/panels/monitor_traffic_graph.json.jinja b/salt/grafana/panels/monitor_traffic_graph.json.jinja index 15290b83f..f74eb83a0 100644 --- a/salt/grafana/panels/monitor_traffic_graph.json.jinja +++ b/salt/grafana/panels/monitor_traffic_graph.json.jinja @@ -191,7 +191,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "Monitor Traffic - $monint", + "title": "Monitor Interface Traffic - $monint", "tooltip": { "msResolution": true, "shared": true, From 4acebe7f5936efaa029c68b81d2709f4b9d7e7ac Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 14:47:02 -0400 Subject: [PATCH 091/266] replace $interval with $__interval --- salt/grafana/panels/cpu_usage_guage.json.jinja | 2 +- salt/grafana/panels/cpu_usage_tasks_graph.json.jinja | 4 ++-- salt/grafana/panels/disk_usage_nsm_graph.json.jinja | 4 ++-- salt/grafana/panels/disk_usage_root_graph.json.jinja | 4 ++-- .../panels/load_average_5_minute_singlestat.json.jinja | 2 +- salt/grafana/panels/load_averages_graph.json.jinja | 4 ++-- .../panels/management_interface_drops_graph.json.jinja | 8 ++++---- .../panels/management_interface_packets_graph.json.jinja | 8 ++++---- salt/grafana/panels/memory_usage_graph.json.jinja | 4 ++-- .../panels/monitor_interface_drops_graph.json.jinja | 8 ++++---- .../panels/monitor_interface_packets_graph.json.jinja | 8 ++++---- salt/grafana/panels/monitor_traffic_singlestat.json.jinja | 2 +- salt/grafana/panels/nsm_used_guage.json.jinja | 2 +- .../grafana/panels/pcap_packet_loss_singlestat.json.jinja | 2 +- salt/grafana/panels/pcap_retention_singlestat.json.jinja | 2 +- salt/grafana/panels/process_status_graph.json.jinja | 8 ++++---- salt/grafana/panels/ram_usage_guage.json.jinja | 2 +- salt/grafana/panels/rootfs_used_guage.json.jinja | 2 +- .../panels/suricata_packet_loss_singlestat.json.jinja | 2 +- salt/grafana/panels/swap_usage_guage.json.jinja | 2 +- .../grafana/panels/zeek_packet_loss_singlestat.json.jinja | 2 +- 21 files changed, 41 insertions(+), 41 deletions(-) diff --git a/salt/grafana/panels/cpu_usage_guage.json.jinja b/salt/grafana/panels/cpu_usage_guage.json.jinja index e6b691be8..4a28c315c 100644 --- a/salt/grafana/panels/cpu_usage_guage.json.jinja +++ b/salt/grafana/panels/cpu_usage_guage.json.jinja @@ -66,7 +66,7 @@ "groupBy": [ { "params": [ - "$interval" + "$__interval" ], "type": "time" }, diff --git a/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja index f12d163c5..f0cf6f13b 100644 --- a/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja @@ -65,7 +65,7 @@ ], "orderByTime": "ASC", "policy": "default", - "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /^$servername$/ and cpu = 'cpu-total' AND $timeFilter GROUP BY time($interval), *", + "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /^$servername$/ and cpu = 'cpu-total' AND $timeFilter GROUP BY time($__interval), *", "queryType": "randomWalk", "rawQuery": true, "refId": "A", @@ -104,7 +104,7 @@ ], "orderByTime": "ASC", "policy": "default", - "query": "SELECT mean(mean_usage_user) as \"trend_user\", mean(mean_usage_system) as \"trend_system\", mean(mean_usage_softirq) as \"trend_softirq\", mean(mean_usage_steal) as \"trend_steal\", mean(mean_usage_nice) as \"trend_nice\", mean(mean_usage_irq) as \"trend_irq\", mean(mean_usage_iowait) as \"trend_iowait\", mean(mean_usage_guest) as \"trend_guest\", mean(mean_usage_guest_nice) as \"trend_guest_nice\" FROM \"so_long_term\".\"cpu\" WHERE \"host\" =~ /^$servername$/ and cpu = 'cpu-total' AND $timeFilter GROUP BY time($interval), *", + "query": "SELECT mean(mean_usage_user) as \"trend_user\", mean(mean_usage_system) as \"trend_system\", mean(mean_usage_softirq) as \"trend_softirq\", mean(mean_usage_steal) as \"trend_steal\", mean(mean_usage_nice) as \"trend_nice\", mean(mean_usage_irq) as \"trend_irq\", mean(mean_usage_iowait) as \"trend_iowait\", mean(mean_usage_guest) as \"trend_guest\", mean(mean_usage_guest_nice) as \"trend_guest_nice\" FROM \"so_long_term\".\"cpu\" WHERE \"host\" =~ /^$servername$/ and cpu = 'cpu-total' AND $timeFilter GROUP BY time($__interval), *", "queryType": "randomWalk", "rawQuery": true, "refId": "B", diff --git a/salt/grafana/panels/disk_usage_nsm_graph.json.jinja b/salt/grafana/panels/disk_usage_nsm_graph.json.jinja index 2d9522d4f..b02559d1c 100644 --- a/salt/grafana/panels/disk_usage_nsm_graph.json.jinja +++ b/salt/grafana/panels/disk_usage_nsm_graph.json.jinja @@ -44,7 +44,7 @@ } ] ], - "query": "SELECT mean(total) AS \"total\", mean(used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/nsm' AND $timeFilter GROUP BY time($interval), \"host\", \"path\"", + "query": "SELECT mean(total) AS \"total\", mean(used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/nsm' AND $timeFilter GROUP BY time($__interval), \"host\", \"path\"", "rawQuery": true, "alias": "$tag_host: mountpoint $tag_path - $col" }, @@ -83,7 +83,7 @@ } ] ], - "query": "SELECT mean(mean_total) AS \"trend_total\", mean(mean_used) as \"trend_used\" FROM \"so_long_term\".\"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/nsm' AND $timeFilter GROUP BY time($interval), \"host\", \"path\"", + "query": "SELECT mean(mean_total) AS \"trend_total\", mean(mean_used) as \"trend_used\" FROM \"so_long_term\".\"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/nsm' AND $timeFilter GROUP BY time($__interval), \"host\", \"path\"", "rawQuery": true, "alias": "$tag_host: mountpoint $tag_path - $col", "hide": false diff --git a/salt/grafana/panels/disk_usage_root_graph.json.jinja b/salt/grafana/panels/disk_usage_root_graph.json.jinja index 82c56cb5c..e3f4e5843 100644 --- a/salt/grafana/panels/disk_usage_root_graph.json.jinja +++ b/salt/grafana/panels/disk_usage_root_graph.json.jinja @@ -44,7 +44,7 @@ } ] ], - "query": "SELECT mean(total) AS \"total\", mean(used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/' AND $timeFilter GROUP BY time($interval), \"host\", \"path\"", + "query": "SELECT mean(total) AS \"total\", mean(used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/' AND $timeFilter GROUP BY time($__interval), \"host\", \"path\"", "rawQuery": true, "alias": "$tag_host: mountpoint $tag_path - $col" }, @@ -83,7 +83,7 @@ } ] ], - "query": "SELECT mean(mean_total) AS \"trend_total\", mean(mean_used) as \"trend_used\" FROM \"so_long_term\".\"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/' AND $timeFilter GROUP BY time($interval), \"host\", \"path\"", + "query": "SELECT mean(mean_total) AS \"trend_total\", mean(mean_used) as \"trend_used\" FROM \"so_long_term\".\"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/' AND $timeFilter GROUP BY time($__interval), \"host\", \"path\"", "rawQuery": true, "alias": "$tag_host: mountpoint $tag_path - $col", "hide": false diff --git a/salt/grafana/panels/load_average_5_minute_singlestat.json.jinja b/salt/grafana/panels/load_average_5_minute_singlestat.json.jinja index 97559c163..1b8f9ae80 100644 --- a/salt/grafana/panels/load_average_5_minute_singlestat.json.jinja +++ b/salt/grafana/panels/load_average_5_minute_singlestat.json.jinja @@ -51,7 +51,7 @@ "groupBy": [ { "params": [ - "$interval" + "$__interval" ], "type": "time" }, diff --git a/salt/grafana/panels/load_averages_graph.json.jinja b/salt/grafana/panels/load_averages_graph.json.jinja index c137e8abe..38358ba40 100644 --- a/salt/grafana/panels/load_averages_graph.json.jinja +++ b/salt/grafana/panels/load_averages_graph.json.jinja @@ -62,7 +62,7 @@ ], "orderByTime": "ASC", "policy": "default", - "query": "SELECT mean(load1) as \"1 minute\", mean(load5) as \"5 minutes\", mean(load15) as \"15 minutes\" FROM \"system\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), * ORDER BY asc", + "query": "SELECT mean(load1) as \"1 minute\", mean(load5) as \"5 minutes\", mean(load15) as \"15 minutes\" FROM \"system\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), * ORDER BY asc", "queryType": "randomWalk", "rawQuery": true, "refId": "A", @@ -101,7 +101,7 @@ ], "orderByTime": "ASC", "policy": "default", - "query": "SELECT mean(mean_load1) as \"trend_1 minute\", mean(mean_load5) as \"trend_5 minutes\", mean(mean_load15) as \"trend_15 minutes\" FROM \"so_long_term\".\"system\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), * ORDER BY asc", + "query": "SELECT mean(mean_load1) as \"trend_1 minute\", mean(mean_load5) as \"trend_5 minutes\", mean(mean_load15) as \"trend_15 minutes\" FROM \"so_long_term\".\"system\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), * ORDER BY asc", "queryType": "randomWalk", "rawQuery": true, "refId": "B", diff --git a/salt/grafana/panels/management_interface_drops_graph.json.jinja b/salt/grafana/panels/management_interface_drops_graph.json.jinja index a7abdac25..61497d07c 100644 --- a/salt/grafana/panels/management_interface_drops_graph.json.jinja +++ b/salt/grafana/panels/management_interface_drops_graph.json.jinja @@ -44,7 +44,7 @@ } ] ], - "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", "rawQuery": true, "alias": "$tag_host: $tag_interface: $col" }, @@ -83,7 +83,7 @@ } ] ], - "query": "SELECT non_negative_derivative(mean(drop_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "query": "SELECT non_negative_derivative(mean(drop_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", "rawQuery": true, "alias": "$tag_host: $tag_interface: $col" }, @@ -122,7 +122,7 @@ } ] ], - "query": "SELECT non_negative_derivative(mean(mean_drop_in), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "query": "SELECT non_negative_derivative(mean(mean_drop_in), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", "rawQuery": true, "alias": "$tag_host: $tag_interface: $col", "hide": false @@ -162,7 +162,7 @@ } ] ], - "query": "SELECT non_negative_derivative(mean(mean_drop_out), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "query": "SELECT non_negative_derivative(mean(mean_drop_out), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", "rawQuery": true, "alias": "$tag_host: $tag_interface: $col" } diff --git a/salt/grafana/panels/management_interface_packets_graph.json.jinja b/salt/grafana/panels/management_interface_packets_graph.json.jinja index 1c5305c9d..b5260aa3f 100644 --- a/salt/grafana/panels/management_interface_packets_graph.json.jinja +++ b/salt/grafana/panels/management_interface_packets_graph.json.jinja @@ -44,7 +44,7 @@ } ] ], - "query": "SELECT non_negative_derivative(mean(packets_recv), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "query": "SELECT non_negative_derivative(mean(packets_recv), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", "rawQuery": true, "alias": "$tag_host: $tag_interface: $col" }, @@ -83,7 +83,7 @@ } ] ], - "query": "SELECT non_negative_derivative(mean(packets_sent), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "query": "SELECT non_negative_derivative(mean(packets_sent), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", "rawQuery": true, "alias": "$tag_host: $tag_interface: $col" }, @@ -122,7 +122,7 @@ } ] ], - "query": "SELECT non_negative_derivative(mean(mean_packets_recv), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "query": "SELECT non_negative_derivative(mean(mean_packets_recv), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", "rawQuery": true, "alias": "$tag_host: $tag_interface: $col", "hide": false @@ -162,7 +162,7 @@ } ] ], - "query": "SELECT non_negative_derivative(mean(mean_packets_sent), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "query": "SELECT non_negative_derivative(mean(mean_packets_sent), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", "rawQuery": true, "alias": "$tag_host: $tag_interface: $col" } diff --git a/salt/grafana/panels/memory_usage_graph.json.jinja b/salt/grafana/panels/memory_usage_graph.json.jinja index 6d17db7e8..945796153 100644 --- a/salt/grafana/panels/memory_usage_graph.json.jinja +++ b/salt/grafana/panels/memory_usage_graph.json.jinja @@ -69,7 +69,7 @@ ], "orderByTime": "ASC", "policy": "default", - "query": "SELECT mean(total) as total, mean(used) as used, mean(cached) as cached, mean(free) as free, mean(buffered) as buffered FROM \"mem\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", + "query": "SELECT mean(total) as total, mean(used) as used, mean(cached) as cached, mean(free) as free, mean(buffered) as buffered FROM \"mem\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host ORDER BY asc", "queryType": "randomWalk", "rawQuery": true, "refId": "A", @@ -108,7 +108,7 @@ ], "orderByTime": "ASC", "policy": "default", - "query": "SELECT mean(mean_total) as trend_total, mean(mean_used) as trend_used, mean(mean_cached) as trean_cached, mean(mean_free) as trend_free, mean(mean_buffered) as trend_buffered FROM \"so_long_term\".\"mem\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", + "query": "SELECT mean(mean_total) as trend_total, mean(mean_used) as trend_used, mean(mean_cached) as trean_cached, mean(mean_free) as trend_free, mean(mean_buffered) as trend_buffered FROM \"so_long_term\".\"mem\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host ORDER BY asc", "queryType": "randomWalk", "rawQuery": true, "refId": "B", diff --git a/salt/grafana/panels/monitor_interface_drops_graph.json.jinja b/salt/grafana/panels/monitor_interface_drops_graph.json.jinja index 3c6035889..8db8092da 100644 --- a/salt/grafana/panels/monitor_interface_drops_graph.json.jinja +++ b/salt/grafana/panels/monitor_interface_drops_graph.json.jinja @@ -44,7 +44,7 @@ } ] ], - "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", "rawQuery": true, "alias": "$tag_host: $tag_interface: $col" }, @@ -83,7 +83,7 @@ } ] ], - "query": "SELECT non_negative_derivative(mean(drop_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "query": "SELECT non_negative_derivative(mean(drop_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", "rawQuery": true, "alias": "$tag_host: $tag_interface: $col" }, @@ -122,7 +122,7 @@ } ] ], - "query": "SELECT non_negative_derivative(mean(mean_drop_in), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "query": "SELECT non_negative_derivative(mean(mean_drop_in), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", "rawQuery": true, "alias": "$tag_host: $tag_interface: $col", "hide": false @@ -162,7 +162,7 @@ } ] ], - "query": "SELECT non_negative_derivative(mean(mean_drop_out), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($interval), host,interface fill(none)", + "query": "SELECT non_negative_derivative(mean(mean_drop_out), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", "rawQuery": true, "alias": "$tag_host: $tag_interface: $col" } diff --git a/salt/grafana/panels/monitor_interface_packets_graph.json.jinja b/salt/grafana/panels/monitor_interface_packets_graph.json.jinja index 14a93f16c..012e1edc0 100644 --- a/salt/grafana/panels/monitor_interface_packets_graph.json.jinja +++ b/salt/grafana/panels/monitor_interface_packets_graph.json.jinja @@ -44,7 +44,7 @@ } ] ], - "query": "SELECT non_negative_derivative(mean(packets_recv), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "query": "SELECT non_negative_derivative(mean(packets_recv), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", "rawQuery": true, "alias": "$tag_host: $tag_interface: $col" }, @@ -83,7 +83,7 @@ } ] ], - "query": "SELECT non_negative_derivative(mean(packets_sent), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "query": "SELECT non_negative_derivative(mean(packets_sent), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", "rawQuery": true, "alias": "$tag_host: $tag_interface: $col" }, @@ -122,7 +122,7 @@ } ] ], - "query": "SELECT non_negative_derivative(mean(mean_packets_recv), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "query": "SELECT non_negative_derivative(mean(mean_packets_recv), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", "rawQuery": true, "alias": "$tag_host: $tag_interface: $col", "hide": false @@ -162,7 +162,7 @@ } ] ], - "query": "SELECT non_negative_derivative(mean(mean_packets_sent), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "query": "SELECT non_negative_derivative(mean(mean_packets_sent), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", "rawQuery": true, "alias": "$tag_host: $tag_interface: $col" } diff --git a/salt/grafana/panels/monitor_traffic_singlestat.json.jinja b/salt/grafana/panels/monitor_traffic_singlestat.json.jinja index 8a7985a59..704095b7d 100644 --- a/salt/grafana/panels/monitor_traffic_singlestat.json.jinja +++ b/salt/grafana/panels/monitor_traffic_singlestat.json.jinja @@ -61,7 +61,7 @@ "groupBy": [ { "params": [ - "$interval" + "$__interval" ], "type": "time" }, diff --git a/salt/grafana/panels/nsm_used_guage.json.jinja b/salt/grafana/panels/nsm_used_guage.json.jinja index f939b67d6..d22a1b962 100644 --- a/salt/grafana/panels/nsm_used_guage.json.jinja +++ b/salt/grafana/panels/nsm_used_guage.json.jinja @@ -58,7 +58,7 @@ "groupBy": [ { "params": [ - "$interval" + "$__interval" ], "type": "time" }, diff --git a/salt/grafana/panels/pcap_packet_loss_singlestat.json.jinja b/salt/grafana/panels/pcap_packet_loss_singlestat.json.jinja index 94f4b883f..8b1ada6c8 100644 --- a/salt/grafana/panels/pcap_packet_loss_singlestat.json.jinja +++ b/salt/grafana/panels/pcap_packet_loss_singlestat.json.jinja @@ -67,7 +67,7 @@ "groupBy": [ { "params": [ - "$interval" + "$__interval" ], "type": "time" }, diff --git a/salt/grafana/panels/pcap_retention_singlestat.json.jinja b/salt/grafana/panels/pcap_retention_singlestat.json.jinja index 0bb908d76..1d8a1ef89 100644 --- a/salt/grafana/panels/pcap_retention_singlestat.json.jinja +++ b/salt/grafana/panels/pcap_retention_singlestat.json.jinja @@ -59,7 +59,7 @@ "groupBy": [ { "params": [ - "$interval" + "$__interval" ], "type": "time" }, diff --git a/salt/grafana/panels/process_status_graph.json.jinja b/salt/grafana/panels/process_status_graph.json.jinja index b4ca1ff66..19b10bde5 100644 --- a/salt/grafana/panels/process_status_graph.json.jinja +++ b/salt/grafana/panels/process_status_graph.json.jinja @@ -59,7 +59,7 @@ "groupBy": [ { "params": [ - "$interval" + "$__interval" ], "type": "time" }, @@ -72,7 +72,7 @@ ], "measurement": "processes", "policy": "default", - "query": "SELECT mean(running) as running, mean(blocked) as blocked, mean(sleeping) as sleeping, mean(stopped) as stopped, mean(zombies) as zombies, mean(paging) as paging, mean(unknown) as unknown FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", + "query": "SELECT mean(running) as running, mean(blocked) as blocked, mean(sleeping) as sleeping, mean(stopped) as stopped, mean(zombies) as zombies, mean(paging) as paging, mean(unknown) as unknown FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host ORDER BY asc", "rawQuery": true, "refId": "B", "resultFormat": "time_series", @@ -105,7 +105,7 @@ "groupBy": [ { "params": [ - "$interval" + "$__interval" ], "type": "time" }, @@ -118,7 +118,7 @@ ], "measurement": "processes", "policy": "default", - "query": "SELECT mean(mean_running) as trend_running, mean(mean_blocked) as trend_blocked, mean(mean_sleeping) as trend_sleeping, mean(mean_stopped) as trend_stopped, mean(mean_zombies) as trend_zombies, mean(mean_paging) as trend_paging, mean(mean_unknown) as trend_unknown FROM \"so_long_term\".\"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", + "query": "SELECT mean(mean_running) as trend_running, mean(mean_blocked) as trend_blocked, mean(mean_sleeping) as trend_sleeping, mean(mean_stopped) as trend_stopped, mean(mean_zombies) as trend_zombies, mean(mean_paging) as trend_paging, mean(mean_unknown) as trend_unknown FROM \"so_long_term\".\"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host ORDER BY asc", "rawQuery": true, "refId": "A", "resultFormat": "time_series", diff --git a/salt/grafana/panels/ram_usage_guage.json.jinja b/salt/grafana/panels/ram_usage_guage.json.jinja index c1d05ab5a..1a1bf04a1 100644 --- a/salt/grafana/panels/ram_usage_guage.json.jinja +++ b/salt/grafana/panels/ram_usage_guage.json.jinja @@ -66,7 +66,7 @@ "groupBy": [ { "params": [ - "$interval" + "$__interval" ], "type": "time" }, diff --git a/salt/grafana/panels/rootfs_used_guage.json.jinja b/salt/grafana/panels/rootfs_used_guage.json.jinja index 25968299c..d67e80e4a 100644 --- a/salt/grafana/panels/rootfs_used_guage.json.jinja +++ b/salt/grafana/panels/rootfs_used_guage.json.jinja @@ -58,7 +58,7 @@ "groupBy": [ { "params": [ - "$interval" + "$__interval" ], "type": "time" }, diff --git a/salt/grafana/panels/suricata_packet_loss_singlestat.json.jinja b/salt/grafana/panels/suricata_packet_loss_singlestat.json.jinja index 549899008..fa68557e4 100644 --- a/salt/grafana/panels/suricata_packet_loss_singlestat.json.jinja +++ b/salt/grafana/panels/suricata_packet_loss_singlestat.json.jinja @@ -67,7 +67,7 @@ "groupBy": [ { "params": [ - "$interval" + "$__interval" ], "type": "time" }, diff --git a/salt/grafana/panels/swap_usage_guage.json.jinja b/salt/grafana/panels/swap_usage_guage.json.jinja index 6667a3445..895dd03f4 100644 --- a/salt/grafana/panels/swap_usage_guage.json.jinja +++ b/salt/grafana/panels/swap_usage_guage.json.jinja @@ -67,7 +67,7 @@ "groupBy": [ { "params": [ - "$interval" + "$__interval" ], "type": "time" }, diff --git a/salt/grafana/panels/zeek_packet_loss_singlestat.json.jinja b/salt/grafana/panels/zeek_packet_loss_singlestat.json.jinja index cbea2b6f2..095a15b3e 100644 --- a/salt/grafana/panels/zeek_packet_loss_singlestat.json.jinja +++ b/salt/grafana/panels/zeek_packet_loss_singlestat.json.jinja @@ -67,7 +67,7 @@ "groupBy": [ { "params": [ - "$interval" + "$__interval" ], "type": "time" }, From 59530f4263d9fbae1df925de6f9eba1d9e0384c9 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 14:54:48 -0400 Subject: [PATCH 092/266] cahnge nullPointMode --- salt/grafana/panels/management_interface_drops_graph.json.jinja | 2 +- .../panels/management_interface_packets_graph.json.jinja | 2 +- salt/grafana/panels/monitor_interface_drops_graph.json.jinja | 2 +- salt/grafana/panels/monitor_interface_packets_graph.json.jinja | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/grafana/panels/management_interface_drops_graph.json.jinja b/salt/grafana/panels/management_interface_drops_graph.json.jinja index 61497d07c..22eba5e83 100644 --- a/salt/grafana/panels/management_interface_drops_graph.json.jinja +++ b/salt/grafana/panels/management_interface_drops_graph.json.jinja @@ -224,7 +224,7 @@ "avg": true, "alignAsTable": true }, - "nullPointMode": "null", + "nullPointMode": "connected", "tooltip": { "value_type": "individual", "shared": true, diff --git a/salt/grafana/panels/management_interface_packets_graph.json.jinja b/salt/grafana/panels/management_interface_packets_graph.json.jinja index b5260aa3f..e2911de7d 100644 --- a/salt/grafana/panels/management_interface_packets_graph.json.jinja +++ b/salt/grafana/panels/management_interface_packets_graph.json.jinja @@ -224,7 +224,7 @@ "avg": true, "alignAsTable": true }, - "nullPointMode": "null", + "nullPointMode": "connected", "tooltip": { "value_type": "individual", "shared": true, diff --git a/salt/grafana/panels/monitor_interface_drops_graph.json.jinja b/salt/grafana/panels/monitor_interface_drops_graph.json.jinja index 8db8092da..6b961eb8d 100644 --- a/salt/grafana/panels/monitor_interface_drops_graph.json.jinja +++ b/salt/grafana/panels/monitor_interface_drops_graph.json.jinja @@ -224,7 +224,7 @@ "avg": true, "alignAsTable": true }, - "nullPointMode": "null", + "nullPointMode": "connected", "tooltip": { "value_type": "individual", "shared": true, diff --git a/salt/grafana/panels/monitor_interface_packets_graph.json.jinja b/salt/grafana/panels/monitor_interface_packets_graph.json.jinja index 012e1edc0..7a8062a17 100644 --- a/salt/grafana/panels/monitor_interface_packets_graph.json.jinja +++ b/salt/grafana/panels/monitor_interface_packets_graph.json.jinja @@ -224,7 +224,7 @@ "avg": true, "alignAsTable": true }, - "nullPointMode": "null", + "nullPointMode": "connected", "tooltip": { "value_type": "individual", "shared": true, From 693a9b30ae500569e04bdd69cbb76dbb3b8c4d40 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 15:33:28 -0400 Subject: [PATCH 093/266] add swap, adjust cords --- salt/grafana/defaults.yaml | 40 +++- .../panels/memory_usage_graph.json.jinja | 2 +- salt/grafana/panels/row_swap.json.jinja | 15 ++ .../panels/swap_io_bytes_graph.json.jinja | 178 +++++++++++++++++ .../panels/swap_usage_bytes.json.jinja | 182 ++++++++++++++++++ 5 files changed, 406 insertions(+), 11 deletions(-) create mode 100644 salt/grafana/panels/row_swap.json.jinja create mode 100644 salt/grafana/panels/swap_io_bytes_graph.json.jinja create mode 100644 salt/grafana/panels/swap_usage_bytes.json.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 59d3f9444..3e1c88e74 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -163,64 +163,84 @@ grafana: h: 8 w: 24 - row_network: + row_swap: gridPos: x: 0 y: 35 h: 1 w: 24 - management_traffic_graph: + swap_io_bytes_graph: gridPos: x: 0 y: 36 h: 8 + w: 12 + swap_usage_bytes_graph: + gridPos: + x: 12 + y: 36 + h: 8 + w: 12 + + + row_network: + gridPos: + x: 0 + y: 44 + h: 1 + w: 24 + management_traffic_graph: + gridPos: + x: 0 + y: 45 + h: 8 w: 24 management_interface_packets_graph: gridPos: x: 0 - y: 44 + y: 53 h: 8 w: 12 management_interface_drops_graph: gridPos: x: 12 - y: 44 + y: 53 h: 8 w: 12 monitor_traffic_graph: gridPos: x: 0 - y: 52 + y: 61 h: 8 w: 24 monitor_interface_packets_graph: gridPos: x: 0 - y: 60 + y: 69 h: 8 w: 12 monitor_interface_drops_graph: gridPos: x: 12 - y: 60 + y: 69 h: 8 w: 12 row_disk: gridPos: x: 0 - y: 68 + y: 77 h: 1 w: 24 disk_usage_root_graph: gridPos: x: 0 - y: 69 + y: 78 h: 8 w: 12 disk_usage_nsm_graph: gridPos: x: 12 - y: 69 + y: 78 h: 8 w: 12 diff --git a/salt/grafana/panels/memory_usage_graph.json.jinja b/salt/grafana/panels/memory_usage_graph.json.jinja index 945796153..040ad017b 100644 --- a/salt/grafana/panels/memory_usage_graph.json.jinja +++ b/salt/grafana/panels/memory_usage_graph.json.jinja @@ -108,7 +108,7 @@ ], "orderByTime": "ASC", "policy": "default", - "query": "SELECT mean(mean_total) as trend_total, mean(mean_used) as trend_used, mean(mean_cached) as trean_cached, mean(mean_free) as trend_free, mean(mean_buffered) as trend_buffered FROM \"so_long_term\".\"mem\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host ORDER BY asc", + "query": "SELECT mean(mean_total) as trend_total, mean(mean_used) as trend_used, mean(mean_cached) as trend_cached, mean(mean_free) as trend_free, mean(mean_buffered) as trend_buffered FROM \"so_long_term\".\"mem\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host ORDER BY asc", "queryType": "randomWalk", "rawQuery": true, "refId": "B", diff --git a/salt/grafana/panels/row_swap.json.jinja b/salt/grafana/panels/row_swap.json.jinja new file mode 100644 index 000000000..518dfda25 --- /dev/null +++ b/salt/grafana/panels/row_swap.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_swap.gridPos.x }}, + "y": {{ PANELS.row_swap.gridPos.y }}, + "w": {{ PANELS.row_swap.gridPos.w }}, + "h": {{ PANELS.row_swap.gridPos.h }} + }, + "id": 444, + "panels": [], + "repeat": null, + "title": "Memory", + "type": "row" + } diff --git a/salt/grafana/panels/swap_io_bytes_graph.json.jinja b/salt/grafana/panels/swap_io_bytes_graph.json.jinja new file mode 100644 index 000000000..55aa504ed --- /dev/null +++ b/salt/grafana/panels/swap_io_bytes_graph.json.jinja @@ -0,0 +1,178 @@ +{ + "type": "graph", + "title": "Swap I/O Bytes", + "gridPos": { + "x": {{ PANELS.swap_io_bytes_graph.gridPos.x }}, + "y": {{ PANELS.swap_io_bytes_graph.gridPos.y }}, + "w": {{ PANELS.swap_io_bytes_graph.gridPos.w }}, + "h": {{ PANELS.swap_io_bytes_graph.gridPos.h }} + }, + "id": 68890, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT non_negative_derivative(mean(\"in\")) as \"in\", non_negative_derivative(mean(\"out\")) as \"out\" FROM \"swap\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host ORDER BY asc", + "rawQuery": true, + "alias": "$tag_host: $col" + }, + { + "refId": "B", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT non_negative_derivative(mean(\"mean_in\")) as \"trend_in\", non_negative_derivative(mean(\"mean_out\")) as \"trend_out\" FROM \"so_long_term\".\"swap\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host ORDER BY asc", + "rawQuery": true, + "alias": "$tag_host: $col", + "hide": false + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "bytes", + "$$hashKey": "object:156" + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:157" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": true, + "min": false, + "max": true, + "current": true, + "total": false, + "avg": true, + "alignAsTable": true + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [ + { + "$$hashKey": "object:322", + "alias": "/trend/", + "fill": 0, + "linewidth": 4, + "dashes": true, + "dashLength": 4 + } + ], + "thresholds": [], + "timeRegions": [], + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/swap_usage_bytes.json.jinja b/salt/grafana/panels/swap_usage_bytes.json.jinja new file mode 100644 index 000000000..528d53d9b --- /dev/null +++ b/salt/grafana/panels/swap_usage_bytes.json.jinja @@ -0,0 +1,182 @@ +{ + "type": "graph", + "title": "Swap Usage - bytes", + "gridPos": { + "x": {{ PANELS.swap_usage_bytes_graph.gridPos.x }}, + "y": {{ PANELS.swap_usage_bytes_graph.gridPos.y }}, + "w": {{ PANELS.swap_usage_bytes_graph.gridPos.w }}, + "h": {{ PANELS.swap_usage_bytes_graph.gridPos.h }} + }, + "id": 68892, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT mean(used) as \"used\", mean(total) as \"total\" FROM \"swap\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host ORDER BY asc", + "rawQuery": true, + "alias": "$tag_host: $col" + }, + { + "refId": "B", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT mean(mean_used) as \"trend_used\", mean(mean_total) as \"trend_total\" FROM \"so_long_term\".\"swap\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host ORDER BY asc", + "rawQuery": true, + "alias": "$tag_host: $col", + "hide": false + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": "0", + "max": null, + "format": "bytes", + "$$hashKey": "object:515" + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:516" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": true, + "min": false, + "max": true, + "current": true, + "total": false, + "avg": true, + "alignAsTable": true + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [ + { + "$$hashKey": "object:575", + "alias": "/total/", + "fill": 0, + "color": "#C4162A" + }, + { + "$$hashKey": "object:596", + "alias": "/trend/", + "fill": 0, + "linewidth": 4, + "dashes": true, + "dashLength": 4 + } + ], + "thresholds": [], + "timeRegions": [], + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false +} From 49719332014e37a2891906d18421f8bad155310c Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 15:34:39 -0400 Subject: [PATCH 094/266] rename file --- ...p_usage_bytes.json.jinja => swap_usage_bytes_graph.json.jinja} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename salt/grafana/panels/{swap_usage_bytes.json.jinja => swap_usage_bytes_graph.json.jinja} (100%) diff --git a/salt/grafana/panels/swap_usage_bytes.json.jinja b/salt/grafana/panels/swap_usage_bytes_graph.json.jinja similarity index 100% rename from salt/grafana/panels/swap_usage_bytes.json.jinja rename to salt/grafana/panels/swap_usage_bytes_graph.json.jinja From b0d510167c4ba91ef428aa2e245898bd24fc6c3e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 15:36:26 -0400 Subject: [PATCH 095/266] change title --- salt/grafana/panels/row_swap.json.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/panels/row_swap.json.jinja b/salt/grafana/panels/row_swap.json.jinja index 518dfda25..c465dcc6e 100644 --- a/salt/grafana/panels/row_swap.json.jinja +++ b/salt/grafana/panels/row_swap.json.jinja @@ -10,6 +10,6 @@ "id": 444, "panels": [], "repeat": null, - "title": "Memory", + "title": "Swap", "type": "row" } From 0f0a977ed923776766bbc1cd129993817ade5ae7 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 16:04:17 -0400 Subject: [PATCH 096/266] add disk var --- salt/grafana/templates/disk.json | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 salt/grafana/templates/disk.json diff --git a/salt/grafana/templates/disk.json b/salt/grafana/templates/disk.json new file mode 100644 index 000000000..510eb2930 --- /dev/null +++ b/salt/grafana/templates/disk.json @@ -0,0 +1,28 @@ +{ + "allValue": null, + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": "$InfluxDB", + "definition": "", + "description": null, + "error": null, + "hide": 2, + "includeAll": true, + "label": "Disk", + "multi": true, + "name": "disk", + "options": [], + "query": "SHOW TAG VALUES ON telegraf FROM \"diskio\" WITH KEY = \"name\" WHERE host =~ /$servername/", + "refresh": 1, + "regex": "[a-z]d[\\D]$|nvme[\\d]n[\\d]$", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": null, + "tags": [], + "tagsQuery": null, + "type": "query", + "useTags": false +} From fccd86f676ec7eae92629d74eff312e45c936e8d Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 16:04:55 -0400 Subject: [PATCH 097/266] add disk var to standalone --- salt/grafana/defaults.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 3e1c88e74..7db52ea3c 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -33,6 +33,7 @@ grafana: - manint - monint - cpucount + - disk panels: row_overview: gridPos: From 725161ea6ebeca50c9e4581642bf69ae73af60d9 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 16:07:14 -0400 Subject: [PATCH 098/266] fix datasource --- salt/grafana/templates/disk.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/templates/disk.json b/salt/grafana/templates/disk.json index 510eb2930..473f52da4 100644 --- a/salt/grafana/templates/disk.json +++ b/salt/grafana/templates/disk.json @@ -5,7 +5,7 @@ "text": "All", "value": "$__all" }, - "datasource": "$InfluxDB", + "datasource": "InfluxDB", "definition": "", "description": null, "error": null, From 4ea3ab9538ce29a14e2142bdc251af796b8658dc Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 17:58:49 -0400 Subject: [PATCH 099/266] add disk iops graphs --- salt/grafana/defaults.yaml | 27 ++- .../panels/disk_io_bytes_graph.json.jinja | 202 ++++++++++++++++++ .../panels/disk_io_requests_graph.json.jinja | 202 ++++++++++++++++++ salt/grafana/panels/disk_io_time.json.jinja | 202 ++++++++++++++++++ salt/grafana/panels/row_disk.json.jinja | 15 -- salt/grafana/panels/row_disk_iops.json.jinja | 22 ++ salt/grafana/panels/row_disk_usage.json.jinja | 15 ++ salt/grafana/templates/disk.json | 11 + 8 files changed, 680 insertions(+), 16 deletions(-) create mode 100644 salt/grafana/panels/disk_io_bytes_graph.json.jinja create mode 100644 salt/grafana/panels/disk_io_requests_graph.json.jinja create mode 100644 salt/grafana/panels/disk_io_time.json.jinja delete mode 100644 salt/grafana/panels/row_disk.json.jinja create mode 100644 salt/grafana/panels/row_disk_iops.json.jinja create mode 100644 salt/grafana/panels/row_disk_usage.json.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 7db52ea3c..d7e4d9cd8 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -227,7 +227,7 @@ grafana: h: 8 w: 12 - row_disk: + row_disk_usage: gridPos: x: 0 y: 77 @@ -245,3 +245,28 @@ grafana: y: 78 h: 8 w: 12 + + row_disk_iops: + gridPos: + x: 0 + y: 86 + h: 1 + w: 24 + disk_io_requests_graph: + gridPos: + x: 0 + y: 87 + h: 8 + w: 8 + disk_io_bytes_graph: + gridPos: + x: 8 + y: 87 + h: 8 + w: 8 + disk_io_time_graph: + gridPos: + x: 16 + y: 87 + h: 8 + w: 8 diff --git a/salt/grafana/panels/disk_io_bytes_graph.json.jinja b/salt/grafana/panels/disk_io_bytes_graph.json.jinja new file mode 100644 index 000000000..3a9ec9171 --- /dev/null +++ b/salt/grafana/panels/disk_io_bytes_graph.json.jinja @@ -0,0 +1,202 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "x": {{ PANELS.disk_io_bytes_graph.gridPos.x }}, + "y": {{ PANELS.disk_io_bytes_graph.gridPos.y }}, + "w": {{ PANELS.disk_io_bytes_graph.gridPos.w }}, + "h": {{ PANELS.disk_io_bytes_graph.gridPos.h }} + }, + "hiddenSeries": false, + "id": 60200, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "maxPerRow": 6, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "scopedVars": { + "disk": { + "selected": false, + "text": "sda", + "value": "sda" + } + }, + "seriesOverrides": [{ + "alias": "/.*write$/", + "transform": "negative-Y" + }], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [{ + "alias": "$tag_host: $tag_name: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [{ + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "io_reads", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(read_bytes),1s) as \"read\" FROM \"diskio\" WHERE \"host\" =~ /$servername$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($__interval), *", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [{ + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_name: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [{ + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "io_reads", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(write_bytes),1s) as \"write\" FROM \"diskio\" WHERE \"host\" =~ /$servername$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($__interval), *", + "rawQuery": true, + "refId": "C", + "resultFormat": "time_series", + "select": [ + [{ + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O bytes for /dev/$disk", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [{ + "format": "bytes", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/disk_io_requests_graph.json.jinja b/salt/grafana/panels/disk_io_requests_graph.json.jinja new file mode 100644 index 000000000..9fe96cb03 --- /dev/null +++ b/salt/grafana/panels/disk_io_requests_graph.json.jinja @@ -0,0 +1,202 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "x": {{ PANELS.disk_io_requests_graph.gridPos.x }}, + "y": {{ PANELS.disk_io_requests_graph.gridPos.y }}, + "w": {{ PANELS.disk_io_requests_graph.gridPos.w }}, + "h": {{ PANELS.disk_io_requests_graph.gridPos.h }} + }, + "hiddenSeries": false, + "id": 13782, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "maxPerRow": 6, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "scopedVars": { + "disk": { + "selected": false, + "text": "sda", + "value": "sda" + } + }, + "seriesOverrides": [{ + "alias": "/.*write$/", + "transform": "negative-Y" + }], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [{ + "alias": "$tag_host: $tag_name: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [{ + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "io_reads", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(reads),1s) as \"read\" FROM \"diskio\" WHERE \"host\" =~ /$servername$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($__interval), *", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [{ + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_name: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [{ + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "io_reads", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(writes),1s) as \"write\" FROM \"diskio\" WHERE \"host\" =~ /$servername$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($__interval), *", + "rawQuery": true, + "refId": "C", + "resultFormat": "time_series", + "select": [ + [{ + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O requests for /dev/$disk", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [{ + "format": "iops", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/disk_io_time.json.jinja b/salt/grafana/panels/disk_io_time.json.jinja new file mode 100644 index 000000000..fc7353302 --- /dev/null +++ b/salt/grafana/panels/disk_io_time.json.jinja @@ -0,0 +1,202 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "x": {{ PANELS.disk_io_time_graph.gridPos.x }}, + "y": {{ PANELS.disk_io_time_graph.gridPos.y }}, + "w": {{ PANELS.disk_io_time_graph.gridPos.w }}, + "h": {{ PANELS.disk_io_time_graph.gridPos.h }} + }, + "hiddenSeries": false, + "id": 56720, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "maxPerRow": 6, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "scopedVars": { + "disk": { + "selected": false, + "text": "sda", + "value": "sda" + } + }, + "seriesOverrides": [{ + "alias": "/.*write$/", + "transform": "negative-Y" + }], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [{ + "alias": "$tag_host: $tag_name: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [{ + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "io_reads", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(read_time),1s) as \"read\" FROM \"diskio\" WHERE \"host\" =~ /$servername$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($__interval), *", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [{ + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_name: $col", + "dsType": "influxdb", + "function": "mean", + "groupBy": [{ + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "path", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "io_reads", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(write_time),1s) as \"write\" FROM \"diskio\" WHERE \"host\" =~ /$servername$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($__interval), *", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [{ + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O time for /dev/$disk", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [{ + "format": "ms", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/row_disk.json.jinja b/salt/grafana/panels/row_disk.json.jinja deleted file mode 100644 index 881b6747f..000000000 --- a/salt/grafana/panels/row_disk.json.jinja +++ /dev/null @@ -1,15 +0,0 @@ -{ - "collapsed": false, - "datasource": null, - "gridPos": { - "x": {{ PANELS.row_disk.gridPos.x }}, - "y": {{ PANELS.row_disk.gridPos.y }}, - "w": {{ PANELS.row_disk.gridPos.w }}, - "h": {{ PANELS.row_disk.gridPos.h }} - }, - "id": 3333, - "panels": [], - "repeat": null, - "title": "Disk", - "type": "row" - } diff --git a/salt/grafana/panels/row_disk_iops.json.jinja b/salt/grafana/panels/row_disk_iops.json.jinja new file mode 100644 index 000000000..1d9db6fd6 --- /dev/null +++ b/salt/grafana/panels/row_disk_iops.json.jinja @@ -0,0 +1,22 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_disk.gridPos.x }}, + "y": {{ PANELS.row_disk.gridPos.y }}, + "w": {{ PANELS.row_disk.gridPos.w }}, + "h": {{ PANELS.row_disk.gridPos.h }} + }, + "id": 62055, + "panels": [], + "repeat": "disk", + "scopedVars": { + "disk": { + "selected": false, + "text": "sda", + "value": "sda" + } + }, + "title": "Disk IOPS for /dev/$disk", + "type": "row" +} diff --git a/salt/grafana/panels/row_disk_usage.json.jinja b/salt/grafana/panels/row_disk_usage.json.jinja new file mode 100644 index 000000000..2cfac7cb4 --- /dev/null +++ b/salt/grafana/panels/row_disk_usage.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_disk_usage.gridPos.x }}, + "y": {{ PANELS.row_disk_usage.gridPos.y }}, + "w": {{ PANELS.row_disk_usage.gridPos.w }}, + "h": {{ PANELS.row_disk_usage.gridPos.h }} + }, + "id": 3333, + "panels": [], + "repeat": null, + "title": "Disk Usage", + "type": "row" + } diff --git a/salt/grafana/templates/disk.json b/salt/grafana/templates/disk.json index 473f52da4..91b0e5b17 100644 --- a/salt/grafana/templates/disk.json +++ b/salt/grafana/templates/disk.json @@ -26,3 +26,14 @@ "type": "query", "useTags": false } + + + + + + + + + + + From d632266092c4d8b08397b2f3afad177dc464dba2 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 18:01:56 -0400 Subject: [PATCH 100/266] fix jinja --- salt/grafana/panels/row_disk_iops.json.jinja | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/grafana/panels/row_disk_iops.json.jinja b/salt/grafana/panels/row_disk_iops.json.jinja index 1d9db6fd6..f54494825 100644 --- a/salt/grafana/panels/row_disk_iops.json.jinja +++ b/salt/grafana/panels/row_disk_iops.json.jinja @@ -2,10 +2,10 @@ "collapsed": false, "datasource": null, "gridPos": { - "x": {{ PANELS.row_disk.gridPos.x }}, - "y": {{ PANELS.row_disk.gridPos.y }}, - "w": {{ PANELS.row_disk.gridPos.w }}, - "h": {{ PANELS.row_disk.gridPos.h }} + "x": {{ PANELS.row_disk_iops.gridPos.x }}, + "y": {{ PANELS.row_disk_iops.gridPos.y }}, + "w": {{ PANELS.row_disk_iops.gridPos.w }}, + "h": {{ PANELS.row_disk_iops.gridPos.h }} }, "id": 62055, "panels": [], From 23fb6a5c02ebf675ca3b8818943f1859b2aaf66b Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Jul 2021 18:04:33 -0400 Subject: [PATCH 101/266] rename --- .../{disk_io_time.json.jinja => disk_io_time_graph.json.jinja} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename salt/grafana/panels/{disk_io_time.json.jinja => disk_io_time_graph.json.jinja} (100%) diff --git a/salt/grafana/panels/disk_io_time.json.jinja b/salt/grafana/panels/disk_io_time_graph.json.jinja similarity index 100% rename from salt/grafana/panels/disk_io_time.json.jinja rename to salt/grafana/panels/disk_io_time_graph.json.jinja From c1f550382ccba0e66e0315a32acfa57adc25a6ae Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 15 Jul 2021 08:31:42 -0400 Subject: [PATCH 102/266] remove interval var --- salt/grafana/panels/disk_io_bytes_graph.json.jinja | 1 - salt/grafana/panels/disk_io_requests_graph.json.jinja | 1 - salt/grafana/panels/disk_io_time_graph.json.jinja | 1 - 3 files changed, 3 deletions(-) diff --git a/salt/grafana/panels/disk_io_bytes_graph.json.jinja b/salt/grafana/panels/disk_io_bytes_graph.json.jinja index 3a9ec9171..cc87aadb9 100644 --- a/salt/grafana/panels/disk_io_bytes_graph.json.jinja +++ b/salt/grafana/panels/disk_io_bytes_graph.json.jinja @@ -23,7 +23,6 @@ }, "hiddenSeries": false, "id": 60200, - "interval": "$inter", "legend": { "alignAsTable": true, "avg": true, diff --git a/salt/grafana/panels/disk_io_requests_graph.json.jinja b/salt/grafana/panels/disk_io_requests_graph.json.jinja index 9fe96cb03..c433de325 100644 --- a/salt/grafana/panels/disk_io_requests_graph.json.jinja +++ b/salt/grafana/panels/disk_io_requests_graph.json.jinja @@ -23,7 +23,6 @@ }, "hiddenSeries": false, "id": 13782, - "interval": "$inter", "legend": { "alignAsTable": true, "avg": true, diff --git a/salt/grafana/panels/disk_io_time_graph.json.jinja b/salt/grafana/panels/disk_io_time_graph.json.jinja index fc7353302..41f708fd0 100644 --- a/salt/grafana/panels/disk_io_time_graph.json.jinja +++ b/salt/grafana/panels/disk_io_time_graph.json.jinja @@ -23,7 +23,6 @@ }, "hiddenSeries": false, "id": 56720, - "interval": "$inter", "legend": { "alignAsTable": true, "avg": true, From fbf26bef8dbf4fcb248e09e4ea7bb7694b444731 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 15 Jul 2021 08:42:53 -0400 Subject: [PATCH 103/266] test new groupby interval for trend on monitor packets --- .../grafana/panels/monitor_interface_packets_graph.json.jinja | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/grafana/panels/monitor_interface_packets_graph.json.jinja b/salt/grafana/panels/monitor_interface_packets_graph.json.jinja index 7a8062a17..8bbe733dc 100644 --- a/salt/grafana/panels/monitor_interface_packets_graph.json.jinja +++ b/salt/grafana/panels/monitor_interface_packets_graph.json.jinja @@ -122,7 +122,7 @@ } ] ], - "query": "SELECT non_negative_derivative(mean(mean_packets_recv), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", + "query": "SELECT non_negative_derivative(mean(mean_packets_recv), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time(5m), * fill(none)", "rawQuery": true, "alias": "$tag_host: $tag_interface: $col", "hide": false @@ -162,7 +162,7 @@ } ] ], - "query": "SELECT non_negative_derivative(mean(mean_packets_sent), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", + "query": "SELECT non_negative_derivative(mean(mean_packets_sent), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time(5m), * fill(none)", "rawQuery": true, "alias": "$tag_host: $tag_interface: $col" } From 439e0499488033a275a54e757e4394de0a10ad8a Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 15 Jul 2021 10:17:21 -0400 Subject: [PATCH 104/266] revert to $__interval --- .../grafana/panels/monitor_interface_packets_graph.json.jinja | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/grafana/panels/monitor_interface_packets_graph.json.jinja b/salt/grafana/panels/monitor_interface_packets_graph.json.jinja index 8bbe733dc..7a8062a17 100644 --- a/salt/grafana/panels/monitor_interface_packets_graph.json.jinja +++ b/salt/grafana/panels/monitor_interface_packets_graph.json.jinja @@ -122,7 +122,7 @@ } ] ], - "query": "SELECT non_negative_derivative(mean(mean_packets_recv), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time(5m), * fill(none)", + "query": "SELECT non_negative_derivative(mean(mean_packets_recv), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", "rawQuery": true, "alias": "$tag_host: $tag_interface: $col", "hide": false @@ -162,7 +162,7 @@ } ] ], - "query": "SELECT non_negative_derivative(mean(mean_packets_sent), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time(5m), * fill(none)", + "query": "SELECT non_negative_derivative(mean(mean_packets_sent), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", "rawQuery": true, "alias": "$tag_host: $tag_interface: $col" } From 7dc1f5c445dcb1ea233df209d60f60dbf99a43a4 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 15 Jul 2021 11:25:20 -0400 Subject: [PATCH 105/266] add maxDataPoints and min interval to some panels for testing --- .../panels/cpu_docker_combined_current_graph.json.jinja | 4 +++- .../grafana/panels/cpu_docker_combined_trend_graph.json.jinja | 4 +++- salt/grafana/panels/cpu_usage_tasks_graph.json.jinja | 4 +++- salt/grafana/panels/disk_io_bytes_graph.json.jinja | 2 ++ salt/grafana/panels/disk_io_requests_graph.json.jinja | 2 ++ salt/grafana/panels/disk_io_time_graph.json.jinja | 2 ++ salt/grafana/panels/disk_usage_nsm_graph.json.jinja | 4 +++- salt/grafana/panels/disk_usage_root_graph.json.jinja | 4 +++- salt/grafana/panels/load_averages_graph.json.jinja | 4 +++- .../panels/management_interface_drops_graph.json.jinja | 4 +++- .../panels/management_interface_packets_graph.json.jinja | 4 +++- salt/grafana/panels/management_traffic_graph.json.jinja | 2 ++ salt/grafana/panels/memory_usage_graph.json.jinja | 4 +++- .../memory_used_docker_combined_current_graph.json.jinja | 4 +++- .../panels/memory_used_docker_combined_trend_graph.json.jinja | 4 +++- salt/grafana/panels/monitor_interface_drops_graph.json.jinja | 4 +++- .../grafana/panels/monitor_interface_packets_graph.json.jinja | 4 +++- salt/grafana/panels/monitor_traffic_graph.json.jinja | 2 ++ 18 files changed, 49 insertions(+), 13 deletions(-) diff --git a/salt/grafana/panels/cpu_docker_combined_current_graph.json.jinja b/salt/grafana/panels/cpu_docker_combined_current_graph.json.jinja index 72c6e928f..3df0bd9ad 100644 --- a/salt/grafana/panels/cpu_docker_combined_current_graph.json.jinja +++ b/salt/grafana/panels/cpu_docker_combined_current_graph.json.jinja @@ -151,5 +151,7 @@ "percentage": false, "steppedLine": false, "timeFrom": null, - "timeShift": null + "timeShift": null, + "maxDataPoints": 750, + "interval": "30s" } diff --git a/salt/grafana/panels/cpu_docker_combined_trend_graph.json.jinja b/salt/grafana/panels/cpu_docker_combined_trend_graph.json.jinja index c1ffd278b..f295bfe03 100644 --- a/salt/grafana/panels/cpu_docker_combined_trend_graph.json.jinja +++ b/salt/grafana/panels/cpu_docker_combined_trend_graph.json.jinja @@ -152,5 +152,7 @@ "steppedLine": false, "timeFrom": null, "timeShift": null, - "description": "" + "description": "", + "maxDataPoints": 750, + "interval": "30s" } diff --git a/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja index f0cf6f13b..555ffc968 100644 --- a/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja @@ -177,5 +177,7 @@ "stack": false, "steppedLine": false, "timeFrom": null, - "timeShift": null + "timeShift": null, + "maxDataPoints": 750, + "interval": "30s" } diff --git a/salt/grafana/panels/disk_io_bytes_graph.json.jinja b/salt/grafana/panels/disk_io_bytes_graph.json.jinja index cc87aadb9..e4133ac82 100644 --- a/salt/grafana/panels/disk_io_bytes_graph.json.jinja +++ b/salt/grafana/panels/disk_io_bytes_graph.json.jinja @@ -1,5 +1,7 @@ { "aliasColors": {}, + "maxDataPoints": 750, + "interval": "30s", "bars": false, "dashLength": 10, "dashes": false, diff --git a/salt/grafana/panels/disk_io_requests_graph.json.jinja b/salt/grafana/panels/disk_io_requests_graph.json.jinja index c433de325..b13cd7432 100644 --- a/salt/grafana/panels/disk_io_requests_graph.json.jinja +++ b/salt/grafana/panels/disk_io_requests_graph.json.jinja @@ -1,5 +1,7 @@ { "aliasColors": {}, + "maxDataPoints": 750, + "interval": "30s", "bars": false, "dashLength": 10, "dashes": false, diff --git a/salt/grafana/panels/disk_io_time_graph.json.jinja b/salt/grafana/panels/disk_io_time_graph.json.jinja index 41f708fd0..2ba115e03 100644 --- a/salt/grafana/panels/disk_io_time_graph.json.jinja +++ b/salt/grafana/panels/disk_io_time_graph.json.jinja @@ -1,5 +1,7 @@ { "aliasColors": {}, + "maxDataPoints": 750, + "interval": "30s", "bars": false, "dashLength": 10, "dashes": false, diff --git a/salt/grafana/panels/disk_usage_nsm_graph.json.jinja b/salt/grafana/panels/disk_usage_nsm_graph.json.jinja index b02559d1c..223e2c041 100644 --- a/salt/grafana/panels/disk_usage_nsm_graph.json.jinja +++ b/salt/grafana/panels/disk_usage_nsm_graph.json.jinja @@ -180,5 +180,7 @@ "points": false, "bars": false, "stack": false, - "percentage": false + "percentage": false, + "maxDataPoints": 750, + "interval": "30s" } diff --git a/salt/grafana/panels/disk_usage_root_graph.json.jinja b/salt/grafana/panels/disk_usage_root_graph.json.jinja index e3f4e5843..ee20e5d04 100644 --- a/salt/grafana/panels/disk_usage_root_graph.json.jinja +++ b/salt/grafana/panels/disk_usage_root_graph.json.jinja @@ -180,5 +180,7 @@ "points": false, "bars": false, "stack": false, - "percentage": false + "percentage": false, + "maxDataPoints": 750, + "interval": "30s" } diff --git a/salt/grafana/panels/load_averages_graph.json.jinja b/salt/grafana/panels/load_averages_graph.json.jinja index 38358ba40..bb5e49748 100644 --- a/salt/grafana/panels/load_averages_graph.json.jinja +++ b/salt/grafana/panels/load_averages_graph.json.jinja @@ -174,5 +174,7 @@ "stack": false, "steppedLine": false, "timeFrom": null, - "timeShift": null + "timeShift": null, + "maxDataPoints": 750, + "interval": "30s" } diff --git a/salt/grafana/panels/management_interface_drops_graph.json.jinja b/salt/grafana/panels/management_interface_drops_graph.json.jinja index 22eba5e83..831c6c45a 100644 --- a/salt/grafana/panels/management_interface_drops_graph.json.jinja +++ b/salt/grafana/panels/management_interface_drops_graph.json.jinja @@ -257,5 +257,7 @@ "stack": false, "percentage": false, "steppedLine": false, - "decimals": 0 + "decimals": 0, + "maxDataPoints": 750, + "interval": "30s" } diff --git a/salt/grafana/panels/management_interface_packets_graph.json.jinja b/salt/grafana/panels/management_interface_packets_graph.json.jinja index e2911de7d..b113e8fc2 100644 --- a/salt/grafana/panels/management_interface_packets_graph.json.jinja +++ b/salt/grafana/panels/management_interface_packets_graph.json.jinja @@ -256,5 +256,7 @@ "bars": false, "stack": false, "percentage": false, - "steppedLine": false + "steppedLine": false, + "maxDataPoints": 750, + "interval": "30s" } diff --git a/salt/grafana/panels/management_traffic_graph.json.jinja b/salt/grafana/panels/management_traffic_graph.json.jinja index f784b6347..f8dedf55a 100644 --- a/salt/grafana/panels/management_traffic_graph.json.jinja +++ b/salt/grafana/panels/management_traffic_graph.json.jinja @@ -4,6 +4,8 @@ "OutBound": "#5195CE", "net.non_negative_derivative": "super-light-blue" }, + "maxDataPoints": 750, + "interval": "30s", "bars": false, "dashLength": 10, "dashes": false, diff --git a/salt/grafana/panels/memory_usage_graph.json.jinja b/salt/grafana/panels/memory_usage_graph.json.jinja index 040ad017b..bac85a16f 100644 --- a/salt/grafana/panels/memory_usage_graph.json.jinja +++ b/salt/grafana/panels/memory_usage_graph.json.jinja @@ -181,5 +181,7 @@ "stack": false, "steppedLine": false, "timeFrom": null, - "timeShift": null + "timeShift": null, + "maxDataPoints": 750, + "interval": "30s" } diff --git a/salt/grafana/panels/memory_used_docker_combined_current_graph.json.jinja b/salt/grafana/panels/memory_used_docker_combined_current_graph.json.jinja index 82a6275e9..5a77123ed 100644 --- a/salt/grafana/panels/memory_used_docker_combined_current_graph.json.jinja +++ b/salt/grafana/panels/memory_used_docker_combined_current_graph.json.jinja @@ -145,5 +145,7 @@ "percentage": false, "steppedLine": false, "timeFrom": null, - "timeShift": null + "timeShift": null, + "maxDataPoints": 750, + "interval": "30s" } diff --git a/salt/grafana/panels/memory_used_docker_combined_trend_graph.json.jinja b/salt/grafana/panels/memory_used_docker_combined_trend_graph.json.jinja index 92d7d4741..41688a197 100644 --- a/salt/grafana/panels/memory_used_docker_combined_trend_graph.json.jinja +++ b/salt/grafana/panels/memory_used_docker_combined_trend_graph.json.jinja @@ -145,5 +145,7 @@ "percentage": false, "steppedLine": false, "timeFrom": null, - "timeShift": null + "timeShift": null, + "maxDataPoints": 750, + "interval": "30s" } diff --git a/salt/grafana/panels/monitor_interface_drops_graph.json.jinja b/salt/grafana/panels/monitor_interface_drops_graph.json.jinja index 6b961eb8d..4423b8ef9 100644 --- a/salt/grafana/panels/monitor_interface_drops_graph.json.jinja +++ b/salt/grafana/panels/monitor_interface_drops_graph.json.jinja @@ -257,5 +257,7 @@ "stack": false, "percentage": false, "steppedLine": false, - "decimals": 0 + "decimals": 0, + "maxDataPoints": 750, + "interval": "30s" } diff --git a/salt/grafana/panels/monitor_interface_packets_graph.json.jinja b/salt/grafana/panels/monitor_interface_packets_graph.json.jinja index 7a8062a17..0a9b526b7 100644 --- a/salt/grafana/panels/monitor_interface_packets_graph.json.jinja +++ b/salt/grafana/panels/monitor_interface_packets_graph.json.jinja @@ -256,5 +256,7 @@ "bars": false, "stack": false, "percentage": false, - "steppedLine": false + "steppedLine": false, + "maxDataPoints": 750, + "interval": "30s" } diff --git a/salt/grafana/panels/monitor_traffic_graph.json.jinja b/salt/grafana/panels/monitor_traffic_graph.json.jinja index f74eb83a0..cac330c43 100644 --- a/salt/grafana/panels/monitor_traffic_graph.json.jinja +++ b/salt/grafana/panels/monitor_traffic_graph.json.jinja @@ -5,6 +5,8 @@ "net.non_negative_derivative": "light-orange" }, "bars": false, + "maxDataPoints": 750, + "interval": "30s" "dashLength": 10, "dashes": false, "datasource": "InfluxDB", From 1cbf895e0e869142305888043fc58456899a521a Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 15 Jul 2021 11:27:19 -0400 Subject: [PATCH 106/266] add missing , --- salt/grafana/panels/monitor_traffic_graph.json.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/panels/monitor_traffic_graph.json.jinja b/salt/grafana/panels/monitor_traffic_graph.json.jinja index cac330c43..b446f9a74 100644 --- a/salt/grafana/panels/monitor_traffic_graph.json.jinja +++ b/salt/grafana/panels/monitor_traffic_graph.json.jinja @@ -6,7 +6,7 @@ }, "bars": false, "maxDataPoints": 750, - "interval": "30s" + "interval": "30s", "dashLength": 10, "dashes": false, "datasource": "InfluxDB", From e88b2582082dbef30bba604f3cd71d6f384d70fa Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 15 Jul 2021 11:53:24 -0400 Subject: [PATCH 107/266] add maxDataPoints and min interval to more panels --- .../network_usage_docker_combined_current_graph.json.jinja | 4 +++- .../network_usage_docker_combined_trend_graph.json.jinja | 4 +++- salt/grafana/panels/process_status_graph.json.jinja | 4 +++- salt/grafana/panels/swap_io_bytes_graph.json.jinja | 4 +++- salt/grafana/panels/swap_usage_bytes_graph.json.jinja | 4 +++- 5 files changed, 15 insertions(+), 5 deletions(-) diff --git a/salt/grafana/panels/network_usage_docker_combined_current_graph.json.jinja b/salt/grafana/panels/network_usage_docker_combined_current_graph.json.jinja index 757f9a76c..f90b03f97 100644 --- a/salt/grafana/panels/network_usage_docker_combined_current_graph.json.jinja +++ b/salt/grafana/panels/network_usage_docker_combined_current_graph.json.jinja @@ -227,5 +227,7 @@ "steppedLine": false, "timeFrom": null, "timeShift": null, - "description": "" + "description": "", + "maxDataPoints": 750, + "interval": "30s" } diff --git a/salt/grafana/panels/network_usage_docker_combined_trend_graph.json.jinja b/salt/grafana/panels/network_usage_docker_combined_trend_graph.json.jinja index f07c3e158..498d45857 100644 --- a/salt/grafana/panels/network_usage_docker_combined_trend_graph.json.jinja +++ b/salt/grafana/panels/network_usage_docker_combined_trend_graph.json.jinja @@ -227,5 +227,7 @@ "steppedLine": false, "timeFrom": null, "timeShift": null, - "description": "" + "description": "", + "maxDataPoints": 750, + "interval": "30s" } diff --git a/salt/grafana/panels/process_status_graph.json.jinja b/salt/grafana/panels/process_status_graph.json.jinja index 19b10bde5..480be1902 100644 --- a/salt/grafana/panels/process_status_graph.json.jinja +++ b/salt/grafana/panels/process_status_graph.json.jinja @@ -198,5 +198,7 @@ "stack": false, "steppedLine": false, "timeFrom": null, - "timeShift": null + "timeShift": null, + "maxDataPoints": 750, + "interval": "30s" } diff --git a/salt/grafana/panels/swap_io_bytes_graph.json.jinja b/salt/grafana/panels/swap_io_bytes_graph.json.jinja index 55aa504ed..6d65f5039 100644 --- a/salt/grafana/panels/swap_io_bytes_graph.json.jinja +++ b/salt/grafana/panels/swap_io_bytes_graph.json.jinja @@ -174,5 +174,7 @@ "percentage": false, "steppedLine": false, "timeFrom": null, - "timeShift": null + "timeShift": null, + "maxDataPoints": 750, + "interval": "30s" } diff --git a/salt/grafana/panels/swap_usage_bytes_graph.json.jinja b/salt/grafana/panels/swap_usage_bytes_graph.json.jinja index 528d53d9b..303095ef9 100644 --- a/salt/grafana/panels/swap_usage_bytes_graph.json.jinja +++ b/salt/grafana/panels/swap_usage_bytes_graph.json.jinja @@ -178,5 +178,7 @@ "bars": false, "stack": false, "percentage": false, - "steppedLine": false + "steppedLine": false, + "maxDataPoints": 750, + "interval": "30s" } From 4246aac51bfdf022ec273b6edc5367a31d73c61e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 15 Jul 2021 13:57:43 -0400 Subject: [PATCH 108/266] unhide disk var --- salt/grafana/templates/disk.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/templates/disk.json b/salt/grafana/templates/disk.json index 91b0e5b17..ac1b190af 100644 --- a/salt/grafana/templates/disk.json +++ b/salt/grafana/templates/disk.json @@ -9,7 +9,7 @@ "definition": "", "description": null, "error": null, - "hide": 2, + "hide": 0, "includeAll": true, "label": "Disk", "multi": true, From e8ba4bdc6cb37fbaeeeef75d5407230d782bd045 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 16 Jul 2021 14:07:23 -0400 Subject: [PATCH 109/266] Add quotes to string --- .../logstash/pipelines/config/so/9800_output_logscan.conf.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/logstash/pipelines/config/so/9800_output_logscan.conf.jinja b/salt/logstash/pipelines/config/so/9800_output_logscan.conf.jinja index 6fcf05a70..a0e5bd570 100644 --- a/salt/logstash/pipelines/config/so/9800_output_logscan.conf.jinja +++ b/salt/logstash/pipelines/config/so/9800_output_logscan.conf.jinja @@ -7,7 +7,7 @@ {%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %} output { - if [module] =~ logscan { + if [module] =~ "logscan" { elasticsearch { id => "logscan_pipeline" pipeline => "%{module}" From 9bf1d3e0c6321c243e44d6b883e41060b6b500dd Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 16 Jul 2021 14:59:44 -0400 Subject: [PATCH 110/266] Misc fixes --- salt/elasticsearch/files/ingest/logscan | 9 ++++++--- salt/filebeat/etc/filebeat.yml | 2 +- .../pipelines/config/so/9800_output_logscan.conf.jinja | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/salt/elasticsearch/files/ingest/logscan b/salt/elasticsearch/files/ingest/logscan index 9a094f4c6..3a3debabc 100644 --- a/salt/elasticsearch/files/ingest/logscan +++ b/salt/elasticsearch/files/ingest/logscan @@ -2,14 +2,17 @@ "description": "logscan", "processors": [ { "set": { "field": "event.severity", "value": 2 } }, + { "json": { "field": "message", "add_to_root": true, "ignore_failure": true } }, { "rename": { "field": "@timestamp", "target_field": "event.ingested", "ignore_missing": true } }, { "date": { "field": "timestamp", "target_field": "event.created", "formats": [ "ISO8601", "UNIX" ], "ignore_failure": true } }, { "date": { "field": "start_time", "target_field": "@timestamp", "formats": [ "ISO8601", "UNIX" ], "ignore_failure": true } }, { "date": { "field": "start_time", "target_field": "event.start", "formats": [ "ISO8601", "UNIX" ], "ignore_failure": true } }, { "date": { "field": "end_time", "target_field": "event.end", "formats": [ "ISO8601", "UNIX" ], "ignore_failure": true } }, - { "rename": { "field": "source_ip", "target_field": "source.ip" } }, - { "append": { "field": "logsscan.source.ips", "value": "{{{source.ip}}}" } }, - { "rename": { "field": "source_ips", "target_field": "logscan.source.ips" } }, + { "remove": { "field": "start_time", "ignore_missing": true } }, + { "remove": { "field": "end_time", "ignore_missing": true } }, + { "rename": { "field": "source_ip", "target_field": "source.ip", "ignore_missing": true } }, + { "append": { "field": "logsscan.source.ips", "value": "{{{source.ip}}}", "ignore_failure": true } }, + { "rename": { "field": "source_ips", "target_field": "logscan.source.ips", "ignore_missing": true } }, { "set": { "if": "ctx.model == 'kff'", "field": "rule.name", "value": "LOGSCAN KFF MODEL THRESHOLD" } }, { "set": { "if": "ctx.model == 'kff'", "field": "rule.description", "value": "High ratio of login failures in 5 minute window" } }, { "set": { "if": "ctx.model == 'kl'", "field": "rule.name", "value": "LOGSCAN KL MODEL THRESHOLD" } }, diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml index 68fc32d7c..f5ba5dc74 100644 --- a/salt/filebeat/etc/filebeat.yml +++ b/salt/filebeat/etc/filebeat.yml @@ -114,7 +114,7 @@ filebeat.inputs: - type: log paths: - - /opt/so/log/logscan/alerts.log + - /logs/logscan/alerts.log fields: module: logscan dataset: alert diff --git a/salt/logstash/pipelines/config/so/9800_output_logscan.conf.jinja b/salt/logstash/pipelines/config/so/9800_output_logscan.conf.jinja index a0e5bd570..a1c621484 100644 --- a/salt/logstash/pipelines/config/so/9800_output_logscan.conf.jinja +++ b/salt/logstash/pipelines/config/so/9800_output_logscan.conf.jinja @@ -16,7 +16,7 @@ output { user => "{{ ES_USER }}" password => "{{ ES_PASS }}" {% endif %} - index => "so-%{[event][module]}" + index => "so-logscan" template_name => "so-common" template => "/templates/so-common-template.json" template_overwrite => true From ebf3c65bed81619cd7f9553d10137f6c8fc23c41 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 19 Jul 2021 16:02:40 -0400 Subject: [PATCH 111/266] add many more panels --- salt/grafana/defaults.yaml | 129 ++++++++++- .../panels/disk_io_bytes_graph.json.jinja | 5 +- .../panels/disk_io_requests_graph.json.jinja | 5 +- .../panels/disk_io_time_graph.json.jinja | 5 +- ...sticsearch_document_count_graph.json.jinja | 193 +++++++++++++++++ ...rch_field_data_cache_size_graph.json.jinja | 184 ++++++++++++++++ .../elasticsearch_store_size_graph.json.jinja | 188 ++++++++++++++++ ...lasticsearch_thread_count_graph.json.jinja | 185 ++++++++++++++++ .../panels/influxdb_db_size_graph.json.jinja | 184 ++++++++++++++++ .../logstash_estimated_eps_graph.json.jinja | 187 ++++++++++++++++ ...gstash_estimated_eps_singlestat.json.jinja | 120 +++++++++++ .../panels/redis_queue_graph.json.jinja | 185 ++++++++++++++++ .../panels/row_elasticsearch.json.jinja | 15 ++ salt/grafana/panels/row_influxdb.json.jinja | 15 ++ salt/grafana/panels/row_logstash.json.jinja | 15 ++ salt/grafana/panels/row_redis.json.jinja | 15 ++ salt/grafana/panels/row_suricata.json.jinja | 15 ++ salt/grafana/panels/row_zeek.json.jinja | 15 ++ .../stenographer_packet_loss_graph.json.jinja | 189 ++++++++++++++++ ...enographer_pcap_retention_graph.json.jinja | 189 ++++++++++++++++ .../suricata_packet_loss_graph.json.jinja | 200 +++++++++++++++++ .../panels/zeek_capture_loss_graph.json.jinja | 185 ++++++++++++++++ .../panels/zeek_packet_loss_graph.json.jinja | 201 ++++++++++++++++++ .../zeek_restarts_healthcheck_stat.json.jinja | 93 ++++++++ 24 files changed, 2704 insertions(+), 13 deletions(-) create mode 100644 salt/grafana/panels/elasticsearch_document_count_graph.json.jinja create mode 100644 salt/grafana/panels/elasticsearch_field_data_cache_size_graph.json.jinja create mode 100644 salt/grafana/panels/elasticsearch_store_size_graph.json.jinja create mode 100644 salt/grafana/panels/elasticsearch_thread_count_graph.json.jinja create mode 100644 salt/grafana/panels/influxdb_db_size_graph.json.jinja create mode 100644 salt/grafana/panels/logstash_estimated_eps_graph.json.jinja create mode 100644 salt/grafana/panels/logstash_estimated_eps_singlestat.json.jinja create mode 100644 salt/grafana/panels/redis_queue_graph.json.jinja create mode 100644 salt/grafana/panels/row_elasticsearch.json.jinja create mode 100644 salt/grafana/panels/row_influxdb.json.jinja create mode 100644 salt/grafana/panels/row_logstash.json.jinja create mode 100644 salt/grafana/panels/row_redis.json.jinja create mode 100644 salt/grafana/panels/row_suricata.json.jinja create mode 100644 salt/grafana/panels/row_zeek.json.jinja create mode 100644 salt/grafana/panels/stenographer_packet_loss_graph.json.jinja create mode 100644 salt/grafana/panels/stenographer_pcap_retention_graph.json.jinja create mode 100644 salt/grafana/panels/suricata_packet_loss_graph.json.jinja create mode 100644 salt/grafana/panels/zeek_capture_loss_graph.json.jinja create mode 100644 salt/grafana/panels/zeek_packet_loss_graph.json.jinja create mode 100644 salt/grafana/panels/zeek_restarts_healthcheck_stat.json.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index d7e4d9cd8..35cbbd536 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -71,7 +71,7 @@ grafana: y: 1 h: 4 w: 4 - estimated_eps_singlestat: + logstash_estimated_eps_singlestat: gridPos: x: 20 y: 1 @@ -270,3 +270,130 @@ grafana: y: 87 h: 8 w: 8 + + row_logstash: + gridPos: + x: 0 + y: 95 + h: 1 + w: 24 + logstash_estimated_eps_graph: + gridPos: + x: 0 + y: 96 + h: 8 + w: 24 + + row_elasticsearch: + gridPos: + x: 0 + y: 104 + h: 1 + w: 24 + elasticsearch_document_count_graph: + gridPos: + x: 0 + y: 105 + h: 8 + w: 12 + elasticsearch_thread_count_graph: + gridPos: + x: 12 + y: 105 + h: 8 + w: 1 + elasticsearch_store_size_graph: + gridPos: + x: 0 + y: 113 + h: 8 + w: 12 + elasticsearch_field_data_cache_size_graph: + gridPos: + x: 12 + y: 113 + h: 8 + w: 12 + + row_redis: + gridPos: + x: 0 + y: 121 + h: 1 + w: 24 + redis_queue_graph: + gridPos: + x: 0 + y: 122 + h: 8 + w: 24 + + row_zeek: + gridPos: + x: 0 + y: 130 + h: 1 + w: 24 + zeek_packet_loss_graph: + gridPos: + x: 0 + y: 131 + h: 8 + w: 10 + zeek_capture_loss_graph: + gridPos: + x: 10 + y: 131 + h: 8 + w: 10 + zeek_restarts_healthcheck_stat: + gridPos: + x: 20 + y: 131 + h: 8 + w: 4 + + row_suricata: + gridPos: + x: 0 + y: 139 + h: 1 + w: 24 + suricata_packet_loss_graph: + gridPos: + x: 0 + y: 140 + h: 8 + w: 24 + + row_stenographer: + gridPos: + x: 0 + y: 148 + h: 1 + w: 24 + stenographer_packet_loss_graph: + gridPos: + x: 0 + y: 149 + h: 8 + w: 16 + stenographer_pcap_retention_graph: + gridPos: + x: 0 + y: 149 + h: 8 + w: 8 + + row_influxdb: + gridPos: + x: 0 + y: 157 + h: 1 + w: 24 + influxdb_db_size_graph: + gridPos: + x: 0 + y: 158 + h: 8 + w: 24 diff --git a/salt/grafana/panels/disk_io_bytes_graph.json.jinja b/salt/grafana/panels/disk_io_bytes_graph.json.jinja index e4133ac82..f2efcf766 100644 --- a/salt/grafana/panels/disk_io_bytes_graph.json.jinja +++ b/salt/grafana/panels/disk_io_bytes_graph.json.jinja @@ -60,10 +60,7 @@ "value": "sda" } }, - "seriesOverrides": [{ - "alias": "/.*write$/", - "transform": "negative-Y" - }], + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, diff --git a/salt/grafana/panels/disk_io_requests_graph.json.jinja b/salt/grafana/panels/disk_io_requests_graph.json.jinja index b13cd7432..7b30dbaab 100644 --- a/salt/grafana/panels/disk_io_requests_graph.json.jinja +++ b/salt/grafana/panels/disk_io_requests_graph.json.jinja @@ -60,10 +60,7 @@ "value": "sda" } }, - "seriesOverrides": [{ - "alias": "/.*write$/", - "transform": "negative-Y" - }], + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, diff --git a/salt/grafana/panels/disk_io_time_graph.json.jinja b/salt/grafana/panels/disk_io_time_graph.json.jinja index 2ba115e03..b4ec0fe5f 100644 --- a/salt/grafana/panels/disk_io_time_graph.json.jinja +++ b/salt/grafana/panels/disk_io_time_graph.json.jinja @@ -60,10 +60,7 @@ "value": "sda" } }, - "seriesOverrides": [{ - "alias": "/.*write$/", - "transform": "negative-Y" - }], + "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, diff --git a/salt/grafana/panels/elasticsearch_document_count_graph.json.jinja b/salt/grafana/panels/elasticsearch_document_count_graph.json.jinja new file mode 100644 index 000000000..fd296aeb1 --- /dev/null +++ b/salt/grafana/panels/elasticsearch_document_count_graph.json.jinja @@ -0,0 +1,193 @@ +{ + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "gridPos": { + "x": {{ PANELS.elasticsearch_document_count_graph.gridPos.x }}, + "y": {{ PANELS.elasticsearch_document_count_graph.gridPos.y }}, + "w": {{ PANELS.elasticsearch_document_count_graph.gridPos.w }}, + "h": {{ PANELS.elasticsearch_document_count_graph.gridPos.h }} + }, + "id": 33, + "links": [], + "maxDataPoints": 750, + "nullPointMode": "connected", + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "elasticsearch_indices", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "docs_count" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ], + "alias": "Document Count Current" + }, + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "elasticsearch_indices", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_docs_count" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ], + "alias": "Document Count Trend", + "hide": false + } + ], + "thresholds": [], + "title": "Document Count", + "type": "graph", + "options": { + "alertThreshold": true + }, + "interval": "30s", + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:678" + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:679" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": true, + "min": false, + "max": false, + "current": true, + "total": false, + "avg": false, + "alignAsTable": true, + "rightSide": false + }, + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [ + { + "$$hashKey": "object:1050", + "alias": "/Trend/", + "fill": 0, + "linewidth": 4, + "dashes": true, + "dashLength": 4 + } + ], + "timeRegions": [], + "cacheTimeout": null, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/elasticsearch_field_data_cache_size_graph.json.jinja b/salt/grafana/panels/elasticsearch_field_data_cache_size_graph.json.jinja new file mode 100644 index 000000000..69c374fca --- /dev/null +++ b/salt/grafana/panels/elasticsearch_field_data_cache_size_graph.json.jinja @@ -0,0 +1,184 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "x": {{ PANELS.elasticsearch_field_data_cache_size_graph.gridPos.x }}, + "y": {{ PANELS.elasticsearch_field_data_cache_size_graph.gridPos.y }}, + "w": {{ PANELS.elasticsearch_field_data_cache_size_graph.gridPos.w }}, + "h": {{ PANELS.elasticsearch_field_data_cache_size_graph.gridPos.h }} + }, + "hiddenSeries": false, + "id": 6363, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Size Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "elasticsearch_indices", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "fielddata_memory_size_in_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + }, + { + "alias": "Size Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "elasticsearch_indices", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_fielddata_memory_size_in_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Fielddata Cache Size", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "decbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/elasticsearch_store_size_graph.json.jinja b/salt/grafana/panels/elasticsearch_store_size_graph.json.jinja new file mode 100644 index 000000000..59ee89df7 --- /dev/null +++ b/salt/grafana/panels/elasticsearch_store_size_graph.json.jinja @@ -0,0 +1,188 @@ +{ + "aliasColors": {}, + "bars": false, + "cacheTimeout": null, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "x": {{ PANELS.elasticsearch_store_size_graph.gridPos.x }}, + "y": {{ PANELS.elasticsearch_store_size_graph.gridPos.y }}, + "w": {{ PANELS.elasticsearch_store_size_graph.gridPos.w }}, + "h": {{ PANELS.elasticsearch_store_size_graph.gridPos.h }} + }, + "hiddenSeries": false, + "id": 63442, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Size Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "elasticsearch_indices", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "store_size_in_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + }, + { + "alias": "Size Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "elasticsearch_indices", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_store_size_in_bytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Store Size", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "decbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/elasticsearch_thread_count_graph.json.jinja b/salt/grafana/panels/elasticsearch_thread_count_graph.json.jinja new file mode 100644 index 000000000..9602adc9e --- /dev/null +++ b/salt/grafana/panels/elasticsearch_thread_count_graph.json.jinja @@ -0,0 +1,185 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "x": {{ PANELS.elasticsearch_thread_count_graph.gridPos.x }}, + "y": {{ PANELS.elasticsearch_thread_count_graph.gridPos.y }}, + "w": {{ PANELS.elasticsearch_thread_count_graph.gridPos.w }}, + "h": {{ PANELS.elasticsearch_thread_count_graph.gridPos.h }} + }, + "hiddenSeries": false, + "id": 56565, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Count Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "elasticsearch_jvm", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "threads_count" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + }, + { + "alias": "Count Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "elasticsearch_jvm", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_threads_count" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Thread Count", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/influxdb_db_size_graph.json.jinja b/salt/grafana/panels/influxdb_db_size_graph.json.jinja new file mode 100644 index 000000000..7c07525b7 --- /dev/null +++ b/salt/grafana/panels/influxdb_db_size_graph.json.jinja @@ -0,0 +1,184 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "x": {{ PANELS.influxdb_db_size_graph.gridPos.x }}, + "y": {{ PANELS.influxdb_db_size_graph.gridPos.y }}, + "w": {{ PANELS.influxdb_db_size_graph.gridPos.w }}, + "h": {{ PANELS.influxdb_db_size_graph.gridPos.h }} + }, + "hiddenSeries": false, + "id": 69, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Size Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "influxsize", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "kbytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + }, + { + "alias": "Size Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "influxsize", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_kbytes" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "InfluxDB Database Size", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "deckbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/logstash_estimated_eps_graph.json.jinja b/salt/grafana/panels/logstash_estimated_eps_graph.json.jinja new file mode 100644 index 000000000..089a04ea1 --- /dev/null +++ b/salt/grafana/panels/logstash_estimated_eps_graph.json.jinja @@ -0,0 +1,187 @@ +{ + "aliasColors": {}, + "bars": false, + "maxDataPoints": 750, + "interval": "30s", + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "description": "", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "x": {{ PANELS.logstash_estimated_eps_graph.gridPos.x }}, + "y": {{ PANELS.logstash_estimated_eps_graph.gridPos.y }}, + "w": {{ PANELS.logstash_estimated_eps_graph.gridPos.w }}, + "h": {{ PANELS.logstash_estimated_eps_graph.gridPos.h }} + }, + "hiddenSeries": false, + "id": 76, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": false + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "EPS Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "consumptioneps", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "eps" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + }, + { + "alias": "EPS Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "consumptioneps", + "orderByTime": "ASC", + "policy": "so_long_term", + "queryType": "randomWalk", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_eps" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Estimated EPS", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "EPS", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/logstash_estimated_eps_singlestat.json.jinja b/salt/grafana/panels/logstash_estimated_eps_singlestat.json.jinja new file mode 100644 index 000000000..7532e63dc --- /dev/null +++ b/salt/grafana/panels/logstash_estimated_eps_singlestat.json.jinja @@ -0,0 +1,120 @@ +{ + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "InfluxDB", + "decimals": 0, + "editable": true, + "error": false, + "format": "short", + "gauge": {}, + "gridPos": { + "x": {{ PANELS.logstash_estimated_eps_singlestat.gridPos.x }}, + "y": {{ PANELS.logstash_estimated_eps_singlestat.gridPos.y }}, + "w": {{ PANELS.logstash_estimated_eps_singlestat.gridPos.w }}, + "h": {{ PANELS.logstash_estimated_eps_singlestat.gridPos.h }} + }, + "height": "150", + "id": 23, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "consumptioneps", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "eps" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "thresholds": "", + "title": "Estimated EPS", + "type": "singlestat", + "valueFontSize": "100%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current", + "fieldConfig": { + "defaults": {}, + "overrides": [] + } +} diff --git a/salt/grafana/panels/redis_queue_graph.json.jinja b/salt/grafana/panels/redis_queue_graph.json.jinja new file mode 100644 index 000000000..c246d11e7 --- /dev/null +++ b/salt/grafana/panels/redis_queue_graph.json.jinja @@ -0,0 +1,185 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "description": "", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "x": {{ PANELS.redis_queue_graph.gridPos.x }}, + "y": {{ PANELS.redis_queue_graph.gridPos.y }}, + "w": {{ PANELS.redis_queue_graph.gridPos.w }}, + "h": {{ PANELS.redis_queue_graph.gridPos.h }} + }, + "hiddenSeries": false, + "id": 55, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Queue Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "redisqueue", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "unparsed" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + }, + { + "alias": "Queue Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "redisqueue", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_unparsed" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Redis Queue", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/row_elasticsearch.json.jinja b/salt/grafana/panels/row_elasticsearch.json.jinja new file mode 100644 index 000000000..04340c3e2 --- /dev/null +++ b/salt/grafana/panels/row_elasticsearch.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_elasticsearch.gridPos.x }}, + "y": {{ PANELS.row_elasticsearch.gridPos.y }}, + "w": {{ PANELS.row_elasticsearch.gridPos.w }}, + "h": {{ PANELS.row_elasticsearch.gridPos.h }} + }, + "id": 2442, + "panels": [], + "repeat": null, + "title": "Elasticsearch", + "type": "row" + } diff --git a/salt/grafana/panels/row_influxdb.json.jinja b/salt/grafana/panels/row_influxdb.json.jinja new file mode 100644 index 000000000..7f3251cc9 --- /dev/null +++ b/salt/grafana/panels/row_influxdb.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_influxdb.gridPos.x }}, + "y": {{ PANELS.row_influxdb.gridPos.y }}, + "w": {{ PANELS.row_influxdb.gridPos.w }}, + "h": {{ PANELS.row_influxdb.gridPos.h }} + }, + "id": 43434, + "panels": [], + "repeat": null, + "title": "InfluxDB", + "type": "row" + } diff --git a/salt/grafana/panels/row_logstash.json.jinja b/salt/grafana/panels/row_logstash.json.jinja new file mode 100644 index 000000000..e934dbd0e --- /dev/null +++ b/salt/grafana/panels/row_logstash.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_logstash.gridPos.x }}, + "y": {{ PANELS.row_logstash.gridPos.y }}, + "w": {{ PANELS.row_logstash.gridPos.w }}, + "h": {{ PANELS.row_logstash.gridPos.h }} + }, + "id": 24242, + "panels": [], + "repeat": null, + "title": "Logstash", + "type": "row" + } diff --git a/salt/grafana/panels/row_redis.json.jinja b/salt/grafana/panels/row_redis.json.jinja new file mode 100644 index 000000000..402283553 --- /dev/null +++ b/salt/grafana/panels/row_redis.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_redis.gridPos.x }}, + "y": {{ PANELS.row_redis.gridPos.y }}, + "w": {{ PANELS.row_redis.gridPos.w }}, + "h": {{ PANELS.row_redis.gridPos.h }} + }, + "id": 24242, + "panels": [], + "repeat": null, + "title": "Redis", + "type": "row" + } diff --git a/salt/grafana/panels/row_suricata.json.jinja b/salt/grafana/panels/row_suricata.json.jinja new file mode 100644 index 000000000..d4dead5c5 --- /dev/null +++ b/salt/grafana/panels/row_suricata.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_suricata.gridPos.x }}, + "y": {{ PANELS.row_suricata.gridPos.y }}, + "w": {{ PANELS.row_suricata.gridPos.w }}, + "h": {{ PANELS.row_suricata.gridPos.h }} + }, + "id": 8481, + "panels": [], + "repeat": null, + "title": "Suricata", + "type": "row" + } diff --git a/salt/grafana/panels/row_zeek.json.jinja b/salt/grafana/panels/row_zeek.json.jinja new file mode 100644 index 000000000..1b236a543 --- /dev/null +++ b/salt/grafana/panels/row_zeek.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_zeek.gridPos.x }}, + "y": {{ PANELS.row_zeek.gridPos.y }}, + "w": {{ PANELS.row_zeek.gridPos.w }}, + "h": {{ PANELS.row_zeek.gridPos.h }} + }, + "id": 21281, + "panels": [], + "repeat": null, + "title": "Zeek", + "type": "row" + } diff --git a/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja b/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja new file mode 100644 index 000000000..d3d1f66d4 --- /dev/null +++ b/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja @@ -0,0 +1,189 @@ +{ + "aliasColors": {}, + "bars": false, + "cacheTimeout": null, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "x": {{ PANELS.stenographer_packet_loss_graph.gridPos.x }}, + "y": {{ PANELS.stenographer_packet_loss_graph.gridPos.y }}, + "w": {{ PANELS.stenographer_packet_loss_graph.gridPos.w }}, + "h": {{ PANELS.stenographer_packet_loss_graph.gridPos.h }} + }, + "hiddenSeries": false, + "id": 19, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Loss Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "stenodrop", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "drop" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + }, + { + "alias": "Loss Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "stenodrop", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_drop" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Stenographer Packet Loss", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/stenographer_pcap_retention_graph.json.jinja b/salt/grafana/panels/stenographer_pcap_retention_graph.json.jinja new file mode 100644 index 000000000..350ceefff --- /dev/null +++ b/salt/grafana/panels/stenographer_pcap_retention_graph.json.jinja @@ -0,0 +1,189 @@ +{ + "aliasColors": {}, + "bars": false, + "cacheTimeout": null, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "unit": "s" + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "x": {{ PANELS.stenographer_pcap_retention_graph.gridPos.x }}, + "y": {{ PANELS.stenographer_pcap_retention_graph.gridPos.y }}, + "w": {{ PANELS.stenographer_pcap_retention_graph.gridPos.w }}, + "h": {{ PANELS.stenographer_pcap_retention_graph.gridPos.h }} + }, + "hiddenSeries": false, + "id": 22, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Oldest Pcap Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "pcapage", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "seconds" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + }, + { + "alias": "Oldest Pcap Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "pcapage", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_seconds" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Stenographer PCAP Retention", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 2, + "format": "s", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/suricata_packet_loss_graph.json.jinja b/salt/grafana/panels/suricata_packet_loss_graph.json.jinja new file mode 100644 index 000000000..5d75eede7 --- /dev/null +++ b/salt/grafana/panels/suricata_packet_loss_graph.json.jinja @@ -0,0 +1,200 @@ +{ + "aliasColors": {}, + "bars": false, + "cacheTimeout": null, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "x": {{ PANELS.suricata_packet_loss_graph.gridPos.x }}, + "y": {{ PANELS.suricata_packet_loss_graph.gridPos.y }}, + "w": {{ PANELS.suricata_packet_loss_graph.gridPos.w }}, + "h": {{ PANELS.suricata_packet_loss_graph.gridPos.h }} + }, + "hiddenSeries": false, + "id": 21, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Loss Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "suridrop", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "drop" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [ + "* 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + }, + { + "alias": "Loss Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "suridrop", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_drop" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [ + "* 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Suricata Packet Loss", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/zeek_capture_loss_graph.json.jinja b/salt/grafana/panels/zeek_capture_loss_graph.json.jinja new file mode 100644 index 000000000..9a3d24126 --- /dev/null +++ b/salt/grafana/panels/zeek_capture_loss_graph.json.jinja @@ -0,0 +1,185 @@ +{ + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "x": {{ PANELS.zeek_capture_loss_graph.gridPos.x }}, + "y": {{ PANELS.zeek_capture_loss_graph.gridPos.y }}, + "w": {{ PANELS.zeek_capture_loss_graph.gridPos.w }}, + "h": {{ PANELS.zeek_capture_loss_graph.gridPos.h }} + }, + "hiddenSeries": false, + "id": 71, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": true, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Loss Current", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "zeekcaptureloss", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "loss" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + }, + { + "alias": "Loss Trend", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": true, + "measurement": "zeekcaptureloss", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_loss" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Capture Loss", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percent", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/zeek_packet_loss_graph.json.jinja b/salt/grafana/panels/zeek_packet_loss_graph.json.jinja new file mode 100644 index 000000000..d0c3cc9f4 --- /dev/null +++ b/salt/grafana/panels/zeek_packet_loss_graph.json.jinja @@ -0,0 +1,201 @@ +{ + "aliasColors": {}, + "bars": false, + "cacheTimeout": null, + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "x": {{ PANELS.zeek_packet_loss_graph.gridPos.x }}, + "y": {{ PANELS.zeek_packet_loss_graph.gridPos.y }}, + "w": {{ PANELS.zeek_packet_loss_graph.gridPos.w }}, + "h": {{ PANELS.zeek_packet_loss_graph.gridPos.h }} + }, + "hiddenSeries": false, + "id": 20, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Trend/", + "dashLength": 4, + "dashes": true, + "fill": 0, + "linewidth": 4 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Loss Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "zeekdrop", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "drop" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [ + "* 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + }, + { + "alias": "Loss Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "zeekdrop", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_drop" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [ + "* 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Zeek Packet Loss", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} diff --git a/salt/grafana/panels/zeek_restarts_healthcheck_stat.json.jinja b/salt/grafana/panels/zeek_restarts_healthcheck_stat.json.jinja new file mode 100644 index 000000000..85dda1154 --- /dev/null +++ b/salt/grafana/panels/zeek_restarts_healthcheck_stat.json.jinja @@ -0,0 +1,93 @@ +{ + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "x": {{ PANELS.zeek_restarts_healthcheck_stat.gridPos.x }}, + "y": {{ PANELS.zeek_restarts_healthcheck_stat.gridPos.y }}, + "w": {{ PANELS.zeek_restarts_healthcheck_stat.gridPos.w }}, + "h": {{ PANELS.zeek_restarts_healthcheck_stat.gridPos.h }} + }, + "id": 37, + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "sum" + ], + "fields": "" + }, + "orientation": "auto", + "text": {}, + "textMode": "auto", + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto" + }, + "pluginVersion": "7.5.4", + "targets": [ + { + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "healthcheck", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "zeek_restart" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Zeek Restarts via Healthcheck", + "type": "stat" +} From 158f3bf092568a499ad3914e89d21f99a9c5cec3 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 19 Jul 2021 16:18:02 -0400 Subject: [PATCH 112/266] add row_stenographer --- salt/grafana/panels/row_stenographer.json.jinja | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 salt/grafana/panels/row_stenographer.json.jinja diff --git a/salt/grafana/panels/row_stenographer.json.jinja b/salt/grafana/panels/row_stenographer.json.jinja new file mode 100644 index 000000000..004757748 --- /dev/null +++ b/salt/grafana/panels/row_stenographer.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_stenographer.gridPos.x }}, + "y": {{ PANELS.row_stenographer.gridPos.y }}, + "w": {{ PANELS.row_stenographer.gridPos.w }}, + "h": {{ PANELS.row_stenographer.gridPos.h }} + }, + "id": 8812, + "panels": [], + "repeat": null, + "title": "Stenographer", + "type": "row" + } From 60356eaccec2943f323d09d6ca978bf1353fd0b2 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 19 Jul 2021 16:26:09 -0400 Subject: [PATCH 113/266] make the ids unique --- salt/grafana/panels/old/pcap_retention.json.jinja | 2 +- salt/grafana/panels/old/suricata_packet_loss.json.jinja | 2 +- salt/grafana/panels/old/zeek_packet_loss.json.jinja | 2 +- salt/grafana/panels/row_redis.json.jinja | 2 +- .../grafana/panels/stenographer_pcap_retention_graph.json.jinja | 2 +- salt/grafana/panels/zeek_packet_loss_graph.json.jinja | 2 +- salt/grafana/panels/zeek_packet_loss_singlestat.json.jinja | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/salt/grafana/panels/old/pcap_retention.json.jinja b/salt/grafana/panels/old/pcap_retention.json.jinja index 3426fe245..6842c8a3c 100644 --- a/salt/grafana/panels/old/pcap_retention.json.jinja +++ b/salt/grafana/panels/old/pcap_retention.json.jinja @@ -20,7 +20,7 @@ "y": 15 }, "hiddenSeries": false, - "id": 22, + "id": 2201, "legend": { "avg": false, "current": false, diff --git a/salt/grafana/panels/old/suricata_packet_loss.json.jinja b/salt/grafana/panels/old/suricata_packet_loss.json.jinja index a854f1a34..155fb1204 100644 --- a/salt/grafana/panels/old/suricata_packet_loss.json.jinja +++ b/salt/grafana/panels/old/suricata_packet_loss.json.jinja @@ -20,7 +20,7 @@ "y": 0 }, "hiddenSeries": false, - "id": 21, + "id": 2125, "legend": { "avg": false, "current": false, diff --git a/salt/grafana/panels/old/zeek_packet_loss.json.jinja b/salt/grafana/panels/old/zeek_packet_loss.json.jinja index ac07f5eb2..9714c7eba 100644 --- a/salt/grafana/panels/old/zeek_packet_loss.json.jinja +++ b/salt/grafana/panels/old/zeek_packet_loss.json.jinja @@ -20,7 +20,7 @@ "y": 25 }, "hiddenSeries": false, - "id": 20, + "id": 2202, "legend": { "avg": false, "current": false, diff --git a/salt/grafana/panels/row_redis.json.jinja b/salt/grafana/panels/row_redis.json.jinja index 402283553..f0be53693 100644 --- a/salt/grafana/panels/row_redis.json.jinja +++ b/salt/grafana/panels/row_redis.json.jinja @@ -7,7 +7,7 @@ "w": {{ PANELS.row_redis.gridPos.w }}, "h": {{ PANELS.row_redis.gridPos.h }} }, - "id": 24242, + "id": 24812, "panels": [], "repeat": null, "title": "Redis", diff --git a/salt/grafana/panels/stenographer_pcap_retention_graph.json.jinja b/salt/grafana/panels/stenographer_pcap_retention_graph.json.jinja index 350ceefff..033794a64 100644 --- a/salt/grafana/panels/stenographer_pcap_retention_graph.json.jinja +++ b/salt/grafana/panels/stenographer_pcap_retention_graph.json.jinja @@ -20,7 +20,7 @@ "h": {{ PANELS.stenographer_pcap_retention_graph.gridPos.h }} }, "hiddenSeries": false, - "id": 22, + "id": 2239, "legend": { "avg": false, "current": false, diff --git a/salt/grafana/panels/zeek_packet_loss_graph.json.jinja b/salt/grafana/panels/zeek_packet_loss_graph.json.jinja index d0c3cc9f4..898cb2c85 100644 --- a/salt/grafana/panels/zeek_packet_loss_graph.json.jinja +++ b/salt/grafana/panels/zeek_packet_loss_graph.json.jinja @@ -20,7 +20,7 @@ "h": {{ PANELS.zeek_packet_loss_graph.gridPos.h }} }, "hiddenSeries": false, - "id": 20, + "id": 2022, "legend": { "avg": false, "current": false, diff --git a/salt/grafana/panels/zeek_packet_loss_singlestat.json.jinja b/salt/grafana/panels/zeek_packet_loss_singlestat.json.jinja index 095a15b3e..1b1fa2436 100644 --- a/salt/grafana/panels/zeek_packet_loss_singlestat.json.jinja +++ b/salt/grafana/panels/zeek_packet_loss_singlestat.json.jinja @@ -26,7 +26,7 @@ "h": {{ PANELS.zeek_packet_loss_singlestat.gridPos.h }} }, "height": "150", - "id": 21, + "id": 2123, "interval": null, "links": [], "mappingType": 1, From 40ddf5f49cb646d47af98f593380c97560185308 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 19 Jul 2021 16:30:02 -0400 Subject: [PATCH 114/266] fix cords --- salt/grafana/defaults.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 35cbbd536..a97b2be96 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -301,7 +301,7 @@ grafana: x: 12 y: 105 h: 8 - w: 1 + w: 12 elasticsearch_store_size_graph: gridPos: x: 0 @@ -380,7 +380,7 @@ grafana: w: 16 stenographer_pcap_retention_graph: gridPos: - x: 0 + x: 16 y: 149 h: 8 w: 8 From 522f2a3f9f6940a1b47b81edde4f09df82f1a94e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 19 Jul 2021 17:19:56 -0400 Subject: [PATCH 115/266] maxdatapoints and min interval --- .../panels/elasticsearch_field_data_cache_size_graph.json.jinja | 2 ++ salt/grafana/panels/elasticsearch_store_size_graph.json.jinja | 2 ++ salt/grafana/panels/elasticsearch_thread_count_graph.json.jinja | 2 ++ salt/grafana/panels/influxdb_db_size_graph.json.jinja | 2 ++ salt/grafana/panels/redis_queue_graph.json.jinja | 2 ++ salt/grafana/panels/stenographer_packet_loss_graph.json.jinja | 2 ++ .../grafana/panels/stenographer_pcap_retention_graph.json.jinja | 2 ++ salt/grafana/panels/suricata_packet_loss_graph.json.jinja | 2 ++ salt/grafana/panels/zeek_capture_loss_graph.json.jinja | 2 ++ salt/grafana/panels/zeek_packet_loss_graph.json.jinja | 2 ++ 10 files changed, 20 insertions(+) diff --git a/salt/grafana/panels/elasticsearch_field_data_cache_size_graph.json.jinja b/salt/grafana/panels/elasticsearch_field_data_cache_size_graph.json.jinja index 69c374fca..4f7b0a92d 100644 --- a/salt/grafana/panels/elasticsearch_field_data_cache_size_graph.json.jinja +++ b/salt/grafana/panels/elasticsearch_field_data_cache_size_graph.json.jinja @@ -1,6 +1,8 @@ { "aliasColors": {}, "bars": false, + "maxDataPoints": 750, + "interval": "30s", "dashLength": 10, "dashes": false, "datasource": "InfluxDB", diff --git a/salt/grafana/panels/elasticsearch_store_size_graph.json.jinja b/salt/grafana/panels/elasticsearch_store_size_graph.json.jinja index 59ee89df7..f12d1dc63 100644 --- a/salt/grafana/panels/elasticsearch_store_size_graph.json.jinja +++ b/salt/grafana/panels/elasticsearch_store_size_graph.json.jinja @@ -1,6 +1,8 @@ { "aliasColors": {}, "bars": false, + "maxDataPoints": 750, + "interval": "30s", "cacheTimeout": null, "dashLength": 10, "dashes": false, diff --git a/salt/grafana/panels/elasticsearch_thread_count_graph.json.jinja b/salt/grafana/panels/elasticsearch_thread_count_graph.json.jinja index 9602adc9e..843d5eba4 100644 --- a/salt/grafana/panels/elasticsearch_thread_count_graph.json.jinja +++ b/salt/grafana/panels/elasticsearch_thread_count_graph.json.jinja @@ -1,6 +1,8 @@ { "aliasColors": {}, "bars": false, + "maxDataPoints": 750, + "interval": "30s", "dashLength": 10, "dashes": false, "datasource": "InfluxDB", diff --git a/salt/grafana/panels/influxdb_db_size_graph.json.jinja b/salt/grafana/panels/influxdb_db_size_graph.json.jinja index 7c07525b7..95cdb90b5 100644 --- a/salt/grafana/panels/influxdb_db_size_graph.json.jinja +++ b/salt/grafana/panels/influxdb_db_size_graph.json.jinja @@ -1,6 +1,8 @@ { "aliasColors": {}, "bars": false, + "maxDataPoints": 750, + "interval": "30s", "dashLength": 10, "dashes": false, "datasource": "InfluxDB", diff --git a/salt/grafana/panels/redis_queue_graph.json.jinja b/salt/grafana/panels/redis_queue_graph.json.jinja index c246d11e7..8aeaf52ca 100644 --- a/salt/grafana/panels/redis_queue_graph.json.jinja +++ b/salt/grafana/panels/redis_queue_graph.json.jinja @@ -1,6 +1,8 @@ { "aliasColors": {}, "bars": false, + "maxDataPoints": 750, + "interval": "30s", "dashLength": 10, "dashes": false, "datasource": "InfluxDB", diff --git a/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja b/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja index d3d1f66d4..430813fae 100644 --- a/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja +++ b/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja @@ -1,6 +1,8 @@ { "aliasColors": {}, "bars": false, + "maxDataPoints": 750, + "interval": "30s", "cacheTimeout": null, "dashLength": 10, "dashes": false, diff --git a/salt/grafana/panels/stenographer_pcap_retention_graph.json.jinja b/salt/grafana/panels/stenographer_pcap_retention_graph.json.jinja index 033794a64..aa3e22146 100644 --- a/salt/grafana/panels/stenographer_pcap_retention_graph.json.jinja +++ b/salt/grafana/panels/stenographer_pcap_retention_graph.json.jinja @@ -1,6 +1,8 @@ { "aliasColors": {}, "bars": false, + "maxDataPoints": 750, + "interval": "30s", "cacheTimeout": null, "dashLength": 10, "dashes": false, diff --git a/salt/grafana/panels/suricata_packet_loss_graph.json.jinja b/salt/grafana/panels/suricata_packet_loss_graph.json.jinja index 5d75eede7..fec48ec10 100644 --- a/salt/grafana/panels/suricata_packet_loss_graph.json.jinja +++ b/salt/grafana/panels/suricata_packet_loss_graph.json.jinja @@ -1,6 +1,8 @@ { "aliasColors": {}, "bars": false, + "maxDataPoints": 750, + "interval": "30s", "cacheTimeout": null, "dashLength": 10, "dashes": false, diff --git a/salt/grafana/panels/zeek_capture_loss_graph.json.jinja b/salt/grafana/panels/zeek_capture_loss_graph.json.jinja index 9a3d24126..1e590ff6e 100644 --- a/salt/grafana/panels/zeek_capture_loss_graph.json.jinja +++ b/salt/grafana/panels/zeek_capture_loss_graph.json.jinja @@ -1,6 +1,8 @@ { "aliasColors": {}, "bars": false, + "maxDataPoints": 750, + "interval": "30s", "dashLength": 10, "dashes": false, "datasource": "InfluxDB", diff --git a/salt/grafana/panels/zeek_packet_loss_graph.json.jinja b/salt/grafana/panels/zeek_packet_loss_graph.json.jinja index 898cb2c85..6c2dc10f5 100644 --- a/salt/grafana/panels/zeek_packet_loss_graph.json.jinja +++ b/salt/grafana/panels/zeek_packet_loss_graph.json.jinja @@ -1,6 +1,8 @@ { "aliasColors": {}, "bars": false, + "maxDataPoints": 750, + "interval": "30s", "cacheTimeout": null, "dashLength": 10, "dashes": false, From 93ca00c7fe6caaa684dd0d8190176c23282ace74 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 19 Jul 2021 17:29:57 -0400 Subject: [PATCH 116/266] change min y --- salt/grafana/panels/stenographer_packet_loss_graph.json.jinja | 2 +- salt/grafana/panels/suricata_packet_loss_graph.json.jinja | 2 +- salt/grafana/panels/zeek_capture_loss_graph.json.jinja | 2 +- salt/grafana/panels/zeek_packet_loss_graph.json.jinja | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja b/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja index 430813fae..9a77303f7 100644 --- a/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja +++ b/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja @@ -172,7 +172,7 @@ "label": null, "logBase": 1, "max": null, - "min": null, + "min": 0, "show": true }, { diff --git a/salt/grafana/panels/suricata_packet_loss_graph.json.jinja b/salt/grafana/panels/suricata_packet_loss_graph.json.jinja index fec48ec10..0c29cacc0 100644 --- a/salt/grafana/panels/suricata_packet_loss_graph.json.jinja +++ b/salt/grafana/panels/suricata_packet_loss_graph.json.jinja @@ -183,7 +183,7 @@ "label": null, "logBase": 1, "max": null, - "min": null, + "min": 0, "show": true }, { diff --git a/salt/grafana/panels/zeek_capture_loss_graph.json.jinja b/salt/grafana/panels/zeek_capture_loss_graph.json.jinja index 1e590ff6e..e0400751c 100644 --- a/salt/grafana/panels/zeek_capture_loss_graph.json.jinja +++ b/salt/grafana/panels/zeek_capture_loss_graph.json.jinja @@ -168,7 +168,7 @@ "label": "", "logBase": 1, "max": null, - "min": null, + "min": 0, "show": true }, { diff --git a/salt/grafana/panels/zeek_packet_loss_graph.json.jinja b/salt/grafana/panels/zeek_packet_loss_graph.json.jinja index 6c2dc10f5..ca0218de8 100644 --- a/salt/grafana/panels/zeek_packet_loss_graph.json.jinja +++ b/salt/grafana/panels/zeek_packet_loss_graph.json.jinja @@ -184,7 +184,7 @@ "label": null, "logBase": 1, "max": null, - "min": null, + "min": 0, "show": true }, { From 0fb4500fcc4ae59d19a907ead7450472f5b127ae Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 19 Jul 2021 17:39:32 -0400 Subject: [PATCH 117/266] add legends --- ...csearch_field_data_cache_size_graph.json.jinja | 15 ++++++++++----- .../elasticsearch_store_size_graph.json.jinja | 11 ++++++++--- .../elasticsearch_thread_count_graph.json.jinja | 15 ++++++++++----- .../panels/influxdb_db_size_graph.json.jinja | 15 ++++++++++----- .../logstash_estimated_eps_graph.json.jinja | 15 ++++++++++----- salt/grafana/panels/redis_queue_graph.json.jinja | 15 ++++++++++----- .../stenographer_packet_loss_graph.json.jinja | 15 ++++++++++----- .../panels/suricata_packet_loss_graph.json.jinja | 15 ++++++++++----- .../panels/zeek_capture_loss_graph.json.jinja | 15 ++++++++++----- .../panels/zeek_packet_loss_graph.json.jinja | 15 ++++++++++----- 10 files changed, 98 insertions(+), 48 deletions(-) diff --git a/salt/grafana/panels/elasticsearch_field_data_cache_size_graph.json.jinja b/salt/grafana/panels/elasticsearch_field_data_cache_size_graph.json.jinja index 4f7b0a92d..aee84c813 100644 --- a/salt/grafana/panels/elasticsearch_field_data_cache_size_graph.json.jinja +++ b/salt/grafana/panels/elasticsearch_field_data_cache_size_graph.json.jinja @@ -23,13 +23,18 @@ "hiddenSeries": false, "id": 6363, "legend": { - "avg": false, - "current": false, - "max": false, + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "max": true, "min": false, - "show": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, "total": false, - "values": false + "values": true }, "lines": true, "linewidth": 1, diff --git a/salt/grafana/panels/elasticsearch_store_size_graph.json.jinja b/salt/grafana/panels/elasticsearch_store_size_graph.json.jinja index f12d1dc63..554809b5c 100644 --- a/salt/grafana/panels/elasticsearch_store_size_graph.json.jinja +++ b/salt/grafana/panels/elasticsearch_store_size_graph.json.jinja @@ -24,13 +24,18 @@ "hiddenSeries": false, "id": 63442, "legend": { + "alignAsTable": true, "avg": false, - "current": false, + "current": true, + "hideEmpty": true, "max": false, "min": false, - "show": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, "total": false, - "values": false + "values": true }, "lines": true, "linewidth": 1, diff --git a/salt/grafana/panels/elasticsearch_thread_count_graph.json.jinja b/salt/grafana/panels/elasticsearch_thread_count_graph.json.jinja index 843d5eba4..e1d8edd98 100644 --- a/salt/grafana/panels/elasticsearch_thread_count_graph.json.jinja +++ b/salt/grafana/panels/elasticsearch_thread_count_graph.json.jinja @@ -23,13 +23,18 @@ "hiddenSeries": false, "id": 56565, "legend": { - "avg": false, - "current": false, - "max": false, + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "max": true, "min": false, - "show": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, "total": false, - "values": false + "values": true }, "lines": true, "linewidth": 1, diff --git a/salt/grafana/panels/influxdb_db_size_graph.json.jinja b/salt/grafana/panels/influxdb_db_size_graph.json.jinja index 95cdb90b5..71d636fe9 100644 --- a/salt/grafana/panels/influxdb_db_size_graph.json.jinja +++ b/salt/grafana/panels/influxdb_db_size_graph.json.jinja @@ -23,13 +23,18 @@ "hiddenSeries": false, "id": 69, "legend": { - "avg": false, - "current": false, - "max": false, + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "max": true, "min": false, - "show": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, "total": false, - "values": false + "values": true }, "lines": true, "linewidth": 1, diff --git a/salt/grafana/panels/logstash_estimated_eps_graph.json.jinja b/salt/grafana/panels/logstash_estimated_eps_graph.json.jinja index 089a04ea1..452687683 100644 --- a/salt/grafana/panels/logstash_estimated_eps_graph.json.jinja +++ b/salt/grafana/panels/logstash_estimated_eps_graph.json.jinja @@ -22,13 +22,18 @@ "hiddenSeries": false, "id": 76, "legend": { - "avg": false, - "current": false, - "max": false, + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "max": true, "min": false, - "show": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, "total": false, - "values": false + "values": true }, "lines": true, "linewidth": 1, diff --git a/salt/grafana/panels/redis_queue_graph.json.jinja b/salt/grafana/panels/redis_queue_graph.json.jinja index 8aeaf52ca..1b1ca1e3a 100644 --- a/salt/grafana/panels/redis_queue_graph.json.jinja +++ b/salt/grafana/panels/redis_queue_graph.json.jinja @@ -24,13 +24,18 @@ "hiddenSeries": false, "id": 55, "legend": { - "avg": false, - "current": false, - "max": false, + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "max": true, "min": false, - "show": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, "total": false, - "values": false + "values": true }, "lines": true, "linewidth": 1, diff --git a/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja b/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja index 9a77303f7..53d539a4d 100644 --- a/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja +++ b/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja @@ -24,13 +24,18 @@ "hiddenSeries": false, "id": 19, "legend": { - "avg": false, - "current": false, - "max": false, + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "max": true, "min": false, - "show": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, "total": false, - "values": false + "values": true }, "lines": true, "linewidth": 1, diff --git a/salt/grafana/panels/suricata_packet_loss_graph.json.jinja b/salt/grafana/panels/suricata_packet_loss_graph.json.jinja index 0c29cacc0..42ba5fefb 100644 --- a/salt/grafana/panels/suricata_packet_loss_graph.json.jinja +++ b/salt/grafana/panels/suricata_packet_loss_graph.json.jinja @@ -24,13 +24,18 @@ "hiddenSeries": false, "id": 21, "legend": { - "avg": false, - "current": false, - "max": false, + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "max": true, "min": false, - "show": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, "total": false, - "values": false + "values": true }, "lines": true, "linewidth": 1, diff --git a/salt/grafana/panels/zeek_capture_loss_graph.json.jinja b/salt/grafana/panels/zeek_capture_loss_graph.json.jinja index e0400751c..7b791f4f6 100644 --- a/salt/grafana/panels/zeek_capture_loss_graph.json.jinja +++ b/salt/grafana/panels/zeek_capture_loss_graph.json.jinja @@ -23,13 +23,18 @@ "hiddenSeries": false, "id": 71, "legend": { - "avg": false, - "current": false, - "max": false, + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "max": true, "min": false, - "show": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, "total": false, - "values": false + "values": true }, "lines": true, "linewidth": 1, diff --git a/salt/grafana/panels/zeek_packet_loss_graph.json.jinja b/salt/grafana/panels/zeek_packet_loss_graph.json.jinja index ca0218de8..b8d9f67ef 100644 --- a/salt/grafana/panels/zeek_packet_loss_graph.json.jinja +++ b/salt/grafana/panels/zeek_packet_loss_graph.json.jinja @@ -24,13 +24,18 @@ "hiddenSeries": false, "id": 2022, "legend": { - "avg": false, - "current": false, - "max": false, + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "max": true, "min": false, - "show": false, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, "total": false, - "values": false + "values": true }, "lines": true, "linewidth": 1, From 3b9bc77ecc931824ab221c5867e2fa8e1e0e190e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 19 Jul 2021 17:51:43 -0400 Subject: [PATCH 118/266] remove scopedvars --- salt/grafana/panels/disk_io_bytes_graph.json.jinja | 8 +------- salt/grafana/panels/disk_io_requests_graph.json.jinja | 7 ------- salt/grafana/panels/disk_io_time_graph.json.jinja | 7 ------- 3 files changed, 1 insertion(+), 21 deletions(-) diff --git a/salt/grafana/panels/disk_io_bytes_graph.json.jinja b/salt/grafana/panels/disk_io_bytes_graph.json.jinja index f2efcf766..8fce4e386 100644 --- a/salt/grafana/panels/disk_io_bytes_graph.json.jinja +++ b/salt/grafana/panels/disk_io_bytes_graph.json.jinja @@ -53,13 +53,7 @@ "points": false, "renderer": "flot", "repeat": null, - "scopedVars": { - "disk": { - "selected": false, - "text": "sda", - "value": "sda" - } - }, + "seriesOverrides": [], "spaceLength": 10, "stack": false, diff --git a/salt/grafana/panels/disk_io_requests_graph.json.jinja b/salt/grafana/panels/disk_io_requests_graph.json.jinja index 7b30dbaab..1c2227fbd 100644 --- a/salt/grafana/panels/disk_io_requests_graph.json.jinja +++ b/salt/grafana/panels/disk_io_requests_graph.json.jinja @@ -53,13 +53,6 @@ "points": false, "renderer": "flot", "repeat": null, - "scopedVars": { - "disk": { - "selected": false, - "text": "sda", - "value": "sda" - } - }, "seriesOverrides": [], "spaceLength": 10, "stack": false, diff --git a/salt/grafana/panels/disk_io_time_graph.json.jinja b/salt/grafana/panels/disk_io_time_graph.json.jinja index b4ec0fe5f..0b0e00e42 100644 --- a/salt/grafana/panels/disk_io_time_graph.json.jinja +++ b/salt/grafana/panels/disk_io_time_graph.json.jinja @@ -53,13 +53,6 @@ "points": false, "renderer": "flot", "repeat": null, - "scopedVars": { - "disk": { - "selected": false, - "text": "sda", - "value": "sda" - } - }, "seriesOverrides": [], "spaceLength": 10, "stack": false, From fcc6802f8637fc189fccbac52f4303b0f8054c4d Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 20 Jul 2021 08:51:53 -0400 Subject: [PATCH 119/266] convert all singlestat to stat --- salt/grafana/defaults.yaml | 16 +-- salt/grafana/panels/io_wait_stat.json.jinja | 122 ++++++++++++++++ ... => load_average_5_minute_stat.json.jinja} | 8 +- ...gstash_estimated_eps_singlestat.json.jinja | 120 ---------------- .../logstash_estimated_eps_stat.json.jinja | 112 +++++++++++++++ ...monitor_interface_traffic_stat.json.jinja} | 133 +++++++++--------- .../panels/old/io_wait_singlestat.json.jinja | 132 ----------------- .../pcap_packet_loss_singlestat.json.jinja | 125 ---------------- .../pcap_retention_singlestat.json.jinja | 133 ------------------ .../panels/pcap_retention_stat.json.jinja | 112 +++++++++++++++ .../panels/redis_queue_stat.json.jinja | 94 +++++++++++++ .../stenographer_packet_loss_stat.json.jinja | 114 +++++++++++++++ ...suricata_packet_loss_singlestat.json.jinja | 131 ----------------- .../suricata_packet_loss_stat.json.jinja | 120 ++++++++++++++++ .../zeek_packet_loss_singlestat.json.jinja | 131 ----------------- .../panels/zeek_packet_loss_stat.json.jinja | 120 ++++++++++++++++ 16 files changed, 870 insertions(+), 853 deletions(-) create mode 100644 salt/grafana/panels/io_wait_stat.json.jinja rename salt/grafana/panels/{load_average_5_minute_singlestat.json.jinja => load_average_5_minute_stat.json.jinja} (88%) delete mode 100644 salt/grafana/panels/logstash_estimated_eps_singlestat.json.jinja create mode 100644 salt/grafana/panels/logstash_estimated_eps_stat.json.jinja rename salt/grafana/panels/{monitor_traffic_singlestat.json.jinja => monitor_interface_traffic_stat.json.jinja} (51%) delete mode 100644 salt/grafana/panels/old/io_wait_singlestat.json.jinja delete mode 100644 salt/grafana/panels/pcap_packet_loss_singlestat.json.jinja delete mode 100644 salt/grafana/panels/pcap_retention_singlestat.json.jinja create mode 100644 salt/grafana/panels/pcap_retention_stat.json.jinja create mode 100644 salt/grafana/panels/redis_queue_stat.json.jinja create mode 100644 salt/grafana/panels/stenographer_packet_loss_stat.json.jinja delete mode 100644 salt/grafana/panels/suricata_packet_loss_singlestat.json.jinja create mode 100644 salt/grafana/panels/suricata_packet_loss_stat.json.jinja delete mode 100644 salt/grafana/panels/zeek_packet_loss_singlestat.json.jinja create mode 100644 salt/grafana/panels/zeek_packet_loss_stat.json.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index a97b2be96..89d56f1a2 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -47,43 +47,43 @@ grafana: y: 1 h: 4 w: 4 - load_average_5_minute_singlestat: + load_average_5_minute_stat: gridPos: x: 4 y: 1 h: 4 w: 4 - zeek_packet_loss_singlestat: + zeek_packet_loss_stat: gridPos: x: 8 y: 1 h: 4 w: 4 - suricata_packet_loss_singlestat: + suricata_packet_loss_stat: gridPos: x: 12 y: 1 h: 4 w: 4 - pcap_packet_loss_singlestat: + stenographer_packet_loss_stat: gridPos: x: 16 y: 1 h: 4 w: 4 - logstash_estimated_eps_singlestat: + logstash_estimated_eps_stat: gridPos: x: 20 y: 1 h: 4 w: 4 - io_wait_singlestat: + io_wait_stat: gridPos: x: 0 y: 5 h: 4 w: 4 - monitor_traffic_singlestat: + monitor_interface_traffic_stat: gridPos: x: 4 y: 5 @@ -119,7 +119,7 @@ grafana: y: 5 h: 4 w: 2 - pcap_retention_singlestat: + pcap_retention_stat: gridPos: x: 18 y: 5 diff --git a/salt/grafana/panels/io_wait_stat.json.jinja b/salt/grafana/panels/io_wait_stat.json.jinja new file mode 100644 index 000000000..5b816bdfd --- /dev/null +++ b/salt/grafana/panels/io_wait_stat.json.jinja @@ -0,0 +1,122 @@ +{ + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-green", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 40 + }, + { + "color": "dark-red", + "value": 50 + } + ] + }, + "mappings": [ + { + "op": "=", + "text": "N/A", + "value": "null", + "$$hashKey": "object:1217", + "id": 0, + "type": 1 + } + ], + "unit": "percent", + "decimals": 2, + "color": { + "mode": "thresholds" + } + }, + "overrides": [] + }, + "gridPos": { + "x": {{ PANELS.io_wait_stat.gridPos.x }}, + "y": {{ PANELS.io_wait_stat.gridPos.y }}, + "w": {{ PANELS.io_wait_stat.gridPos.w }}, + "h": {{ PANELS.io_wait_stat.gridPos.h }} + }, + "id": 61867, + "links": [], + "maxDataPoints": 100, + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "cpu", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(\"usage_iowait\"), 1s) FROM \"cpu\" WHERE \"host\" =~ /^$servername$/ AND \"cpu\" = 'cpu-total' AND $timeFilter GROUP BY time($interval) fill(null)", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_iowait" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ], + "orderByTime": "ASC" + } + ], + "title": "IOWait", + "type": "stat", + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "last" + ], + "fields": "" + }, + "orientation": "horizontal", + "text": {}, + "textMode": "auto", + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto" + }, + "cacheTimeout": null, + "interval": null, + "pluginVersion": "7.5.4" +} diff --git a/salt/grafana/panels/load_average_5_minute_singlestat.json.jinja b/salt/grafana/panels/load_average_5_minute_stat.json.jinja similarity index 88% rename from salt/grafana/panels/load_average_5_minute_singlestat.json.jinja rename to salt/grafana/panels/load_average_5_minute_stat.json.jinja index 1b8f9ae80..c4a75c35b 100644 --- a/salt/grafana/panels/load_average_5_minute_singlestat.json.jinja +++ b/salt/grafana/panels/load_average_5_minute_stat.json.jinja @@ -37,10 +37,10 @@ "overrides": [] }, "gridPos": { - "x": {{ PANELS.load_average_5_minute_singlestat.gridPos.x }}, - "y": {{ PANELS.load_average_5_minute_singlestat.gridPos.y }}, - "w": {{ PANELS.load_average_5_minute_singlestat.gridPos.w }}, - "h": {{ PANELS.load_average_5_minute_singlestat.gridPos.h }} + "x": {{ PANELS.load_average_5_minute_stat.gridPos.x }}, + "y": {{ PANELS.load_average_5_minute_stat.gridPos.y }}, + "w": {{ PANELS.load_average_5_minute_stat.gridPos.w }}, + "h": {{ PANELS.load_average_5_minute_stat.gridPos.h }} }, "id": 61859, "links": [], diff --git a/salt/grafana/panels/logstash_estimated_eps_singlestat.json.jinja b/salt/grafana/panels/logstash_estimated_eps_singlestat.json.jinja deleted file mode 100644 index 7532e63dc..000000000 --- a/salt/grafana/panels/logstash_estimated_eps_singlestat.json.jinja +++ /dev/null @@ -1,120 +0,0 @@ -{ - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "InfluxDB", - "decimals": 0, - "editable": true, - "error": false, - "format": "short", - "gauge": {}, - "gridPos": { - "x": {{ PANELS.logstash_estimated_eps_singlestat.gridPos.x }}, - "y": {{ PANELS.logstash_estimated_eps_singlestat.gridPos.y }}, - "w": {{ PANELS.logstash_estimated_eps_singlestat.gridPos.w }}, - "h": {{ PANELS.logstash_estimated_eps_singlestat.gridPos.h }} - }, - "height": "150", - "id": 23, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "consumptioneps", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "eps" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": "", - "title": "Estimated EPS", - "type": "singlestat", - "valueFontSize": "100%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current", - "fieldConfig": { - "defaults": {}, - "overrides": [] - } -} diff --git a/salt/grafana/panels/logstash_estimated_eps_stat.json.jinja b/salt/grafana/panels/logstash_estimated_eps_stat.json.jinja new file mode 100644 index 000000000..49dc48a4a --- /dev/null +++ b/salt/grafana/panels/logstash_estimated_eps_stat.json.jinja @@ -0,0 +1,112 @@ +{ + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-red", + "value": null + }, + { + "value": 1, + "color": "dark-green" + } + ] + }, + "mappings": [ + { + "op": "=", + "text": "N/A", + "value": "null", + "$$hashKey": "object:730", + "id": 0, + "type": 1 + } + ], + "unit": "short", + "decimals": 0, + "color": { + "mode": "thresholds" + } + }, + "overrides": [] + }, + "gridPos": { + "x": {{ PANELS.logstash_estimated_eps_stat.gridPos.x }}, + "y": {{ PANELS.logstash_estimated_eps_stat.gridPos.y }}, + "w": {{ PANELS.logstash_estimated_eps_stat.gridPos.w }}, + "h": {{ PANELS.logstash_estimated_eps_stat.gridPos.h }} + }, + "id": 23, + "interval": "30s", + "links": [], + "maxDataPoints": 750, + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "consumptioneps", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "eps" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "title": "Estimated EPS", + "type": "stat", + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "last" + ], + "fields": "" + }, + "orientation": "horizontal", + "text": {}, + "textMode": "value", + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto" + }, + "cacheTimeout": null, + "pluginVersion": "7.5.4", + "timeFrom": null +} diff --git a/salt/grafana/panels/monitor_traffic_singlestat.json.jinja b/salt/grafana/panels/monitor_interface_traffic_stat.json.jinja similarity index 51% rename from salt/grafana/panels/monitor_traffic_singlestat.json.jinja rename to salt/grafana/panels/monitor_interface_traffic_stat.json.jinja index 704095b7d..4d1c9dcc8 100644 --- a/salt/grafana/panels/monitor_traffic_singlestat.json.jinja +++ b/salt/grafana/panels/monitor_interface_traffic_stat.json.jinja @@ -1,60 +1,51 @@ { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], "datasource": "InfluxDB", - "decimals": 2, - "editable": true, - "error": false, - "format": "bps", - "gauge": {}, - "gridPos": { - "x": {{ PANELS.monitor_traffic_singlestat.gridPos.x }}, - "y": {{ PANELS.monitor_traffic_singlestat.gridPos.y }}, - "w": {{ PANELS.monitor_traffic_singlestat.gridPos.w }}, - "h": {{ PANELS.monitor_traffic_singlestat.gridPos.h }} - }, - "height": "150", - "id": 24, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0.5 + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 3 + } + ] + }, + "mappings": [ + { + "op": "=", + "text": "N/A", + "value": "null", + "$$hashKey": "object:645", + "id": 0, + "type": 1 + } + ], + "unit": "bps", + "decimals": 2, + "color": { + "mode": "thresholds" + } }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true + "overrides": [] }, - "tableColumn": "", + "gridPos": { + "x": {{ PANELS.monitor_interface_traffic_stat.gridPos.x }}, + "y": {{ PANELS.monitor_interface_traffic_stat.gridPos.y }}, + "w": {{ PANELS.monitor_interface_traffic_stat.gridPos.w }}, + "h": {{ PANELS.monitor_interface_traffic_stat.gridPos.h }} + }, + "id": 24, + "links": [], + "maxDataPoints": 100, "targets": [ { "dsType": "influxdb", @@ -118,20 +109,24 @@ ] } ], - "thresholds": ".5,3,5", - "title": "Monitor Traffic", - "type": "singlestat", - "valueFontSize": "100%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current", - "fieldConfig": { - "defaults": {}, - "overrides": [] - } + "title": "Monitor Traffic - $monint", + "type": "stat", + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "lastNotNull" + ], + "fields": "" + }, + "orientation": "horizontal", + "text": {}, + "textMode": "value", + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto" + }, + "cacheTimeout": null, + "interval": null, + "pluginVersion": "7.5.4" } diff --git a/salt/grafana/panels/old/io_wait_singlestat.json.jinja b/salt/grafana/panels/old/io_wait_singlestat.json.jinja deleted file mode 100644 index 3e35d0d02..000000000 --- a/salt/grafana/panels/old/io_wait_singlestat.json.jinja +++ /dev/null @@ -1,132 +0,0 @@ -{ - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "InfluxDB", - "decimals": 2, - "editable": true, - "error": false, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "x": {{ PANELS.io_wait_singlestat.gridPos.x }}, - "y": {{ PANELS.io_wait_singlestat.gridPos.y }}, - "w": {{ PANELS.io_wait_singlestat.gridPos.w }}, - "h": {{ PANELS.io_wait_singlestat.gridPos.h }} - }, - "height": "150", - "id": 61867, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(\"usage_iowait\"), 1s) FROM \"cpu\" WHERE \"host\" =~ /^$servername$/ AND \"cpu\" = 'cpu-total' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": "30,40,50", - "title": "IOWait", - "type": "singlestat", - "valueFontSize": "100%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current", - "fieldConfig": { - "defaults": {}, - "overrides": [] - } -} diff --git a/salt/grafana/panels/pcap_packet_loss_singlestat.json.jinja b/salt/grafana/panels/pcap_packet_loss_singlestat.json.jinja deleted file mode 100644 index 8b1ada6c8..000000000 --- a/salt/grafana/panels/pcap_packet_loss_singlestat.json.jinja +++ /dev/null @@ -1,125 +0,0 @@ -{ - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "InfluxDB", - "decimals": 2, - "editable": true, - "error": false, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "x": {{ PANELS.pcap_packet_loss_singlestat.gridPos.x }}, - "y": {{ PANELS.pcap_packet_loss_singlestat.gridPos.y }}, - "w": {{ PANELS.pcap_packet_loss_singlestat.gridPos.w }}, - "h": {{ PANELS.pcap_packet_loss_singlestat.gridPos.h }} - }, - "height": "150", - "id": 22, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "stenodrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": ".5,3,5", - "title": "PCAP Packet Loss", - "type": "singlestat", - "valueFontSize": "100%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current", - "fieldConfig": { - "defaults": {}, - "overrides": [] - } -} diff --git a/salt/grafana/panels/pcap_retention_singlestat.json.jinja b/salt/grafana/panels/pcap_retention_singlestat.json.jinja deleted file mode 100644 index 1d8a1ef89..000000000 --- a/salt/grafana/panels/pcap_retention_singlestat.json.jinja +++ /dev/null @@ -1,133 +0,0 @@ -{ - "colorValue": true, - "colors": [ - "rgba(255, 255, 255, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "InfluxDB", - "editable": true, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "x": {{ PANELS.pcap_retention_singlestat.gridPos.x }}, - "y": {{ PANELS.pcap_retention_singlestat.gridPos.y }}, - "w": {{ PANELS.pcap_retention_singlestat.gridPos.w }}, - "h": {{ PANELS.pcap_retention_singlestat.gridPos.h }} - }, - "height": "150", - "id": 26, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "postfix": " days", - "postfixFontSize": "50%", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "pcapage", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "seconds" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "/86400" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ], - "orderByTime": "ASC" - } - ], - "thresholds": "", - "title": "PCAP Retention", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "cacheTimeout": null, - "colorBackground": false, - "decimals": 2, - "error": false, - "interval": null, - "nullText": null, - "postfix": "", - "prefix": "", - "tableColumn": "" -} diff --git a/salt/grafana/panels/pcap_retention_stat.json.jinja b/salt/grafana/panels/pcap_retention_stat.json.jinja new file mode 100644 index 000000000..1fa39dec2 --- /dev/null +++ b/salt/grafana/panels/pcap_retention_stat.json.jinja @@ -0,0 +1,112 @@ +{ + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [ + { + "op": "=", + "text": "N/A", + "value": "null", + "$$hashKey": "object:1382", + "id": 0, + "type": 1 + } + ], + "unit": "d", + "decimals": 2, + "color": { + "mode": "thresholds" + } + }, + "overrides": [] + }, + "gridPos": { + "x": {{ PANELS.pcap_retention_stat.gridPos.x }}, + "y": {{ PANELS.pcap_retention_stat.gridPos.y }}, + "w": {{ PANELS.pcap_retention_stat.gridPos.w }}, + "h": {{ PANELS.pcap_retention_stat.gridPos.h }} + }, + "id": 26, + "links": [], + "maxDataPoints": 100, + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "pcapage", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "seconds" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [ + "/86400" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "title": "PCAP Retention", + "type": "stat", + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "last" + ], + "fields": "" + }, + "orientation": "horizontal", + "text": {}, + "textMode": "value", + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto" + }, + "cacheTimeout": null, + "interval": null, + "pluginVersion": "7.5.4" +} diff --git a/salt/grafana/panels/redis_queue_stat.json.jinja b/salt/grafana/panels/redis_queue_stat.json.jinja new file mode 100644 index 000000000..631616e02 --- /dev/null +++ b/salt/grafana/panels/redis_queue_stat.json.jinja @@ -0,0 +1,94 @@ +{ + "type": "stat", + "title": "Redis Unparsed Queue", + "gridPos": { + "x": {{ PANELS.redis_queue_stat.gridPos.x }}, + "y": {{ PANELS.redis_queue_stat.gridPos.y }}, + "w": {{ PANELS.redis_queue_stat.gridPos.w }}, + "h": {{ PANELS.redis_queue_stat.gridPos.h }} + }, + "id": 68894, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "unparsed" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "measurement": "redisqueue" + } + ], + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "last" + ], + "fields": "" + }, + "orientation": "auto", + "text": {}, + "textMode": "auto", + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto" + }, + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "mappings": [], + "color": { + "mode": "thresholds" + }, + "unit": "short" + }, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "datasource": "InfluxDB", + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/stenographer_packet_loss_stat.json.jinja b/salt/grafana/panels/stenographer_packet_loss_stat.json.jinja new file mode 100644 index 000000000..0a4770c4b --- /dev/null +++ b/salt/grafana/panels/stenographer_packet_loss_stat.json.jinja @@ -0,0 +1,114 @@ +{ + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-green", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 1 + }, + { + "color": "dark-red", + "value": 5 + } + ] + }, + "mappings": [ + { + "op": "=", + "text": "N/A", + "value": "null", + "$$hashKey": "object:1120", + "id": 0, + "type": 1 + } + ], + "unit": "percent", + "decimals": 2, + "color": { + "mode": "thresholds" + } + }, + "overrides": [] + }, + "gridPos": { + "x": {{ PANELS.stenographer_packet_loss_stat.gridPos.x }}, + "y": {{ PANELS.stenographer_packet_loss_stat.gridPos.y }}, + "w": {{ PANELS.stenographer_packet_loss_stat.gridPos.w }}, + "h": {{ PANELS.stenographer_packet_loss_stat.gridPos.h }} + }, + "id": 22, + "links": [], + "maxDataPoints": 100, + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "stenodrop", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "drop" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "title": "Stenographer Packet Loss", + "type": "stat", + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "last" + ], + "fields": "" + }, + "orientation": "horizontal", + "text": {}, + "textMode": "auto", + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto" + }, + "cacheTimeout": null, + "interval": null, + "pluginVersion": "7.5.4" +} diff --git a/salt/grafana/panels/suricata_packet_loss_singlestat.json.jinja b/salt/grafana/panels/suricata_packet_loss_singlestat.json.jinja deleted file mode 100644 index fa68557e4..000000000 --- a/salt/grafana/panels/suricata_packet_loss_singlestat.json.jinja +++ /dev/null @@ -1,131 +0,0 @@ -{ - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "InfluxDB", - "decimals": 2, - "editable": true, - "error": false, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "x": {{ PANELS.suricata_packet_loss_singlestat.gridPos.x }}, - "y": {{ PANELS.suricata_packet_loss_singlestat.gridPos.y }}, - "w": {{ PANELS.suricata_packet_loss_singlestat.gridPos.w }}, - "h": {{ PANELS.suricata_packet_loss_singlestat.gridPos.h }} - }, - "height": "150", - "id": 20, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "suridrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": ".5,3,5", - "title": "Suricata Packet Loss", - "type": "singlestat", - "valueFontSize": "100%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current", - "fieldConfig": { - "defaults": {}, - "overrides": [] - } -} diff --git a/salt/grafana/panels/suricata_packet_loss_stat.json.jinja b/salt/grafana/panels/suricata_packet_loss_stat.json.jinja new file mode 100644 index 000000000..cd17c1c36 --- /dev/null +++ b/salt/grafana/panels/suricata_packet_loss_stat.json.jinja @@ -0,0 +1,120 @@ +{ + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-green", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 1 + }, + { + "color": "dark-red", + "value": 5 + } + ] + }, + "mappings": [ + { + "op": "=", + "text": "N/A", + "value": "null", + "$$hashKey": "object:949", + "id": 0, + "type": 1 + } + ], + "unit": "percent", + "decimals": 2, + "color": { + "mode": "thresholds" + } + }, + "overrides": [] + }, + "gridPos": { + "x": {{ PANELS.suricata_packet_loss_stat.gridPos.x }}, + "y": {{ PANELS.suricata_packet_loss_stat.gridPos.y }}, + "w": {{ PANELS.suricata_packet_loss_stat.gridPos.w }}, + "h": {{ PANELS.suricata_packet_loss_stat.gridPos.h }} + }, + "id": 20, + "links": [], + "maxDataPoints": 100, + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "suridrop", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "drop" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [ + "* 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "title": "Suricata Packet Loss", + "type": "stat", + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "last" + ], + "fields": "" + }, + "orientation": "horizontal", + "text": {}, + "textMode": "auto", + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto" + }, + "pluginVersion": "7.5.4", + "cacheTimeout": null, + "interval": null +} diff --git a/salt/grafana/panels/zeek_packet_loss_singlestat.json.jinja b/salt/grafana/panels/zeek_packet_loss_singlestat.json.jinja deleted file mode 100644 index 1b1fa2436..000000000 --- a/salt/grafana/panels/zeek_packet_loss_singlestat.json.jinja +++ /dev/null @@ -1,131 +0,0 @@ -{ - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "InfluxDB", - "decimals": 2, - "editable": true, - "error": false, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "x": {{ PANELS.zeek_packet_loss_singlestat.gridPos.x }}, - "y": {{ PANELS.zeek_packet_loss_singlestat.gridPos.y }}, - "w": {{ PANELS.zeek_packet_loss_singlestat.gridPos.w }}, - "h": {{ PANELS.zeek_packet_loss_singlestat.gridPos.h }} - }, - "height": "150", - "id": 2123, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "zeekdrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": ".5,3,5", - "title": "Zeek Packet Loss", - "type": "singlestat", - "valueFontSize": "100%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current", - "fieldConfig": { - "defaults": {}, - "overrides": [] - } -} diff --git a/salt/grafana/panels/zeek_packet_loss_stat.json.jinja b/salt/grafana/panels/zeek_packet_loss_stat.json.jinja new file mode 100644 index 000000000..e508485c7 --- /dev/null +++ b/salt/grafana/panels/zeek_packet_loss_stat.json.jinja @@ -0,0 +1,120 @@ +{ + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-green", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 1 + }, + { + "color": "dark-red", + "value": 5 + } + ] + }, + "mappings": [ + { + "op": "=", + "text": "N/A", + "value": "null", + "$$hashKey": "object:818", + "id": 0, + "type": 1 + } + ], + "unit": "percent", + "decimals": 2, + "color": { + "mode": "thresholds" + } + }, + "overrides": [] + }, + "gridPos": { + "x": {{ PANELS.zeek_packet_loss_stat.gridPos.x }}, + "y": {{ PANELS.zeek_packet_loss_stat.gridPos.y }}, + "w": {{ PANELS.zeek_packet_loss_stat.gridPos.w }}, + "h": {{ PANELS.zeek_packet_loss_stat.gridPos.h }} + }, + "id": 2123, + "links": [], + "maxDataPoints": 100, + "targets": [ + { + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "zeekdrop", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "drop" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + }, + { + "params": [ + "* 100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + } + ] + } + ], + "title": "Zeek Packet Loss", + "type": "stat", + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "last" + ], + "fields": "" + }, + "orientation": "horizontal", + "text": {}, + "textMode": "value", + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto" + }, + "pluginVersion": "7.5.4", + "cacheTimeout": null, + "interval": null +} From 90f6bad6ce4c7736f7164dcafbd370a290a1eab6 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 20 Jul 2021 08:54:39 -0400 Subject: [PATCH 120/266] panel title change --- salt/grafana/panels/swap_usage_bytes_graph.json.jinja | 2 +- salt/grafana/panels/system_uptime.json.jinja | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/grafana/panels/swap_usage_bytes_graph.json.jinja b/salt/grafana/panels/swap_usage_bytes_graph.json.jinja index 303095ef9..4986b72a5 100644 --- a/salt/grafana/panels/swap_usage_bytes_graph.json.jinja +++ b/salt/grafana/panels/swap_usage_bytes_graph.json.jinja @@ -1,6 +1,6 @@ { "type": "graph", - "title": "Swap Usage - bytes", + "title": "Swap Usage", "gridPos": { "x": {{ PANELS.swap_usage_bytes_graph.gridPos.x }}, "y": {{ PANELS.swap_usage_bytes_graph.gridPos.y }}, diff --git a/salt/grafana/panels/system_uptime.json.jinja b/salt/grafana/panels/system_uptime.json.jinja index a90004ff8..fc2cb69ac 100644 --- a/salt/grafana/panels/system_uptime.json.jinja +++ b/salt/grafana/panels/system_uptime.json.jinja @@ -86,6 +86,6 @@ ], "timeFrom": null, "timeShift": null, - "title": "$servername - System Uptime", + "title": "System Uptime", "type": "stat" } From d8910a009775fd76767614c9865000d1ff3a9b8b Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 20 Jul 2021 09:22:43 -0400 Subject: [PATCH 121/266] add redis queue to overview, reposition overview panels --- salt/grafana/defaults.yaml | 92 ++++++++++++++++++++------------------ 1 file changed, 49 insertions(+), 43 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 89d56f1a2..fdb094836 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -53,78 +53,85 @@ grafana: y: 1 h: 4 w: 4 - zeek_packet_loss_stat: - gridPos: - x: 8 - y: 1 - h: 4 - w: 4 - suricata_packet_loss_stat: - gridPos: - x: 12 - y: 1 - h: 4 - w: 4 - stenographer_packet_loss_stat: - gridPos: - x: 16 - y: 1 - h: 4 - w: 4 - logstash_estimated_eps_stat: - gridPos: - x: 20 - y: 1 - h: 4 - w: 4 - io_wait_stat: - gridPos: - x: 0 - y: 5 - h: 4 - w: 4 - monitor_interface_traffic_stat: - gridPos: - x: 4 - y: 5 - h: 4 - w: 4 + cpu_usage_guage: gridPos: x: 8 - y: 5 + y: 1 h: 4 w: 2 ram_usage_guage: gridPos: x: 10 - y: 5 + y: 1 h: 4 w: 2 swap_usage_guage: gridPos: x: 12 - y: 5 + y: 1 h: 4 w: 2 rootfs_used_guage: gridPos: x: 14 - y: 5 + y: 1 h: 4 w: 2 nsm_used_guage: gridPos: x: 16 - y: 5 + y: 1 h: 4 w: 2 pcap_retention_stat: gridPos: x: 18 - y: 5 + y: 1 h: 4 w: 2 + io_wait_stat: + gridPos: + x: 20 + y: 1 + h: 4 + w: 4 + logstash_estimated_eps_stat: + gridPos: + x: 0 + y: 5 + h: 4 + w: 4 + redis_queue_stat: + gridPos: + x: 4 + y: 5 + h: 4 + w: 4 + monitor_interface_traffic_stat: + gridPos: + x: 8 + y: 5 + h: 4 + w: 4 + zeek_packet_loss_stat: + gridPos: + x: 12 + y: 5 + h: 4 + w: 4 + suricata_packet_loss_stat: + gridPos: + x: 16 + y: 5 + h: 4 + w: 4 + stenographer_packet_loss_stat: + gridPos: + x: 20 + y: 5 + h: 4 + w: 4 row_cpu: gridPos: @@ -183,7 +190,6 @@ grafana: h: 8 w: 12 - row_network: gridPos: x: 0 From 458350e1a836f6efde6cac97137fd601b15980aa Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 20 Jul 2021 09:45:28 -0400 Subject: [PATCH 122/266] new redis queue stat panel, change to lastnotnull --- salt/grafana/panels/io_wait_stat.json.jinja | 2 +- .../logstash_estimated_eps_stat.json.jinja | 2 +- .../panels/pcap_retention_stat.json.jinja | 2 +- .../panels/redis_queue_stat.json.jinja | 143 +++++++++--------- .../stenographer_packet_loss_stat.json.jinja | 2 +- .../suricata_packet_loss_stat.json.jinja | 2 +- .../panels/zeek_packet_loss_stat.json.jinja | 2 +- 7 files changed, 78 insertions(+), 77 deletions(-) diff --git a/salt/grafana/panels/io_wait_stat.json.jinja b/salt/grafana/panels/io_wait_stat.json.jinja index 5b816bdfd..baaf462d8 100644 --- a/salt/grafana/panels/io_wait_stat.json.jinja +++ b/salt/grafana/panels/io_wait_stat.json.jinja @@ -105,7 +105,7 @@ "reduceOptions": { "values": false, "calcs": [ - "last" + "lastNotNull" ], "fields": "" }, diff --git a/salt/grafana/panels/logstash_estimated_eps_stat.json.jinja b/salt/grafana/panels/logstash_estimated_eps_stat.json.jinja index 49dc48a4a..c983521a4 100644 --- a/salt/grafana/panels/logstash_estimated_eps_stat.json.jinja +++ b/salt/grafana/panels/logstash_estimated_eps_stat.json.jinja @@ -95,7 +95,7 @@ "reduceOptions": { "values": false, "calcs": [ - "last" + "lastNotNull" ], "fields": "" }, diff --git a/salt/grafana/panels/pcap_retention_stat.json.jinja b/salt/grafana/panels/pcap_retention_stat.json.jinja index 1fa39dec2..29b81902d 100644 --- a/salt/grafana/panels/pcap_retention_stat.json.jinja +++ b/salt/grafana/panels/pcap_retention_stat.json.jinja @@ -95,7 +95,7 @@ "reduceOptions": { "values": false, "calcs": [ - "last" + "lastNotNull" ], "fields": "" }, diff --git a/salt/grafana/panels/redis_queue_stat.json.jinja b/salt/grafana/panels/redis_queue_stat.json.jinja index 631616e02..b0b3d8946 100644 --- a/salt/grafana/panels/redis_queue_stat.json.jinja +++ b/salt/grafana/panels/redis_queue_stat.json.jinja @@ -1,73 +1,5 @@ { - "type": "stat", - "title": "Redis Unparsed Queue", - "gridPos": { - "x": {{ PANELS.redis_queue_stat.gridPos.x }}, - "y": {{ PANELS.redis_queue_stat.gridPos.y }}, - "w": {{ PANELS.redis_queue_stat.gridPos.w }}, - "h": {{ PANELS.redis_queue_stat.gridPos.h }} - }, - "id": 68894, - "targets": [ - { - "refId": "A", - "queryType": "randomWalk", - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "unparsed" - ] - }, - { - "type": "mean", - "params": [] - } - ] - ], - "measurement": "redisqueue" - } - ], - "options": { - "reduceOptions": { - "values": false, - "calcs": [ - "last" - ], - "fields": "" - }, - "orientation": "auto", - "text": {}, - "textMode": "auto", - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto" - }, + "datasource": "InfluxDB", "fieldConfig": { "defaults": { "thresholds": { @@ -87,8 +19,77 @@ }, "overrides": [] }, + "gridPos": { + "x": {{ PANELS.redis_queue_stat.gridPos.x }}, + "y": {{ PANELS.redis_queue_stat.gridPos.y }}, + "w": {{ PANELS.redis_queue_stat.gridPos.w }}, + "h": {{ PANELS.redis_queue_stat.gridPos.h }} + }, + "id": 68894, + "options": { + "reduceOptions": { + "values": false, + "calcs": [ + "lastNotNull" + ], + "fields": "" + }, + "orientation": "auto", + "text": {}, + "textMode": "auto", + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto" + }, "pluginVersion": "7.5.4", - "datasource": "InfluxDB", + "targets": [ + { + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "redisqueue", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "type": "field", + "params": [ + "unparsed" + ] + }, + { + "type": "last", + "params": [] + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + } + ] + } + ], + "title": "Redis Unparsed Queue", + "type": "stat", "timeFrom": null, - "timeShift": null + "timeShift": null, + "interval": "30s" } diff --git a/salt/grafana/panels/stenographer_packet_loss_stat.json.jinja b/salt/grafana/panels/stenographer_packet_loss_stat.json.jinja index 0a4770c4b..863772fcd 100644 --- a/salt/grafana/panels/stenographer_packet_loss_stat.json.jinja +++ b/salt/grafana/panels/stenographer_packet_loss_stat.json.jinja @@ -97,7 +97,7 @@ "reduceOptions": { "values": false, "calcs": [ - "last" + "lastNotNull" ], "fields": "" }, diff --git a/salt/grafana/panels/suricata_packet_loss_stat.json.jinja b/salt/grafana/panels/suricata_packet_loss_stat.json.jinja index cd17c1c36..87a3f48e5 100644 --- a/salt/grafana/panels/suricata_packet_loss_stat.json.jinja +++ b/salt/grafana/panels/suricata_packet_loss_stat.json.jinja @@ -103,7 +103,7 @@ "reduceOptions": { "values": false, "calcs": [ - "last" + "lastNotNull" ], "fields": "" }, diff --git a/salt/grafana/panels/zeek_packet_loss_stat.json.jinja b/salt/grafana/panels/zeek_packet_loss_stat.json.jinja index e508485c7..9d43f5a76 100644 --- a/salt/grafana/panels/zeek_packet_loss_stat.json.jinja +++ b/salt/grafana/panels/zeek_packet_loss_stat.json.jinja @@ -103,7 +103,7 @@ "reduceOptions": { "values": false, "calcs": [ - "last" + "lastNotNull" ], "fields": "" }, From 258d303e7ffbfd9fb88ec0ce899b86187ef4883d Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 20 Jul 2021 10:43:00 -0400 Subject: [PATCH 123/266] change how dashboards are deployed --- .../dashboards/common_template.json.jinja | 6 +-- salt/grafana/defaults.yaml | 2 + salt/grafana/etc/dashboards/dashboard.yml | 48 +++---------------- salt/grafana/init.sls | 18 +++++-- 4 files changed, 25 insertions(+), 49 deletions(-) diff --git a/salt/grafana/dashboards/common_template.json.jinja b/salt/grafana/dashboards/common_template.json.jinja index 2f77372dc..b3f51fd87 100644 --- a/salt/grafana/dashboards/common_template.json.jinja +++ b/salt/grafana/dashboards/common_template.json.jinja @@ -12,11 +12,11 @@ } ] }, - "description": "MY DASHBOARD DESCRIPTION", + "description": "Detailed {{nodeType}}", "editable": true, "gnetId": null, "graphTooltip": 0, - "id": 7, + "id": {{ ID }}, "iteration": 1625757047565, "links": [], "panels": [ @@ -53,7 +53,7 @@ ] }, "timezone": "browser", - "title": "MY DASHBOARD NAME - Standalone", + "title": "Detailed {{ nodeType }}", "uid": "{{ UID }}", "version": 1 } diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index fdb094836..e145251e1 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -403,3 +403,5 @@ grafana: y: 158 h: 8 w: 24 + + \ No newline at end of file diff --git a/salt/grafana/etc/dashboards/dashboard.yml b/salt/grafana/etc/dashboards/dashboard.yml index b00dadc04..3820527e8 100644 --- a/salt/grafana/etc/dashboards/dashboard.yml +++ b/salt/grafana/etc/dashboards/dashboard.yml @@ -1,55 +1,19 @@ apiVersion: 1 providers: - -{%- if grains['role'] != 'so-eval' %} -- name: 'Manager' - folder: 'Manager' +- name: 'Detailed Dashboards' + folder: 'Detailed Dashboards' type: file disableDeletion: false editable: true allowUiUpdates: true options: - path: /etc/grafana/grafana_dashboards/manager -- name: 'Manager Search' - folder: 'Manager Search' + path: /etc/grafana/grafana_dashboards/detailed +- name: 'Overview Dashboards' + folder: 'Overview Dashboards' type: file disableDeletion: false editable: true allowUiUpdates: true options: - path: /etc/grafana/grafana_dashboards/managersearch -- name: 'Sensor Nodes' - folder: 'Sensor Nodes' - type: file - disableDeletion: false - editable: true - allowUiUpdates: true - options: - path: /etc/grafana/grafana_dashboards/sensor_nodes -- name: 'Search Nodes' - folder: 'Search Nodes' - type: file - disableDeletion: false - editable: true - allowUiUpdates: true - options: - path: /etc/grafana/grafana_dashboards/search_nodes -- name: 'Standalone' - folder: 'Standalone' - type: file - disableDeletion: false - editable: true - allowUiUpdates: true - options: - path: /etc/grafana/grafana_dashboards/standalone -{%- else %} -- name: 'Security Onion' - folder: 'Eval Mode' - type: file - disableDeletion: false - editable: true - allowUiUpdates: true - options: - path: /etc/grafana/grafana_dashboards/eval -{% endif %} + path: /etc/grafana/grafana_dashboards/overview diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 777b7ca6d..39f9d8f13 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -10,6 +10,12 @@ {% import_yaml 'grafana/defaults.yaml' as default_settings %} {% set GRAFANA_SETTINGS = salt['grains.filter_by'](default_settings, default='grafana', merge=salt['pillar.get']('grafana', {})) %} +{% if grains.role == 'so-eval' %} + {% set nodeTypes = ['eval'] %} +{% else %} + {#% set nodeTypes = ['standalone', 'manager', 'managersearch', 'sensortab', 'searchnode'] %#} + {% set nodeTypes = ['standalone'] %} +{% endif %} {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] or (grains.role == 'so-eval' and GRAFANA == 1) %} @@ -114,18 +120,22 @@ grafana-config-files: - group: 939 - source: salt://grafana/etc/files - makedirs: True - + +{% for nodeType in nodeTypes %} common-standalone-dashboard: file.managed: - - name: /opt/so/conf/grafana/grafana_dashboards/standalone/common_standalone.json + - name: /opt/so/conf/grafana/grafana_dashboards/detailed/{{nodeType}}.json - user: 939 - group: 939 - template: jinja - source: salt://grafana/dashboards/common_template.json.jinja - defaults: UID: so_overview - PANELS: {{GRAFANA_SETTINGS.dashboards.standalone.panels}} - TEMPLATES: {{GRAFANA_SETTINGS.dashboards.standalone.templating.list}} + PANELS: {{GRAFANA_SETTINGS.dashboards.{{nodeType}}.panels}} + TEMPLATES: {{GRAFANA_SETTINGS.dashboards.{{nodeType}}.templating.list}} + NODETYPE: {{ nodeType | capitalize }} + ID: {{ loop.index }} +{% endfor %} so-grafana: docker_container.running: From 87ae14d11cdb8f21ba4be9118a8ee7cf2a3f79b1 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 20 Jul 2021 10:44:32 -0400 Subject: [PATCH 124/266] fix jinja --- salt/grafana/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 39f9d8f13..bc245eae1 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -131,8 +131,8 @@ common-standalone-dashboard: - source: salt://grafana/dashboards/common_template.json.jinja - defaults: UID: so_overview - PANELS: {{GRAFANA_SETTINGS.dashboards.{{nodeType}}.panels}} - TEMPLATES: {{GRAFANA_SETTINGS.dashboards.{{nodeType}}.templating.list}} + PANELS: {{GRAFANA_SETTINGS.dashboards.nodeType.panels}} + TEMPLATES: {{GRAFANA_SETTINGS.dashboards.nodeType.templating.list}} NODETYPE: {{ nodeType | capitalize }} ID: {{ loop.index }} {% endfor %} From 3c4c52567dfb0c105d4a0cac5ba9ef1477098267 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 20 Jul 2021 10:46:41 -0400 Subject: [PATCH 125/266] fix jinja --- salt/grafana/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index bc245eae1..bcf89d119 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -131,8 +131,8 @@ common-standalone-dashboard: - source: salt://grafana/dashboards/common_template.json.jinja - defaults: UID: so_overview - PANELS: {{GRAFANA_SETTINGS.dashboards.nodeType.panels}} - TEMPLATES: {{GRAFANA_SETTINGS.dashboards.nodeType.templating.list}} + PANELS: {{GRAFANA_SETTINGS.dashboards[nodeType].panels}} + TEMPLATES: {{GRAFANA_SETTINGS.dashboards[nodeType]templating.list}} NODETYPE: {{ nodeType | capitalize }} ID: {{ loop.index }} {% endfor %} From 1bed818a8ebc0b5848fabe6ce3d75323ae297f97 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 20 Jul 2021 10:47:10 -0400 Subject: [PATCH 126/266] fix jinja --- salt/grafana/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index bcf89d119..0de0c5125 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -132,7 +132,7 @@ common-standalone-dashboard: - defaults: UID: so_overview PANELS: {{GRAFANA_SETTINGS.dashboards[nodeType].panels}} - TEMPLATES: {{GRAFANA_SETTINGS.dashboards[nodeType]templating.list}} + TEMPLATES: {{GRAFANA_SETTINGS.dashboards[nodeType].templating.list}} NODETYPE: {{ nodeType | capitalize }} ID: {{ loop.index }} {% endfor %} From 24efdec9ea600d4502564d1fee6ffb579b8d60ee Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 20 Jul 2021 10:48:46 -0400 Subject: [PATCH 127/266] cap the var --- salt/grafana/dashboards/common_template.json.jinja | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/grafana/dashboards/common_template.json.jinja b/salt/grafana/dashboards/common_template.json.jinja index b3f51fd87..9893a8852 100644 --- a/salt/grafana/dashboards/common_template.json.jinja +++ b/salt/grafana/dashboards/common_template.json.jinja @@ -12,7 +12,7 @@ } ] }, - "description": "Detailed {{nodeType}}", + "description": "Detailed {{NODETYPE}}", "editable": true, "gnetId": null, "graphTooltip": 0, @@ -53,7 +53,7 @@ ] }, "timezone": "browser", - "title": "Detailed {{ nodeType }}", + "title": "Detailed {{ NODETYPE }}", "uid": "{{ UID }}", "version": 1 } From d0b3cd5f66ff7ad9000479fd8c7f473d14fd0e73 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 20 Jul 2021 10:50:40 -0400 Subject: [PATCH 128/266] add the detailed dash dir --- salt/grafana/init.sls | 39 ++------------------------------------- 1 file changed, 2 insertions(+), 37 deletions(-) diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 0de0c5125..3350b5b48 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -41,44 +41,9 @@ grafanadashdir: - group: 939 - makedirs: True -grafanadashmdir: +detailed-dash-dir: file.directory: - - name: /opt/so/conf/grafana/grafana_dashboards/manager - - user: 939 - - group: 939 - - makedirs: True - -grafanadashmsdir: - file.directory: - - name: /opt/so/conf/grafana/grafana_dashboards/managersearch - - user: 939 - - group: 939 - - makedirs: True - -grafanadashsadir: - file.directory: - - name: /opt/so/conf/grafana/grafana_dashboards/standalone - - user: 939 - - group: 939 - - makedirs: True - -grafanadashevaldir: - file.directory: - - name: /opt/so/conf/grafana/grafana_dashboards/eval - - user: 939 - - group: 939 - - makedirs: True - -grafanadashfndir: - file.directory: - - name: /opt/so/conf/grafana/grafana_dashboards/sensor_nodes - - user: 939 - - group: 939 - - makedirs: True - -grafanadashsndir: - file.directory: - - name: /opt/so/conf/grafana/grafana_dashboards/search_nodes + - name: /opt/so/conf/grafana/grafana_dashboards/detailed - user: 939 - group: 939 - makedirs: True From b0c5a352c17064d285cfb80547343a19d181c1a2 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 20 Jul 2021 10:53:47 -0400 Subject: [PATCH 129/266] remove old panaels --- .../panels/old/cpu_usage_idle.json.jinja | 212 ----- .../panels/old/cpu_usage_tasks.json.jinja | 741 ------------------ salt/grafana/panels/old/disk_io.json.jinja | 296 ------- .../panels/old/disk_used_nsm.json.jinja | 194 ----- .../panels/old/disk_used_root.json.jinja | 194 ----- .../old/elasticsearch_cpu_usage.json.jinja | 212 ----- .../elasticsearch_documents_count.json.jinja | 123 --- ...ticsearch_field_data_cache_size.json.jinja | 184 ----- .../old/elasticsearch_store_size.json.jinja | 188 ----- .../old/elasticsearch_thread_count.json.jinja | 185 ----- .../panels/old/estimated_eps.json.jinja | 185 ----- .../old/estimated_eps_singlestat.json.jinja | 120 --- .../panels/old/influxdb_cpu_usage.json.jinja | 209 ----- .../panels/old/influxdb_size.json.jinja | 184 ----- .../panels/old/influxdb_traffic.json.jinja | 345 -------- salt/grafana/panels/old/io_wait.json.jinja | 185 ----- .../panels/old/kibana_cpu_usage.json.jinja | 209 ----- .../panels/old/load_average.json.jinja | 466 ----------- .../panels/old/logstash_cpu_usage.json.jinja | 209 ----- .../panels/old/logstash_traffic.json.jinja | 344 -------- .../panels/old/management_traffic.json.jinja | 365 --------- .../old/memory_usage_current.json.jinja | 146 ---- .../grafana/panels/old/memory_used.json.jinja | 271 ------- .../panels/old/monitor_traffic.json.jinja | 236 ------ .../panels/old/pcap_packet_loss.json.jinja | 189 ----- .../panels/old/pcap_retention.json.jinja | 189 ----- .../panels/old/processes_states.json.jinja | 374 --------- .../panels/old/proxy_traffic.json.jinja | 344 -------- .../panels/old/redis_cpu_usage.json.jinja | 213 ----- .../panels/old/redis_memory_usage.json.jinja | 197 ----- .../grafana/panels/old/redis_queue.json.jinja | 185 ----- .../old/stenographer_cpu_usage.json.jinja | 213 ----- .../old/stenographer_memory_usage.json.jinja | 201 ----- .../panels/old/suricata_cpu_usage.json.jinja | 212 ----- .../old/suricata_memory_usage.json.jinja | 200 ----- .../old/suricata_packet_loss.json.jinja | 200 ----- .../panels/old/total_threads.json.jinja | 192 ----- .../panels/old/zeek_capture_loss.json.jinja | 185 ----- .../panels/old/zeek_cpu_usage.json.jinja | 212 ----- .../panels/old/zeek_memory_usage.json.jinja | 200 ----- .../panels/old/zeek_packet_loss.json.jinja | 201 ----- .../old/zeek_restarts_healthcheck.json.jinja | 93 --- 42 files changed, 9803 deletions(-) delete mode 100644 salt/grafana/panels/old/cpu_usage_idle.json.jinja delete mode 100644 salt/grafana/panels/old/cpu_usage_tasks.json.jinja delete mode 100644 salt/grafana/panels/old/disk_io.json.jinja delete mode 100644 salt/grafana/panels/old/disk_used_nsm.json.jinja delete mode 100644 salt/grafana/panels/old/disk_used_root.json.jinja delete mode 100644 salt/grafana/panels/old/elasticsearch_cpu_usage.json.jinja delete mode 100644 salt/grafana/panels/old/elasticsearch_documents_count.json.jinja delete mode 100644 salt/grafana/panels/old/elasticsearch_field_data_cache_size.json.jinja delete mode 100644 salt/grafana/panels/old/elasticsearch_store_size.json.jinja delete mode 100644 salt/grafana/panels/old/elasticsearch_thread_count.json.jinja delete mode 100644 salt/grafana/panels/old/estimated_eps.json.jinja delete mode 100644 salt/grafana/panels/old/estimated_eps_singlestat.json.jinja delete mode 100644 salt/grafana/panels/old/influxdb_cpu_usage.json.jinja delete mode 100644 salt/grafana/panels/old/influxdb_size.json.jinja delete mode 100644 salt/grafana/panels/old/influxdb_traffic.json.jinja delete mode 100644 salt/grafana/panels/old/io_wait.json.jinja delete mode 100644 salt/grafana/panels/old/kibana_cpu_usage.json.jinja delete mode 100644 salt/grafana/panels/old/load_average.json.jinja delete mode 100644 salt/grafana/panels/old/logstash_cpu_usage.json.jinja delete mode 100644 salt/grafana/panels/old/logstash_traffic.json.jinja delete mode 100644 salt/grafana/panels/old/management_traffic.json.jinja delete mode 100644 salt/grafana/panels/old/memory_usage_current.json.jinja delete mode 100644 salt/grafana/panels/old/memory_used.json.jinja delete mode 100644 salt/grafana/panels/old/monitor_traffic.json.jinja delete mode 100644 salt/grafana/panels/old/pcap_packet_loss.json.jinja delete mode 100644 salt/grafana/panels/old/pcap_retention.json.jinja delete mode 100644 salt/grafana/panels/old/processes_states.json.jinja delete mode 100644 salt/grafana/panels/old/proxy_traffic.json.jinja delete mode 100644 salt/grafana/panels/old/redis_cpu_usage.json.jinja delete mode 100644 salt/grafana/panels/old/redis_memory_usage.json.jinja delete mode 100644 salt/grafana/panels/old/redis_queue.json.jinja delete mode 100644 salt/grafana/panels/old/stenographer_cpu_usage.json.jinja delete mode 100644 salt/grafana/panels/old/stenographer_memory_usage.json.jinja delete mode 100644 salt/grafana/panels/old/suricata_cpu_usage.json.jinja delete mode 100644 salt/grafana/panels/old/suricata_memory_usage.json.jinja delete mode 100644 salt/grafana/panels/old/suricata_packet_loss.json.jinja delete mode 100644 salt/grafana/panels/old/total_threads.json.jinja delete mode 100644 salt/grafana/panels/old/zeek_capture_loss.json.jinja delete mode 100644 salt/grafana/panels/old/zeek_cpu_usage.json.jinja delete mode 100644 salt/grafana/panels/old/zeek_memory_usage.json.jinja delete mode 100644 salt/grafana/panels/old/zeek_packet_loss.json.jinja delete mode 100644 salt/grafana/panels/old/zeek_restarts_healthcheck.json.jinja diff --git a/salt/grafana/panels/old/cpu_usage_idle.json.jinja b/salt/grafana/panels/old/cpu_usage_idle.json.jinja deleted file mode 100644 index e786fe786..000000000 --- a/salt/grafana/panels/old/cpu_usage_idle.json.jinja +++ /dev/null @@ -1,212 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "unit": "percent" - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/cpu_usage_tasks.json.jinja b/salt/grafana/panels/old/cpu_usage_tasks.json.jinja deleted file mode 100644 index 85909264f..000000000 --- a/salt/grafana/panels/old/cpu_usage_tasks.json.jinja +++ /dev/null @@ -1,741 +0,0 @@ -{ - "aliasColors": { - "Interrupt": "#70DBED", - "Nice": "#629E51", - "SoftIRQ": "#EA6460", - "System": "#BF1B00", - "User": "#1F78C1", - "Wait": "#F2C96D", - "cpu.mean": "#629E51" - }, - "dashLength": 10, - "datasource": "InfluxDB", - "editable": true, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 4, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 10 - }, - "id": 4, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "pluginVersion": "7.5.4", - "pointradius": 5, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "targets": [ - { - "alias": "System Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"usage_system\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"usage_user\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"usage_nice\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"usage_irq\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": true, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"usage_iowait\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": true, - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"usage_softirq\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": true, - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "System Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"usage_system\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"usage_user\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"usage_nice\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "I", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"usage_irq\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "J", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"usage_iowait\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "K", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"usage_softirq\") FROM \"cpu\" WHERE (\"host\" = '$servername' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "L", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeRegions": [], - "title": "$servername - CPU Usage", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": "Percent(%)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - }, - "bars": false, - "dashes": false, - "error": false, - "fillGradient": 0, - "hiddenSeries": false, - "percentage": false, - "points": false, - "stack": false, - "steppedLine": false, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/old/disk_io.json.jinja b/salt/grafana/panels/old/disk_io.json.jinja deleted file mode 100644 index 9aedaceb9..000000000 --- a/salt/grafana/panels/old/disk_io.json.jinja +++ /dev/null @@ -1,296 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 35 - }, - "hiddenSeries": false, - "id": 13, - "legend": { - "avg": false, - "current": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Read Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "read_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Write Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "write_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Read Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_read_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Write Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_write_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - Disk I/O", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/disk_used_nsm.json.jinja b/salt/grafana/panels/old/disk_used_nsm.json.jinja deleted file mode 100644 index 495ad69ff..000000000 --- a/salt/grafana/panels/old/disk_used_nsm.json.jinja +++ /dev/null @@ -1,194 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 5 - }, - "hiddenSeries": false, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - Disk Used(/nsm)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/disk_used_root.json.jinja b/salt/grafana/panels/old/disk_used_root.json.jinja deleted file mode 100644 index 0743382f2..000000000 --- a/salt/grafana/panels/old/disk_used_root.json.jinja +++ /dev/null @@ -1,194 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 5 - }, - "hiddenSeries": false, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - Disk Used(/)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/elasticsearch_cpu_usage.json.jinja b/salt/grafana/panels/old/elasticsearch_cpu_usage.json.jinja deleted file mode 100644 index 50554961b..000000000 --- a/salt/grafana/panels/old/elasticsearch_cpu_usage.json.jinja +++ /dev/null @@ -1,212 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 35, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " / $cpucount " - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " / $cpucount " - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - ES CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/elasticsearch_documents_count.json.jinja b/salt/grafana/panels/old/elasticsearch_documents_count.json.jinja deleted file mode 100644 index d34af37b7..000000000 --- a/salt/grafana/panels/old/elasticsearch_documents_count.json.jinja +++ /dev/null @@ -1,123 +0,0 @@ -{ - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 40 - }, - "id": 33, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "docs_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": "", - "title": "$servername - ES Documents", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" -} diff --git a/salt/grafana/panels/old/elasticsearch_field_data_cache_size.json.jinja b/salt/grafana/panels/old/elasticsearch_field_data_cache_size.json.jinja deleted file mode 100644 index a9b6b9473..000000000 --- a/salt/grafana/panels/old/elasticsearch_field_data_cache_size.json.jinja +++ /dev/null @@ -1,184 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 40 - }, - "hiddenSeries": false, - "id": 63, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "fielddata_memory_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Size Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_fielddata_memory_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - ES Fielddata Cache Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/elasticsearch_store_size.json.jinja b/salt/grafana/panels/old/elasticsearch_store_size.json.jinja deleted file mode 100644 index b98e1bb18..000000000 --- a/salt/grafana/panels/old/elasticsearch_store_size.json.jinja +++ /dev/null @@ -1,188 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 40 - }, - "hiddenSeries": false, - "id": 34, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "store_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Size Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_store_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - ES Store Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/elasticsearch_thread_count.json.jinja b/salt/grafana/panels/old/elasticsearch_thread_count.json.jinja deleted file mode 100644 index c825c83d0..000000000 --- a/salt/grafana/panels/old/elasticsearch_thread_count.json.jinja +++ /dev/null @@ -1,185 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 40 - }, - "hiddenSeries": false, - "id": 65, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Count Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "threads_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Count Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_threads_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - ES Thread Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/estimated_eps.json.jinja b/salt/grafana/panels/old/estimated_eps.json.jinja deleted file mode 100644 index 9c0310f20..000000000 --- a/salt/grafana/panels/old/estimated_eps.json.jinja +++ /dev/null @@ -1,185 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "description": "", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 35 - }, - "hiddenSeries": false, - "id": 76, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": false - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "EPS Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "consumptioneps", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "eps" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "EPS Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "consumptioneps", - "orderByTime": "ASC", - "policy": "so_long_term", - "queryType": "randomWalk", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_eps" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - Estimated EPS", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "EPS", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/estimated_eps_singlestat.json.jinja b/salt/grafana/panels/old/estimated_eps_singlestat.json.jinja deleted file mode 100644 index e2dee3398..000000000 --- a/salt/grafana/panels/old/estimated_eps_singlestat.json.jinja +++ /dev/null @@ -1,120 +0,0 @@ -{ - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "InfluxDB", - "decimals": 0, - "editable": true, - "error": false, - "format": "short", - "gauge": {}, - "gridPos": { - "x": {{ PANELS.estimated_eps_singlestat.gridPos.x }}, - "y": {{ PANELS.estimated_eps_singlestat.gridPos.y }}, - "w": {{ PANELS.estimated_eps_singlestat.gridPos.w }}, - "h": {{ PANELS.estimated_eps_singlestat.gridPos.h }} - }, - "height": "150", - "id": 23, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "consumptioneps", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "eps" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": "", - "title": "Estimated EPS", - "type": "singlestat", - "valueFontSize": "100%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current", - "fieldConfig": { - "defaults": {}, - "overrides": [] - } -} diff --git a/salt/grafana/panels/old/influxdb_cpu_usage.json.jinja b/salt/grafana/panels/old/influxdb_cpu_usage.json.jinja deleted file mode 100644 index dcba7d62d..000000000 --- a/salt/grafana/panels/old/influxdb_cpu_usage.json.jinja +++ /dev/null @@ -1,209 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 5 - }, - "hiddenSeries": false, - "id": 41, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " / $cpucount " - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " / $cpucount " - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - InfluxDB CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/influxdb_size.json.jinja b/salt/grafana/panels/old/influxdb_size.json.jinja deleted file mode 100644 index dbf7ebc5c..000000000 --- a/salt/grafana/panels/old/influxdb_size.json.jinja +++ /dev/null @@ -1,184 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 30 - }, - "hiddenSeries": false, - "id": 69, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "influxsize", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "kbytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Size Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "influxsize", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_kbytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - InfluxDB Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "deckbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/influxdb_traffic.json.jinja b/salt/grafana/panels/old/influxdb_traffic.json.jinja deleted file mode 100644 index 758cb0692..000000000 --- a/salt/grafana/panels/old/influxdb_traffic.json.jinja +++ /dev/null @@ -1,345 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "description": "", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 25 - }, - "hiddenSeries": false, - "id": 49, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Outbound Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Inbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Outbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - InfluxDB Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/io_wait.json.jinja b/salt/grafana/panels/old/io_wait.json.jinja deleted file mode 100644 index e06013bd7..000000000 --- a/salt/grafana/panels/old/io_wait.json.jinja +++ /dev/null @@ -1,185 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 30 - }, - "hiddenSeries": false, - "id": 53, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Wait Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Wait Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - IO Wait", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/kibana_cpu_usage.json.jinja b/salt/grafana/panels/old/kibana_cpu_usage.json.jinja deleted file mode 100644 index 645530d23..000000000 --- a/salt/grafana/panels/old/kibana_cpu_usage.json.jinja +++ /dev/null @@ -1,209 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 0 - }, - "hiddenSeries": false, - "id": 43, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " / $cpucount " - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "container_name", - "operator": "=", - "value": "so-kibana" - }, - { - "condition": "AND", - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " / $cpucount " - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "container_name", - "operator": "=", - "value": "so-kibana" - }, - { - "condition": "AND", - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - Kibana CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/load_average.json.jinja b/salt/grafana/panels/old/load_average.json.jinja deleted file mode 100644 index 203cce76e..000000000 --- a/salt/grafana/panels/old/load_average.json.jinja +++ /dev/null @@ -1,466 +0,0 @@ -{ - "aliasColors": { - "#cpu": "green", - "1 Minute Average": "#EAB839", - "15 Minute Average": "#BF1B00", - "5 Minute Average": "#E0752D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 15 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - }, - { - "alias": "#cpu Current", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "#cpu Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "1 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "5 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "15 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "#cpu Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "1 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "5 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "15 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - Load Average", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/logstash_cpu_usage.json.jinja b/salt/grafana/panels/old/logstash_cpu_usage.json.jinja deleted file mode 100644 index 8fa3f528b..000000000 --- a/salt/grafana/panels/old/logstash_cpu_usage.json.jinja +++ /dev/null @@ -1,209 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 5 - }, - "hiddenSeries": false, - "id": 45, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " / $cpucount " - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " / $cpucount " - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - Logstash CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/logstash_traffic.json.jinja b/salt/grafana/panels/old/logstash_traffic.json.jinja deleted file mode 100644 index e03009aa1..000000000 --- a/salt/grafana/panels/old/logstash_traffic.json.jinja +++ /dev/null @@ -1,344 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 20 - }, - "hiddenSeries": false, - "id": 47, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Outbound Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Inbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Outbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - Logstash Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/management_traffic.json.jinja b/salt/grafana/panels/old/management_traffic.json.jinja deleted file mode 100644 index 147ddf1ec..000000000 --- a/salt/grafana/panels/old/management_traffic.json.jinja +++ /dev/null @@ -1,365 +0,0 @@ -{ - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "super-light-blue" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 10 - }, - "hiddenSeries": false, - "id": 18, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '$manint' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "$manint" - } - ] - }, - { - "alias": "Outbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '$manint' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "$manint" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '$manint' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "$manint" - } - ] - }, - { - "alias": "Outbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '$manint' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "$manint" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - Management Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/memory_usage_current.json.jinja b/salt/grafana/panels/old/memory_usage_current.json.jinja deleted file mode 100644 index 7fce708ba..000000000 --- a/salt/grafana/panels/old/memory_usage_current.json.jinja +++ /dev/null @@ -1,146 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "x": {{ PANELS.memory_usage_current.gridPos.x }}, - "y": {{ PANELS.memory_usage_current.gridPos.y }}, - "w": {{ PANELS.memory_usage_current.gridPos.w }}, - "h": {{ PANELS.memory_usage_current.gridPos.h }} - }, - "height": "400", - "id": 12054, - "interval": "$inter", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/total/", - "color": "#BF1B00", - "fill": 0, - "linewidth": 2 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "$tag_host: $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "mem_inactive", - "policy": "default", - "query": "SELECT mean(total) as total, mean(used) as used, mean(cached) as cached, mean(free) as free, mean(buffered) as buffered FROM \"mem\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "pluginVersion": "7.5.4", - "hiddenSeries": false -} diff --git a/salt/grafana/panels/old/memory_used.json.jinja b/salt/grafana/panels/old/memory_used.json.jinja deleted file mode 100644 index 04ff62c20..000000000 --- a/salt/grafana/panels/old/memory_used.json.jinja +++ /dev/null @@ -1,271 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 45 - }, - "hiddenSeries": false, - "id": 67, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Total Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Total Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_total" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - Memory(Used)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/monitor_traffic.json.jinja b/salt/grafana/panels/old/monitor_traffic.json.jinja deleted file mode 100644 index 95adf6f75..000000000 --- a/salt/grafana/panels/old/monitor_traffic.json.jinja +++ /dev/null @@ -1,236 +0,0 @@ -{ - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "light-orange" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 15 - }, - "hiddenSeries": false, - "id": 10, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '$monint' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "$monint" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '$monint' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "$monint" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - Monitor Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/pcap_packet_loss.json.jinja b/salt/grafana/panels/old/pcap_packet_loss.json.jinja deleted file mode 100644 index 0e87fff60..000000000 --- a/salt/grafana/panels/old/pcap_packet_loss.json.jinja +++ /dev/null @@ -1,189 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 0 - }, - "hiddenSeries": false, - "id": 19, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "stenodrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Loss Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "stenodrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - PCAP Packet Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/pcap_retention.json.jinja b/salt/grafana/panels/old/pcap_retention.json.jinja deleted file mode 100644 index 6842c8a3c..000000000 --- a/salt/grafana/panels/old/pcap_retention.json.jinja +++ /dev/null @@ -1,189 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "unit": "s" - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 15 - }, - "hiddenSeries": false, - "id": 2201, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Oldest Pcap Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "pcapage", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "seconds" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Oldest Pcap Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "pcapage", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_seconds" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - PCAP Retention", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "s", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/processes_states.json.jinja b/salt/grafana/panels/old/processes_states.json.jinja deleted file mode 100644 index a8aa1970a..000000000 --- a/salt/grafana/panels/old/processes_states.json.jinja +++ /dev/null @@ -1,374 +0,0 @@ -{ - "aliasColors": { - "Blocked": "#BF1B00", - "Running": "#7EB26D" - }, - "dashLength": 10, - "datasource": "InfluxDB", - "editable": true, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 7, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 14, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "pluginVersion": "7.5.4", - "pointradius": 5, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": true, - "targets": [ - { - "alias": "Blocked Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "blocked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Running Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "running" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Sleep Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "sleeping" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Blocked Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_blocked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Running Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_running" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Sleep Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_sleeping" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": [], - "timeRegions": [], - "title": "$servername - Processes", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - }, - "bars": false, - "dashes": false, - "error": false, - "fillGradient": 0, - "hiddenSeries": false, - "linewidth": 0, - "percentage": false, - "points": false, - "steppedLine": false, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/old/proxy_traffic.json.jinja b/salt/grafana/panels/old/proxy_traffic.json.jinja deleted file mode 100644 index 6812b9c57..000000000 --- a/salt/grafana/panels/old/proxy_traffic.json.jinja +++ /dev/null @@ -1,344 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 30 - }, - "hiddenSeries": false, - "id": 51, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - }, - { - "alias": "Outbound Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - }, - { - "alias": "Inbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - }, - { - "alias": "Outbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - Proxy Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/redis_cpu_usage.json.jinja b/salt/grafana/panels/old/redis_cpu_usage.json.jinja deleted file mode 100644 index 41035f438..000000000 --- a/salt/grafana/panels/old/redis_cpu_usage.json.jinja +++ /dev/null @@ -1,213 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 35 - }, - "hiddenSeries": false, - "id": 59, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"usage_percent\") / $cpucount FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "/ $cpucount " - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"usage_percent\") / $cpucount FROM \"docker_container_cpu\" WHERE (\"host\" = '$servername' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "/ $cpucount " - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - Redis CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/redis_memory_usage.json.jinja b/salt/grafana/panels/old/redis_memory_usage.json.jinja deleted file mode 100644 index 4234414bc..000000000 --- a/salt/grafana/panels/old/redis_memory_usage.json.jinja +++ /dev/null @@ -1,197 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 35 - }, - "hiddenSeries": false, - "id": 61, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - Redis Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/redis_queue.json.jinja b/salt/grafana/panels/old/redis_queue.json.jinja deleted file mode 100644 index 4a9b41e85..000000000 --- a/salt/grafana/panels/old/redis_queue.json.jinja +++ /dev/null @@ -1,185 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "description": "", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 30 - }, - "hiddenSeries": false, - "id": 55, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Queue Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "redisqueue", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "unparsed" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Queue Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "redisqueue", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_unparsed" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - Redis Queue", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/stenographer_cpu_usage.json.jinja b/salt/grafana/panels/old/stenographer_cpu_usage.json.jinja deleted file mode 100644 index 8dd10599f..000000000 --- a/salt/grafana/panels/old/stenographer_cpu_usage.json.jinja +++ /dev/null @@ -1,213 +0,0 @@ -{ - "aliasColors": {}, - "dashLength": 10, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 5 - }, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "pluginVersion": "7.5.4", - "pointradius": 2, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " / $cpucount " - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " / $cpucount " - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - } - ], - "thresholds": [], - "timeRegions": [], - "title": "$servername - Steno CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - }, - "bars": false, - "cacheTimeout": null, - "dashes": false, - "fillGradient": 0, - "hiddenSeries": false, - "percentage": false, - "points": false, - "stack": false, - "steppedLine": false, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/old/stenographer_memory_usage.json.jinja b/salt/grafana/panels/old/stenographer_memory_usage.json.jinja deleted file mode 100644 index 09e5385b0..000000000 --- a/salt/grafana/panels/old/stenographer_memory_usage.json.jinja +++ /dev/null @@ -1,201 +0,0 @@ -{ - "aliasColors": {}, - "dashLength": 10, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 10 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "pluginVersion": "7.5.4", - "pointradius": 2, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - } - ], - "thresholds": [], - "timeRegions": [], - "title": "$servername - Steno Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - }, - "bars": false, - "cacheTimeout": null, - "dashes": false, - "fillGradient": 0, - "hiddenSeries": false, - "percentage": false, - "points": false, - "stack": false, - "steppedLine": false, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/old/suricata_cpu_usage.json.jinja b/salt/grafana/panels/old/suricata_cpu_usage.json.jinja deleted file mode 100644 index 2021c57e7..000000000 --- a/salt/grafana/panels/old/suricata_cpu_usage.json.jinja +++ /dev/null @@ -1,212 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 5 - }, - "hiddenSeries": false, - "id": 27, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " / $cpucount " - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " / $cpucount " - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - Suri CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/suricata_memory_usage.json.jinja b/salt/grafana/panels/old/suricata_memory_usage.json.jinja deleted file mode 100644 index 1a692ec5d..000000000 --- a/salt/grafana/panels/old/suricata_memory_usage.json.jinja +++ /dev/null @@ -1,200 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 10 - }, - "hiddenSeries": false, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - Suri Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/suricata_packet_loss.json.jinja b/salt/grafana/panels/old/suricata_packet_loss.json.jinja deleted file mode 100644 index 155fb1204..000000000 --- a/salt/grafana/panels/old/suricata_packet_loss.json.jinja +++ /dev/null @@ -1,200 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 2125, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "suridrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Loss Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "suridrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - Suricata Packet Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/total_threads.json.jinja b/salt/grafana/panels/old/total_threads.json.jinja deleted file mode 100644 index dd8ebb231..000000000 --- a/salt/grafana/panels/old/total_threads.json.jinja +++ /dev/null @@ -1,192 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 25 - }, - "hiddenSeries": false, - "id": 15, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Threads Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Threads Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - Total Threads", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/zeek_capture_loss.json.jinja b/salt/grafana/panels/old/zeek_capture_loss.json.jinja deleted file mode 100644 index c75a8e5d9..000000000 --- a/salt/grafana/panels/old/zeek_capture_loss.json.jinja +++ /dev/null @@ -1,185 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 25 - }, - "hiddenSeries": false, - "id": 71, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": true, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "zeekcaptureloss", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "loss" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Loss Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "zeekcaptureloss", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_loss" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - Zeek Capture Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/zeek_cpu_usage.json.jinja b/salt/grafana/panels/old/zeek_cpu_usage.json.jinja deleted file mode 100644 index e7dfede68..000000000 --- a/salt/grafana/panels/old/zeek_cpu_usage.json.jinja +++ /dev/null @@ -1,212 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 20 - }, - "hiddenSeries": false, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " / $cpucount " - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " / $cpucount " - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - Zeek CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/zeek_memory_usage.json.jinja b/salt/grafana/panels/old/zeek_memory_usage.json.jinja deleted file mode 100644 index 502038d26..000000000 --- a/salt/grafana/panels/old/zeek_memory_usage.json.jinja +++ /dev/null @@ -1,200 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 20 - }, - "hiddenSeries": false, - "id": 23, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - Zeek Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/zeek_packet_loss.json.jinja b/salt/grafana/panels/old/zeek_packet_loss.json.jinja deleted file mode 100644 index 9714c7eba..000000000 --- a/salt/grafana/panels/old/zeek_packet_loss.json.jinja +++ /dev/null @@ -1,201 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 25 - }, - "hiddenSeries": false, - "id": 2202, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "zeekdrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Loss Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "zeekdrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "$servername - Zeek Packet Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/old/zeek_restarts_healthcheck.json.jinja b/salt/grafana/panels/old/zeek_restarts_healthcheck.json.jinja deleted file mode 100644 index f609292e6..000000000 --- a/salt/grafana/panels/old/zeek_restarts_healthcheck.json.jinja +++ /dev/null @@ -1,93 +0,0 @@ -{ - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - }, - "mappings": [] - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 15 - }, - "id": 37, - "options": { - "reduceOptions": { - "values": false, - "calcs": [ - "sum" - ], - "fields": "" - }, - "orientation": "auto", - "text": {}, - "textMode": "auto", - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto" - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "healthcheck", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "zeek_restart" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Zeek Restarts via Healthcheck", - "type": "stat" -} From d01ac55db15615c86756b19e7aa5395cd12a1cd7 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 20 Jul 2021 13:55:18 -0400 Subject: [PATCH 130/266] add heavynode --- salt/grafana/defaults.yaml | 337 ++++++++++++++++++++++++++++++++++++- 1 file changed, 336 insertions(+), 1 deletion(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index e145251e1..9f1b1a9f8 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -53,7 +53,6 @@ grafana: y: 1 h: 4 w: 4 - cpu_usage_guage: gridPos: x: 8 @@ -404,4 +403,340 @@ grafana: h: 8 w: 24 + + heavynode: + templating: + list: + - servername + - containers + - manint + - monint + - cpucount + - disk + panels: + row_overview: + gridPos: + x: 0 + y: 0 + h: 1 + w: 24 + system_uptime: + gridPos: + x: 0 + y: 1 + h: 4 + w: 4 + load_average_5_minute_stat: + gridPos: + x: 4 + y: 1 + h: 4 + w: 4 + cpu_usage_guage: + gridPos: + x: 8 + y: 1 + h: 4 + w: 2 + ram_usage_guage: + gridPos: + x: 10 + y: 1 + h: 4 + w: 2 + swap_usage_guage: + gridPos: + x: 12 + y: 1 + h: 4 + w: 2 + rootfs_used_guage: + gridPos: + x: 14 + y: 1 + h: 4 + w: 2 + nsm_used_guage: + gridPos: + x: 16 + y: 1 + h: 4 + w: 2 + pcap_retention_stat: + gridPos: + x: 18 + y: 1 + h: 4 + w: 2 + io_wait_stat: + gridPos: + x: 20 + y: 1 + h: 4 + w: 4 + logstash_estimated_eps_stat: + gridPos: + x: 0 + y: 5 + h: 4 + w: 4 + redis_queue_stat: + gridPos: + x: 4 + y: 5 + h: 4 + w: 4 + monitor_interface_traffic_stat: + gridPos: + x: 8 + y: 5 + h: 4 + w: 4 + zeek_packet_loss_stat: + gridPos: + x: 12 + y: 5 + h: 4 + w: 4 + suricata_packet_loss_stat: + gridPos: + x: 16 + y: 5 + h: 4 + w: 4 + stenographer_packet_loss_stat: + gridPos: + x: 20 + y: 5 + h: 4 + w: 4 + + row_cpu: + gridPos: + x: 0 + y: 9 + h: 1 + w: 24 + cpu_usage_tasks_graph: + gridPos: + x: 0 + y: 10 + h: 8 + w: 24 + load_averages_graph: + gridPos: + x: 0 + y: 18 + h: 8 + w: 12 + process_status_graph: + gridPos: + x: 12 + y: 18 + h: 8 + w: 12 + + row_memory: + gridPos: + x: 0 + y: 26 + h: 1 + w: 24 + memory_usage_graph: + gridPos: + x: 0 + y: 27 + h: 8 + w: 24 + + row_swap: + gridPos: + x: 0 + y: 35 + h: 1 + w: 24 + swap_io_bytes_graph: + gridPos: + x: 0 + y: 36 + h: 8 + w: 12 + swap_usage_bytes_graph: + gridPos: + x: 12 + y: 36 + h: 8 + w: 12 + + row_network: + gridPos: + x: 0 + y: 44 + h: 1 + w: 24 + management_traffic_graph: + gridPos: + x: 0 + y: 45 + h: 8 + w: 24 + management_interface_packets_graph: + gridPos: + x: 0 + y: 53 + h: 8 + w: 12 + management_interface_drops_graph: + gridPos: + x: 12 + y: 53 + h: 8 + w: 12 + monitor_traffic_graph: + gridPos: + x: 0 + y: 61 + h: 8 + w: 24 + monitor_interface_packets_graph: + gridPos: + x: 0 + y: 69 + h: 8 + w: 12 + monitor_interface_drops_graph: + gridPos: + x: 12 + y: 69 + h: 8 + w: 12 + + row_disk_usage: + gridPos: + x: 0 + y: 77 + h: 1 + w: 24 + disk_usage_root_graph: + gridPos: + x: 0 + y: 78 + h: 8 + w: 12 + disk_usage_nsm_graph: + gridPos: + x: 12 + y: 78 + h: 8 + w: 12 + + row_disk_iops: + gridPos: + x: 0 + y: 86 + h: 1 + w: 24 + disk_io_requests_graph: + gridPos: + x: 0 + y: 87 + h: 8 + w: 8 + disk_io_bytes_graph: + gridPos: + x: 8 + y: 87 + h: 8 + w: 8 + disk_io_time_graph: + gridPos: + x: 16 + y: 87 + h: 8 + w: 8 + + row_logstash: + gridPos: + x: 0 + y: 95 + h: 1 + w: 24 + logstash_estimated_eps_graph: + gridPos: + x: 0 + y: 96 + h: 8 + w: 24 + + row_redis: + gridPos: + x: 0 + y: 104 + h: 1 + w: 24 + redis_queue_graph: + gridPos: + x: 0 + y: 105 + h: 8 + w: 24 + + row_zeek: + gridPos: + x: 0 + y: 113 + h: 1 + w: 24 + zeek_packet_loss_graph: + gridPos: + x: 0 + y: 114 + h: 8 + w: 10 + zeek_capture_loss_graph: + gridPos: + x: 10 + y: 114 + h: 8 + w: 10 + zeek_restarts_healthcheck_stat: + gridPos: + x: 20 + y: 114 + h: 8 + w: 4 + + row_suricata: + gridPos: + x: 0 + y: 122 + h: 1 + w: 24 + suricata_packet_loss_graph: + gridPos: + x: 0 + y: 123 + h: 8 + w: 24 + + row_stenographer: + gridPos: + x: 0 + y: 131 + h: 1 + w: 24 + stenographer_packet_loss_graph: + gridPos: + x: 0 + y: 132 + h: 8 + w: 16 + stenographer_pcap_retention_graph: + gridPos: + x: 16 + y: 132 + h: 8 + w: 8 + + \ No newline at end of file From 4bb350d37dad0e3cb744a8467e890cde43041103 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 20 Jul 2021 13:55:52 -0400 Subject: [PATCH 131/266] add heavynode --- salt/grafana/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 3350b5b48..627a64961 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -14,7 +14,7 @@ {% set nodeTypes = ['eval'] %} {% else %} {#% set nodeTypes = ['standalone', 'manager', 'managersearch', 'sensortab', 'searchnode'] %#} - {% set nodeTypes = ['standalone'] %} + {% set nodeTypes = ['standalone', 'heavynode'] %} {% endif %} {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] or (grains.role == 'so-eval' and GRAFANA == 1) %} From 6038ebb70597fb99b929e61cce60fd232ae14756 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 20 Jul 2021 14:04:28 -0400 Subject: [PATCH 132/266] handle multile nodetpes and uid --- salt/grafana/dashboards/common_template.json.jinja | 2 ++ salt/grafana/init.sls | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/salt/grafana/dashboards/common_template.json.jinja b/salt/grafana/dashboards/common_template.json.jinja index 9893a8852..6490d7946 100644 --- a/salt/grafana/dashboards/common_template.json.jinja +++ b/salt/grafana/dashboards/common_template.json.jinja @@ -54,6 +54,8 @@ }, "timezone": "browser", "title": "Detailed {{ NODETYPE }}", + {% if grains.role in 'so-standalone' %} "uid": "{{ UID }}", + {% endif %} "version": 1 } diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 627a64961..f4dab1a56 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -87,7 +87,7 @@ grafana-config-files: - makedirs: True {% for nodeType in nodeTypes %} -common-standalone-dashboard: +detailed-{{nodeType}}-dashboard: file.managed: - name: /opt/so/conf/grafana/grafana_dashboards/detailed/{{nodeType}}.json - user: 939 From 608d5d3c260202b2352da47eed3ed7fcf3e00248 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 20 Jul 2021 14:10:26 -0400 Subject: [PATCH 133/266] change uid logic --- salt/grafana/dashboards/common_template.json.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/dashboards/common_template.json.jinja b/salt/grafana/dashboards/common_template.json.jinja index 6490d7946..2ce023781 100644 --- a/salt/grafana/dashboards/common_template.json.jinja +++ b/salt/grafana/dashboards/common_template.json.jinja @@ -54,7 +54,7 @@ }, "timezone": "browser", "title": "Detailed {{ NODETYPE }}", - {% if grains.role in 'so-standalone' %} + {% if NODETYPE | lower in 'standalone' %} "uid": "{{ UID }}", {% endif %} "version": 1 From 852b686d817ed80f2f1646075c9e3cf5fa9204bc Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 20 Jul 2021 14:25:56 -0400 Subject: [PATCH 134/266] add servername vars for each role --- salt/grafana/defaults.yaml | 4 ++-- .../templates/servername_heavynode.json | 24 +++++++++++++++++++ ...ername.json => servername_standalone.json} | 0 3 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 salt/grafana/templates/servername_heavynode.json rename salt/grafana/templates/{servername.json => servername_standalone.json} (100%) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 9f1b1a9f8..90808557f 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -28,7 +28,7 @@ grafana: standalone: templating: list: - - servername + - servername_standalone - containers - manint - monint @@ -407,7 +407,7 @@ grafana: heavynode: templating: list: - - servername + - servername_heavynode - containers - manint - monint diff --git a/salt/grafana/templates/servername_heavynode.json b/salt/grafana/templates/servername_heavynode.json new file mode 100644 index 000000000..2d1486038 --- /dev/null +++ b/salt/grafana/templates/servername_heavynode.json @@ -0,0 +1,24 @@ +{ + "allValue": null, + "current": {}, + "datasource": "InfluxDB", + "definition": "show tag values with key=\"host\" where \"role\" = 'heavynode'", + "description": "", + "error": null, + "hide": 0, + "includeAll": false, + "label": "Node", + "multi": false, + "name": "servername", + "options": [], + "query": "show tag values with key=\"host\" where \"role\" = 'heavynode'", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } diff --git a/salt/grafana/templates/servername.json b/salt/grafana/templates/servername_standalone.json similarity index 100% rename from salt/grafana/templates/servername.json rename to salt/grafana/templates/servername_standalone.json From a405ca39fa4d0c565e2b794e6894996680707992 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 20 Jul 2021 14:31:09 -0400 Subject: [PATCH 135/266] add redis.sh for telegraf on heavynodes --- salt/telegraf/etc/telegraf.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf index 147ffc480..d8620a082 100644 --- a/salt/telegraf/etc/telegraf.conf +++ b/salt/telegraf/etc/telegraf.conf @@ -736,6 +736,7 @@ {% elif grains['role'] == 'so-heavynode' %} [[inputs.exec]] commands = [ + "/scripts/redis.sh", "/scripts/stenoloss.sh", "/scripts/suriloss.sh", "/scripts/checkfiles.sh", From 1bb92f63d15783bd54d8779398ba609fa6264675 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 20 Jul 2021 15:21:59 -0400 Subject: [PATCH 136/266] add docker details --- salt/grafana/defaults.yaml | 152 +++++++++++++++++++++++++++++-------- 1 file changed, 119 insertions(+), 33 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 90808557f..6fcb7568a 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -276,130 +276,173 @@ grafana: h: 8 w: 8 - row_logstash: + row_docker_details: gridPos: x: 0 y: 95 h: 1 w: 24 - logstash_estimated_eps_graph: + cpu_docker_combined_current_graph: gridPos: x: 0 y: 96 h: 8 w: 24 + cpu_docker_combined_trend_graph: + gridPos: + x: 0 + y: 104 + h: 8 + w: 24 + memory_used_docker_combined_current_graph: + gridPos: + x: 0 + y: 112 + h: 8 + w: 24 + memory_used_docker_combined_trend_graph: + gridPos: + x: 0 + y: 120 + h: 8 + w: 24 + network_usage_docker_combined_current_graph: + gridPos: + x: 0 + y: 128 + h: 8 + w: 24 + network_usage_docker_combined_trend_graph: + gridPos: + x: 0 + y: 136 + h: 8 + w: 24 + + row_logstash: + gridPos: + x: 0 + y: 144 + h: 1 + w: 24 + logstash_estimated_eps_graph: + gridPos: + x: 0 + y: 145 + h: 8 + w: 24 row_elasticsearch: gridPos: x: 0 - y: 104 + y: 153 h: 1 w: 24 elasticsearch_document_count_graph: gridPos: x: 0 - y: 105 + y: 154 h: 8 w: 12 elasticsearch_thread_count_graph: gridPos: x: 12 - y: 105 + y: 154 h: 8 w: 12 elasticsearch_store_size_graph: gridPos: x: 0 - y: 113 + y: 162 h: 8 w: 12 elasticsearch_field_data_cache_size_graph: gridPos: x: 12 - y: 113 + y: 162 h: 8 w: 12 row_redis: gridPos: x: 0 - y: 121 + y: 170 h: 1 w: 24 redis_queue_graph: gridPos: x: 0 - y: 122 + y: 171 h: 8 w: 24 row_zeek: gridPos: x: 0 - y: 130 + y: 179 h: 1 w: 24 zeek_packet_loss_graph: gridPos: x: 0 - y: 131 + y: 180 h: 8 w: 10 zeek_capture_loss_graph: gridPos: x: 10 - y: 131 + y: 180 h: 8 w: 10 zeek_restarts_healthcheck_stat: gridPos: x: 20 - y: 131 + y: 180 h: 8 w: 4 row_suricata: gridPos: x: 0 - y: 139 + y: 188 h: 1 w: 24 suricata_packet_loss_graph: gridPos: x: 0 - y: 140 + y: 189 h: 8 w: 24 row_stenographer: gridPos: x: 0 - y: 148 + y: 197 h: 1 w: 24 stenographer_packet_loss_graph: gridPos: x: 0 - y: 149 + y: 198 h: 8 w: 16 stenographer_pcap_retention_graph: gridPos: x: 16 - y: 149 + y: 198 h: 8 w: 8 row_influxdb: gridPos: x: 0 - y: 157 + y: 206 h: 1 w: 24 influxdb_db_size_graph: gridPos: x: 0 - y: 158 + y: 207 h: 8 w: 24 @@ -655,86 +698,129 @@ grafana: h: 8 w: 8 - row_logstash: + row_docker_details: gridPos: x: 0 y: 95 h: 1 w: 24 - logstash_estimated_eps_graph: + cpu_docker_combined_current_graph: gridPos: x: 0 y: 96 h: 8 w: 24 + cpu_docker_combined_trend_graph: + gridPos: + x: 0 + y: 104 + h: 8 + w: 24 + memory_used_docker_combined_current_graph: + gridPos: + x: 0 + y: 112 + h: 8 + w: 24 + memory_used_docker_combined_trend_graph: + gridPos: + x: 0 + y: 120 + h: 8 + w: 24 + network_usage_docker_combined_current_graph: + gridPos: + x: 0 + y: 128 + h: 8 + w: 24 + network_usage_docker_combined_trend_graph: + gridPos: + x: 0 + y: 136 + h: 8 + w: 24 + + row_logstash: + gridPos: + x: 0 + y: 144 + h: 1 + w: 24 + logstash_estimated_eps_graph: + gridPos: + x: 0 + y: 145 + h: 8 + w: 24 row_redis: gridPos: x: 0 - y: 104 + y: 153 h: 1 w: 24 redis_queue_graph: gridPos: x: 0 - y: 105 + y: 154 h: 8 w: 24 row_zeek: gridPos: x: 0 - y: 113 + y: 162 h: 1 w: 24 zeek_packet_loss_graph: gridPos: x: 0 - y: 114 + y: 163 h: 8 w: 10 zeek_capture_loss_graph: gridPos: x: 10 - y: 114 + y: 163 h: 8 w: 10 zeek_restarts_healthcheck_stat: gridPos: x: 20 - y: 114 + y: 163 h: 8 w: 4 row_suricata: gridPos: x: 0 - y: 122 + y: 171 h: 1 w: 24 suricata_packet_loss_graph: gridPos: x: 0 - y: 123 + y: 172 h: 8 w: 24 row_stenographer: gridPos: x: 0 - y: 131 + y: 180 h: 1 w: 24 stenographer_packet_loss_graph: gridPos: x: 0 - y: 132 + y: 181 h: 8 w: 16 stenographer_pcap_retention_graph: gridPos: x: 16 - y: 132 + y: 181 h: 8 w: 8 From af60ddf404e3338a2b87fe3d74c222758c1259d2 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 20 Jul 2021 16:28:07 -0400 Subject: [PATCH 137/266] add docker container uptime graph --- salt/grafana/defaults.yaml | 90 ++++++---- ...e_docker_combined_current_graph.json.jinja | 161 ++++++++++++++++++ ...ime_docker_combined_trend_graph.json.jinja | 159 +++++++++++++++++ 3 files changed, 377 insertions(+), 33 deletions(-) create mode 100644 salt/grafana/panels/uptime_docker_combined_current_graph.json.jinja create mode 100644 salt/grafana/panels/uptime_docker_combined_trend_graph.json.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 6fcb7568a..f68f16ae0 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -318,131 +318,143 @@ grafana: y: 136 h: 8 w: 24 + uptime_docker_combined_current_graph: + gridPos: + x: 0 + y: 144 + h: 8 + w: 12 + uptime_docker_combined_trend_graph: + gridPos: + x: 12 + y: 144 + h: 8 + w: 12 row_logstash: gridPos: x: 0 - y: 144 + y: 152 h: 1 w: 24 logstash_estimated_eps_graph: gridPos: x: 0 - y: 145 + y: 153 h: 8 w: 24 row_elasticsearch: gridPos: x: 0 - y: 153 + y: 161 h: 1 w: 24 elasticsearch_document_count_graph: gridPos: x: 0 - y: 154 + y: 162 h: 8 w: 12 elasticsearch_thread_count_graph: gridPos: x: 12 - y: 154 + y: 162 h: 8 w: 12 elasticsearch_store_size_graph: gridPos: x: 0 - y: 162 + y: 170 h: 8 w: 12 elasticsearch_field_data_cache_size_graph: gridPos: x: 12 - y: 162 + y: 170 h: 8 w: 12 row_redis: gridPos: x: 0 - y: 170 + y: 178 h: 1 w: 24 redis_queue_graph: gridPos: x: 0 - y: 171 + y: 179 h: 8 w: 24 row_zeek: gridPos: x: 0 - y: 179 + y: 187 h: 1 w: 24 zeek_packet_loss_graph: gridPos: x: 0 - y: 180 + y: 188 h: 8 w: 10 zeek_capture_loss_graph: gridPos: x: 10 - y: 180 + y: 188 h: 8 w: 10 zeek_restarts_healthcheck_stat: gridPos: x: 20 - y: 180 + y: 188 h: 8 w: 4 row_suricata: gridPos: x: 0 - y: 188 + y: 196 h: 1 w: 24 suricata_packet_loss_graph: gridPos: x: 0 - y: 189 + y: 197 h: 8 w: 24 row_stenographer: gridPos: x: 0 - y: 197 + y: 205 h: 1 w: 24 stenographer_packet_loss_graph: gridPos: x: 0 - y: 198 + y: 206 h: 8 w: 16 stenographer_pcap_retention_graph: gridPos: x: 16 - y: 198 + y: 206 h: 8 w: 8 row_influxdb: gridPos: x: 0 - y: 206 + y: 214 h: 1 w: 24 influxdb_db_size_graph: gridPos: x: 0 - y: 207 + y: 214 h: 8 w: 24 @@ -740,87 +752,99 @@ grafana: y: 136 h: 8 w: 24 + uptime_docker_combined_current_graph: + gridPos: + x: 0 + y: 144 + h: 8 + w: 12 + uptime_docker_combined_trend_graph: + gridPos: + x: 12 + y: 144 + h: 8 + w: 12 row_logstash: gridPos: x: 0 - y: 144 + y: 152 h: 1 w: 24 logstash_estimated_eps_graph: gridPos: x: 0 - y: 145 + y: 153 h: 8 w: 24 row_redis: gridPos: x: 0 - y: 153 + y: 161 h: 1 w: 24 redis_queue_graph: gridPos: x: 0 - y: 154 + y: 162 h: 8 w: 24 row_zeek: gridPos: x: 0 - y: 162 + y: 170 h: 1 w: 24 zeek_packet_loss_graph: gridPos: x: 0 - y: 163 + y: 171 h: 8 w: 10 zeek_capture_loss_graph: gridPos: x: 10 - y: 163 + y: 171 h: 8 w: 10 zeek_restarts_healthcheck_stat: gridPos: x: 20 - y: 163 + y: 171 h: 8 w: 4 row_suricata: gridPos: x: 0 - y: 171 + y: 179 h: 1 w: 24 suricata_packet_loss_graph: gridPos: x: 0 - y: 172 + y: 180 h: 8 w: 24 row_stenographer: gridPos: x: 0 - y: 180 + y: 188 h: 1 w: 24 stenographer_packet_loss_graph: gridPos: x: 0 - y: 181 + y: 189 h: 8 w: 16 stenographer_pcap_retention_graph: gridPos: x: 16 - y: 181 + y: 189 h: 8 w: 8 diff --git a/salt/grafana/panels/uptime_docker_combined_current_graph.json.jinja b/salt/grafana/panels/uptime_docker_combined_current_graph.json.jinja new file mode 100644 index 000000000..509072c9b --- /dev/null +++ b/salt/grafana/panels/uptime_docker_combined_current_graph.json.jinja @@ -0,0 +1,161 @@ +{ + "type": "graph", + "title": "Container Uptime Current", + "gridPos": { + "x": {{ PANELS.uptime_docker_combined_current_graph.gridPos.x }}, + "y": {{ PANELS.uptime_docker_combined_current_graph.gridPos.y }}, + "w": {{ PANELS.uptime_docker_combined_current_graph.gridPos.w }}, + "h": {{ PANELS.uptime_docker_combined_current_graph.gridPos.h }} + }, + "id": 68896, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=~", + "value": "/^$containers$/" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "tag", + "params": [ + "container_name" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "uptime_ns" + ] + }, + { + "type": "last", + "params": [] + } + ] + ], + "measurement": "docker_container_status", + "alias": "$tag_container_name", + "query": "SELECT last(\"health_status\") FROM \"docker_container_health\" WHERE (\"host\" =~ /^$servername$/ AND \"container_name\" =~ /^$containers$/) AND $timeFilter GROUP BY time($__interval), \"container_name\" fill(null)", + "rawQuery": false + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "ns", + "$$hashKey": "object:192" + }, + { + "label": "", + "show": true, + "logBase": 1, + "min": "0", + "max": null, + "format": "short", + "$$hashKey": "object:193", + "decimals": 2 + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": true, + "min": false, + "max": false, + "current": true, + "total": false, + "avg": false, + "alignAsTable": true, + "rightSide": true + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 1 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [ + { + "value": 4500000000000, + "colorMode": "critical", + "op": "lt", + "fill": false, + "line": true, + "yaxis": "left", + "$$hashKey": "object:1299" + } + ], + "timeRegions": [], + "decimals": 2, + "fill": 0, + "timeFrom": null, + "timeShift": null, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false +} diff --git a/salt/grafana/panels/uptime_docker_combined_trend_graph.json.jinja b/salt/grafana/panels/uptime_docker_combined_trend_graph.json.jinja new file mode 100644 index 000000000..ab1df19fe --- /dev/null +++ b/salt/grafana/panels/uptime_docker_combined_trend_graph.json.jinja @@ -0,0 +1,159 @@ +{ + "type": "graph", + "title": "Container Uptime Trend", + "gridPos": { + "x": {{ PANELS.uptime_docker_combined_trend_graph.gridPos.x }}, + "y": {{ PANELS.uptime_docker_combined_trend_graph.gridPos.y }}, + "w": {{ PANELS.uptime_docker_combined_trend_graph.gridPos.w }}, + "h": {{ PANELS.uptime_docker_combined_trend_graph.gridPos.h }} + }, + "id": 68999, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "so_long_term", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=~", + "value": "/^$containers$/" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "tag", + "params": [ + "container_name" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "mean_uptime_ns" + ] + }, + { + "type": "last", + "params": [] + } + ] + ], + "measurement": "docker_container_status", + "alias": "$tag_container_name" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "ns", + "$$hashKey": "object:192" + }, + { + "label": "", + "show": true, + "logBase": 1, + "min": "0", + "max": null, + "format": "short", + "$$hashKey": "object:193", + "decimals": 2 + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": true, + "min": false, + "max": false, + "current": true, + "total": false, + "avg": false, + "alignAsTable": true, + "rightSide": true + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 1 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [ + { + "value": 4500000000000, + "colorMode": "critical", + "op": "lt", + "fill": false, + "line": true, + "yaxis": "left", + "$$hashKey": "object:1299" + } + ], + "timeRegions": [], + "decimals": 2, + "fill": 0, + "timeFrom": null, + "timeShift": null, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false +} From d050bc02e2d69c5c82536b9bf7b7c0c02be1b32a Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 20 Jul 2021 16:29:49 -0400 Subject: [PATCH 138/266] dont show legend for docker uptime trend --- .../panels/uptime_docker_combined_trend_graph.json.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/panels/uptime_docker_combined_trend_graph.json.jinja b/salt/grafana/panels/uptime_docker_combined_trend_graph.json.jinja index ab1df19fe..25303038c 100644 --- a/salt/grafana/panels/uptime_docker_combined_trend_graph.json.jinja +++ b/salt/grafana/panels/uptime_docker_combined_trend_graph.json.jinja @@ -114,7 +114,7 @@ "spaceLength": 10, "pointradius": 2, "legend": { - "show": true, + "show": false, "values": true, "min": false, "max": false, From 3393b77535f2aa561a8bafb791a1ffcde640b870 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 08:54:26 -0400 Subject: [PATCH 139/266] add sensor dashboard --- salt/grafana/defaults.yaml | 352 ++++++++++++++++++ salt/grafana/init.sls | 2 +- salt/grafana/templates/servername_sensor.json | 24 ++ 3 files changed, 377 insertions(+), 1 deletion(-) create mode 100644 salt/grafana/templates/servername_sensor.json diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index f68f16ae0..72e5f0bc0 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -459,6 +459,358 @@ grafana: w: 24 + sensor: + templating: + list: + - servername_sensor + - containers + - manint + - monint + - cpucount + - disk + panels: + row_overview: + gridPos: + x: 0 + y: 0 + h: 1 + w: 24 + system_uptime: + gridPos: + x: 0 + y: 1 + h: 4 + w: 4 + load_average_5_minute_stat: + gridPos: + x: 4 + y: 1 + h: 4 + w: 4 + cpu_usage_guage: + gridPos: + x: 8 + y: 1 + h: 4 + w: 2 + ram_usage_guage: + gridPos: + x: 10 + y: 1 + h: 4 + w: 2 + swap_usage_guage: + gridPos: + x: 12 + y: 1 + h: 4 + w: 2 + rootfs_used_guage: + gridPos: + x: 14 + y: 1 + h: 4 + w: 2 + nsm_used_guage: + gridPos: + x: 16 + y: 1 + h: 4 + w: 2 + pcap_retention_stat: + gridPos: + x: 18 + y: 1 + h: 4 + w: 2 + io_wait_stat: + gridPos: + x: 20 + y: 1 + h: 4 + w: 4 + monitor_interface_traffic_stat: + gridPos: + x: 8 + y: 5 + h: 4 + w: 4 + zeek_packet_loss_stat: + gridPos: + x: 12 + y: 5 + h: 4 + w: 4 + suricata_packet_loss_stat: + gridPos: + x: 16 + y: 5 + h: 4 + w: 4 + stenographer_packet_loss_stat: + gridPos: + x: 20 + y: 5 + h: 4 + w: 4 + + row_cpu: + gridPos: + x: 0 + y: 9 + h: 1 + w: 24 + cpu_usage_tasks_graph: + gridPos: + x: 0 + y: 10 + h: 8 + w: 24 + load_averages_graph: + gridPos: + x: 0 + y: 18 + h: 8 + w: 12 + process_status_graph: + gridPos: + x: 12 + y: 18 + h: 8 + w: 12 + + row_memory: + gridPos: + x: 0 + y: 26 + h: 1 + w: 24 + memory_usage_graph: + gridPos: + x: 0 + y: 27 + h: 8 + w: 24 + + row_swap: + gridPos: + x: 0 + y: 35 + h: 1 + w: 24 + swap_io_bytes_graph: + gridPos: + x: 0 + y: 36 + h: 8 + w: 12 + swap_usage_bytes_graph: + gridPos: + x: 12 + y: 36 + h: 8 + w: 12 + + row_network: + gridPos: + x: 0 + y: 44 + h: 1 + w: 24 + management_traffic_graph: + gridPos: + x: 0 + y: 45 + h: 8 + w: 24 + management_interface_packets_graph: + gridPos: + x: 0 + y: 53 + h: 8 + w: 12 + management_interface_drops_graph: + gridPos: + x: 12 + y: 53 + h: 8 + w: 12 + monitor_traffic_graph: + gridPos: + x: 0 + y: 61 + h: 8 + w: 24 + monitor_interface_packets_graph: + gridPos: + x: 0 + y: 69 + h: 8 + w: 12 + monitor_interface_drops_graph: + gridPos: + x: 12 + y: 69 + h: 8 + w: 12 + + row_disk_usage: + gridPos: + x: 0 + y: 77 + h: 1 + w: 24 + disk_usage_root_graph: + gridPos: + x: 0 + y: 78 + h: 8 + w: 12 + disk_usage_nsm_graph: + gridPos: + x: 12 + y: 78 + h: 8 + w: 12 + + row_disk_iops: + gridPos: + x: 0 + y: 86 + h: 1 + w: 24 + disk_io_requests_graph: + gridPos: + x: 0 + y: 87 + h: 8 + w: 8 + disk_io_bytes_graph: + gridPos: + x: 8 + y: 87 + h: 8 + w: 8 + disk_io_time_graph: + gridPos: + x: 16 + y: 87 + h: 8 + w: 8 + + row_docker_details: + gridPos: + x: 0 + y: 95 + h: 1 + w: 24 + cpu_docker_combined_current_graph: + gridPos: + x: 0 + y: 96 + h: 8 + w: 24 + cpu_docker_combined_trend_graph: + gridPos: + x: 0 + y: 104 + h: 8 + w: 24 + memory_used_docker_combined_current_graph: + gridPos: + x: 0 + y: 112 + h: 8 + w: 24 + memory_used_docker_combined_trend_graph: + gridPos: + x: 0 + y: 120 + h: 8 + w: 24 + network_usage_docker_combined_current_graph: + gridPos: + x: 0 + y: 128 + h: 8 + w: 24 + network_usage_docker_combined_trend_graph: + gridPos: + x: 0 + y: 136 + h: 8 + w: 24 + uptime_docker_combined_current_graph: + gridPos: + x: 0 + y: 144 + h: 8 + w: 12 + uptime_docker_combined_trend_graph: + gridPos: + x: 12 + y: 144 + h: 8 + w: 12 + + row_zeek: + gridPos: + x: 0 + y: 152 + h: 1 + w: 24 + zeek_packet_loss_graph: + gridPos: + x: 0 + y: 153 + h: 8 + w: 10 + zeek_capture_loss_graph: + gridPos: + x: 10 + y: 153 + h: 8 + w: 10 + zeek_restarts_healthcheck_stat: + gridPos: + x: 20 + y: 153 + h: 8 + w: 4 + + row_suricata: + gridPos: + x: 0 + y: 161 + h: 1 + w: 24 + suricata_packet_loss_graph: + gridPos: + x: 0 + y: 162 + h: 8 + w: 24 + + row_stenographer: + gridPos: + x: 0 + y: 170 + h: 1 + w: 24 + stenographer_packet_loss_graph: + gridPos: + x: 0 + y: 171 + h: 8 + w: 16 + stenographer_pcap_retention_graph: + gridPos: + x: 16 + y: 171 + h: 8 + w: 8 + + heavynode: templating: list: diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index f4dab1a56..4b47504c0 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -14,7 +14,7 @@ {% set nodeTypes = ['eval'] %} {% else %} {#% set nodeTypes = ['standalone', 'manager', 'managersearch', 'sensortab', 'searchnode'] %#} - {% set nodeTypes = ['standalone', 'heavynode'] %} + {% set nodeTypes = ['standalone', 'heavynode', 'sensor'] %} {% endif %} {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] or (grains.role == 'so-eval' and GRAFANA == 1) %} diff --git a/salt/grafana/templates/servername_sensor.json b/salt/grafana/templates/servername_sensor.json new file mode 100644 index 000000000..e740ba96d --- /dev/null +++ b/salt/grafana/templates/servername_sensor.json @@ -0,0 +1,24 @@ +{ + "allValue": null, + "current": {}, + "datasource": "InfluxDB", + "definition": "show tag values with key=\"host\" where \"role\" = 'sensor'", + "description": "", + "error": null, + "hide": 0, + "includeAll": false, + "label": "Node", + "multi": false, + "name": "servername", + "options": [], + "query": "show tag values with key=\"host\" where \"role\" = 'sensor'", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } From 0c4c59375d2fc334a6a79de28fb680c28782f1cd Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 09:11:39 -0400 Subject: [PATCH 140/266] sort container uptime ascending --- .../panels/uptime_docker_combined_current_graph.json.jinja | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/grafana/panels/uptime_docker_combined_current_graph.json.jinja b/salt/grafana/panels/uptime_docker_combined_current_graph.json.jinja index 509072c9b..15a10fae6 100644 --- a/salt/grafana/panels/uptime_docker_combined_current_graph.json.jinja +++ b/salt/grafana/panels/uptime_docker_combined_current_graph.json.jinja @@ -121,6 +121,8 @@ "min": false, "max": false, "current": true, + "sort": "current", + "sortDesc": false, "total": false, "avg": false, "alignAsTable": true, From 1fee4e87c4ca1bb9fa36d87b1886c8c4ae73bf94 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 09:51:49 -0400 Subject: [PATCH 141/266] add searchnode dashboard --- salt/grafana/defaults.yaml | 388 ++++++++++++++++++ salt/grafana/init.sls | 2 +- .../templates/servername_searchnode.json | 24 ++ 3 files changed, 413 insertions(+), 1 deletion(-) create mode 100644 salt/grafana/templates/servername_searchnode.json diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 72e5f0bc0..5e3a11853 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -810,6 +810,394 @@ grafana: h: 8 w: 8 + searchnode: + templating: + list: + - servername_searchnode + - containers + - manint + - monint + - cpucount + - disk + panels: + row_overview: + gridPos: + x: 0 + y: 0 + h: 1 + w: 24 + system_uptime: + gridPos: + x: 0 + y: 1 + h: 4 + w: 4 + load_average_5_minute_stat: + gridPos: + x: 4 + y: 1 + h: 4 + w: 4 + cpu_usage_guage: + gridPos: + x: 8 + y: 1 + h: 4 + w: 2 + ram_usage_guage: + gridPos: + x: 10 + y: 1 + h: 4 + w: 2 + swap_usage_guage: + gridPos: + x: 12 + y: 1 + h: 4 + w: 2 + rootfs_used_guage: + gridPos: + x: 14 + y: 1 + h: 4 + w: 2 + nsm_used_guage: + gridPos: + x: 16 + y: 1 + h: 4 + w: 2 + pcap_retention_stat: + gridPos: + x: 18 + y: 1 + h: 4 + w: 2 + io_wait_stat: + gridPos: + x: 20 + y: 1 + h: 4 + w: 4 + logstash_estimated_eps_stat: + gridPos: + x: 0 + y: 5 + h: 4 + w: 4 + redis_queue_stat: + gridPos: + x: 4 + y: 5 + h: 4 + w: 4 + monitor_interface_traffic_stat: + gridPos: + x: 8 + y: 5 + h: 4 + w: 4 + zeek_packet_loss_stat: + gridPos: + x: 12 + y: 5 + h: 4 + w: 4 + suricata_packet_loss_stat: + gridPos: + x: 16 + y: 5 + h: 4 + w: 4 + stenographer_packet_loss_stat: + gridPos: + x: 20 + y: 5 + h: 4 + w: 4 + + row_cpu: + gridPos: + x: 0 + y: 9 + h: 1 + w: 24 + cpu_usage_tasks_graph: + gridPos: + x: 0 + y: 10 + h: 8 + w: 24 + load_averages_graph: + gridPos: + x: 0 + y: 18 + h: 8 + w: 12 + process_status_graph: + gridPos: + x: 12 + y: 18 + h: 8 + w: 12 + + row_memory: + gridPos: + x: 0 + y: 26 + h: 1 + w: 24 + memory_usage_graph: + gridPos: + x: 0 + y: 27 + h: 8 + w: 24 + + row_swap: + gridPos: + x: 0 + y: 35 + h: 1 + w: 24 + swap_io_bytes_graph: + gridPos: + x: 0 + y: 36 + h: 8 + w: 12 + swap_usage_bytes_graph: + gridPos: + x: 12 + y: 36 + h: 8 + w: 12 + + row_network: + gridPos: + x: 0 + y: 44 + h: 1 + w: 24 + management_traffic_graph: + gridPos: + x: 0 + y: 45 + h: 8 + w: 24 + management_interface_packets_graph: + gridPos: + x: 0 + y: 53 + h: 8 + w: 12 + management_interface_drops_graph: + gridPos: + x: 12 + y: 53 + h: 8 + w: 12 + monitor_traffic_graph: + gridPos: + x: 0 + y: 61 + h: 8 + w: 24 + monitor_interface_packets_graph: + gridPos: + x: 0 + y: 69 + h: 8 + w: 12 + monitor_interface_drops_graph: + gridPos: + x: 12 + y: 69 + h: 8 + w: 12 + + row_disk_usage: + gridPos: + x: 0 + y: 77 + h: 1 + w: 24 + disk_usage_root_graph: + gridPos: + x: 0 + y: 78 + h: 8 + w: 12 + disk_usage_nsm_graph: + gridPos: + x: 12 + y: 78 + h: 8 + w: 12 + + row_disk_iops: + gridPos: + x: 0 + y: 86 + h: 1 + w: 24 + disk_io_requests_graph: + gridPos: + x: 0 + y: 87 + h: 8 + w: 8 + disk_io_bytes_graph: + gridPos: + x: 8 + y: 87 + h: 8 + w: 8 + disk_io_time_graph: + gridPos: + x: 16 + y: 87 + h: 8 + w: 8 + + row_docker_details: + gridPos: + x: 0 + y: 95 + h: 1 + w: 24 + cpu_docker_combined_current_graph: + gridPos: + x: 0 + y: 96 + h: 8 + w: 24 + cpu_docker_combined_trend_graph: + gridPos: + x: 0 + y: 104 + h: 8 + w: 24 + memory_used_docker_combined_current_graph: + gridPos: + x: 0 + y: 112 + h: 8 + w: 24 + memory_used_docker_combined_trend_graph: + gridPos: + x: 0 + y: 120 + h: 8 + w: 24 + network_usage_docker_combined_current_graph: + gridPos: + x: 0 + y: 128 + h: 8 + w: 24 + network_usage_docker_combined_trend_graph: + gridPos: + x: 0 + y: 136 + h: 8 + w: 24 + uptime_docker_combined_current_graph: + gridPos: + x: 0 + y: 144 + h: 8 + w: 12 + uptime_docker_combined_trend_graph: + gridPos: + x: 12 + y: 144 + h: 8 + w: 12 + + row_logstash: + gridPos: + x: 0 + y: 152 + h: 1 + w: 24 + logstash_estimated_eps_graph: + gridPos: + x: 0 + y: 153 + h: 8 + w: 24 + + row_redis: + gridPos: + x: 0 + y: 161 + h: 1 + w: 24 + redis_queue_graph: + gridPos: + x: 0 + y: 162 + h: 8 + w: 24 + + row_zeek: + gridPos: + x: 0 + y: 170 + h: 1 + w: 24 + zeek_packet_loss_graph: + gridPos: + x: 0 + y: 171 + h: 8 + w: 10 + zeek_capture_loss_graph: + gridPos: + x: 10 + y: 171 + h: 8 + w: 10 + zeek_restarts_healthcheck_stat: + gridPos: + x: 20 + y: 171 + h: 8 + w: 4 + + row_suricata: + gridPos: + x: 0 + y: 179 + h: 1 + w: 24 + suricata_packet_loss_graph: + gridPos: + x: 0 + y: 180 + h: 8 + w: 24 + + row_stenographer: + gridPos: + x: 0 + y: 188 + h: 1 + w: 24 + stenographer_packet_loss_graph: + gridPos: + x: 0 + y: 189 + h: 8 + w: 16 + stenographer_pcap_retention_graph: + gridPos: + x: 16 + y: 189 + h: 8 + w: 8 heavynode: templating: diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 4b47504c0..118290e58 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -14,7 +14,7 @@ {% set nodeTypes = ['eval'] %} {% else %} {#% set nodeTypes = ['standalone', 'manager', 'managersearch', 'sensortab', 'searchnode'] %#} - {% set nodeTypes = ['standalone', 'heavynode', 'sensor'] %} + {% set nodeTypes = ['standalone', 'sensor', 'searchnode', 'heavynode'] %} {% endif %} {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] or (grains.role == 'so-eval' and GRAFANA == 1) %} diff --git a/salt/grafana/templates/servername_searchnode.json b/salt/grafana/templates/servername_searchnode.json new file mode 100644 index 000000000..4660e1b50 --- /dev/null +++ b/salt/grafana/templates/servername_searchnode.json @@ -0,0 +1,24 @@ +{ + "allValue": null, + "current": {}, + "datasource": "InfluxDB", + "definition": "show tag values with key=\"host\" where \"role\" = 'searchnode'", + "description": "", + "error": null, + "hide": 0, + "includeAll": false, + "label": "Node", + "multi": false, + "name": "servername", + "options": [], + "query": "show tag values with key=\"host\" where \"role\" = 'searchnode'", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } From e3e74a84f2e276abcf835d34e9eccf18690ed872 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 10:00:14 -0400 Subject: [PATCH 142/266] test sort tooltip descending --- .../panels/cpu_docker_combined_current_graph.json.jinja | 2 +- salt/grafana/panels/cpu_usage_tasks_graph.json.jinja | 4 ++-- salt/grafana/panels/process_status_graph.json.jinja | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/grafana/panels/cpu_docker_combined_current_graph.json.jinja b/salt/grafana/panels/cpu_docker_combined_current_graph.json.jinja index 3df0bd9ad..61d2d3edc 100644 --- a/salt/grafana/panels/cpu_docker_combined_current_graph.json.jinja +++ b/salt/grafana/panels/cpu_docker_combined_current_graph.json.jinja @@ -135,7 +135,7 @@ "tooltip": { "value_type": "individual", "shared": true, - "sort": 0 + "sort": 2 }, "aliasColors": {}, "seriesOverrides": [], diff --git a/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja index 555ffc968..9f51d6648 100644 --- a/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja @@ -11,7 +11,7 @@ "x": {{ PANELS.cpu_usage_tasks_graph.gridPos.x }}, "y": {{ PANELS.cpu_usage_tasks_graph.gridPos.y }}, "w": {{ PANELS.cpu_usage_tasks_graph.gridPos.w }}, - "h": {{ PANELS.cpu_usage_tasks_graph .gridPos.h }} + "h": {{ PANELS.cpu_usage_tasks_graph.gridPos.h }} }, "id": 61871, "legend": { @@ -132,7 +132,7 @@ "title": "CPU Usage", "tooltip": { "shared": true, - "sort": 0, + "sort": 2, "value_type": "individual" }, "type": "graph", diff --git a/salt/grafana/panels/process_status_graph.json.jinja b/salt/grafana/panels/process_status_graph.json.jinja index 480be1902..3480c08b9 100644 --- a/salt/grafana/panels/process_status_graph.json.jinja +++ b/salt/grafana/panels/process_status_graph.json.jinja @@ -153,7 +153,7 @@ "tooltip": { "msResolution": false, "shared": true, - "sort": 0, + "sort": 2, "value_type": "individual" }, "type": "graph", From 761108964e3c2fa4eb35b15276f7824bfacd137a Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 10:05:43 -0400 Subject: [PATCH 143/266] remove panels from searchnode dashboard --- salt/grafana/defaults.yaml | 104 ------------------------------------- 1 file changed, 104 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 5e3a11853..9630b1c5f 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -868,12 +868,6 @@ grafana: y: 1 h: 4 w: 2 - pcap_retention_stat: - gridPos: - x: 18 - y: 1 - h: 4 - w: 2 io_wait_stat: gridPos: x: 20 @@ -892,30 +886,6 @@ grafana: y: 5 h: 4 w: 4 - monitor_interface_traffic_stat: - gridPos: - x: 8 - y: 5 - h: 4 - w: 4 - zeek_packet_loss_stat: - gridPos: - x: 12 - y: 5 - h: 4 - w: 4 - suricata_packet_loss_stat: - gridPos: - x: 16 - y: 5 - h: 4 - w: 4 - stenographer_packet_loss_stat: - gridPos: - x: 20 - y: 5 - h: 4 - w: 4 row_cpu: gridPos: @@ -998,24 +968,6 @@ grafana: y: 53 h: 8 w: 12 - monitor_traffic_graph: - gridPos: - x: 0 - y: 61 - h: 8 - w: 24 - monitor_interface_packets_graph: - gridPos: - x: 0 - y: 69 - h: 8 - w: 12 - monitor_interface_drops_graph: - gridPos: - x: 12 - y: 69 - h: 8 - w: 12 row_disk_usage: gridPos: @@ -1142,62 +1094,6 @@ grafana: h: 8 w: 24 - row_zeek: - gridPos: - x: 0 - y: 170 - h: 1 - w: 24 - zeek_packet_loss_graph: - gridPos: - x: 0 - y: 171 - h: 8 - w: 10 - zeek_capture_loss_graph: - gridPos: - x: 10 - y: 171 - h: 8 - w: 10 - zeek_restarts_healthcheck_stat: - gridPos: - x: 20 - y: 171 - h: 8 - w: 4 - - row_suricata: - gridPos: - x: 0 - y: 179 - h: 1 - w: 24 - suricata_packet_loss_graph: - gridPos: - x: 0 - y: 180 - h: 8 - w: 24 - - row_stenographer: - gridPos: - x: 0 - y: 188 - h: 1 - w: 24 - stenographer_packet_loss_graph: - gridPos: - x: 0 - y: 189 - h: 8 - w: 16 - stenographer_pcap_retention_graph: - gridPos: - x: 16 - y: 189 - h: 8 - w: 8 heavynode: templating: From 6809c3a9f6a0a650fb6177a7d73b2dbc1f382f8f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 10:13:43 -0400 Subject: [PATCH 144/266] add mastersearch dashboard --- salt/grafana/defaults.yaml | 329 ++++++++++++++++++ .../templates/servername_mastersearch.json | 24 ++ 2 files changed, 353 insertions(+) create mode 100644 salt/grafana/templates/servername_mastersearch.json diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 9630b1c5f..02a7e0576 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -445,6 +445,335 @@ grafana: h: 8 w: 8 + row_influxdb: + gridPos: + x: 0 + y: 214 + h: 1 + w: 24 + influxdb_db_size_graph: + gridPos: + x: 0 + y: 214 + h: 8 + w: 24 + + + mastersearch: + templating: + list: + - servername_mastersearch + - containers + - manint + - monint + - cpucount + - disk + panels: + row_overview: + gridPos: + x: 0 + y: 0 + h: 1 + w: 24 + system_uptime: + gridPos: + x: 0 + y: 1 + h: 4 + w: 4 + load_average_5_minute_stat: + gridPos: + x: 4 + y: 1 + h: 4 + w: 4 + cpu_usage_guage: + gridPos: + x: 8 + y: 1 + h: 4 + w: 2 + ram_usage_guage: + gridPos: + x: 10 + y: 1 + h: 4 + w: 2 + swap_usage_guage: + gridPos: + x: 12 + y: 1 + h: 4 + w: 2 + rootfs_used_guage: + gridPos: + x: 14 + y: 1 + h: 4 + w: 2 + nsm_used_guage: + gridPos: + x: 16 + y: 1 + h: 4 + w: 2 + io_wait_stat: + gridPos: + x: 20 + y: 1 + h: 4 + w: 4 + logstash_estimated_eps_stat: + gridPos: + x: 0 + y: 5 + h: 4 + w: 4 + redis_queue_stat: + gridPos: + x: 4 + y: 5 + h: 4 + w: 4 + + row_cpu: + gridPos: + x: 0 + y: 9 + h: 1 + w: 24 + cpu_usage_tasks_graph: + gridPos: + x: 0 + y: 10 + h: 8 + w: 24 + load_averages_graph: + gridPos: + x: 0 + y: 18 + h: 8 + w: 12 + process_status_graph: + gridPos: + x: 12 + y: 18 + h: 8 + w: 12 + + row_memory: + gridPos: + x: 0 + y: 26 + h: 1 + w: 24 + memory_usage_graph: + gridPos: + x: 0 + y: 27 + h: 8 + w: 24 + + row_swap: + gridPos: + x: 0 + y: 35 + h: 1 + w: 24 + swap_io_bytes_graph: + gridPos: + x: 0 + y: 36 + h: 8 + w: 12 + swap_usage_bytes_graph: + gridPos: + x: 12 + y: 36 + h: 8 + w: 12 + + row_network: + gridPos: + x: 0 + y: 44 + h: 1 + w: 24 + management_traffic_graph: + gridPos: + x: 0 + y: 45 + h: 8 + w: 24 + management_interface_packets_graph: + gridPos: + x: 0 + y: 53 + h: 8 + w: 12 + management_interface_drops_graph: + gridPos: + x: 12 + y: 53 + h: 8 + w: 12 + + row_disk_usage: + gridPos: + x: 0 + y: 77 + h: 1 + w: 24 + disk_usage_root_graph: + gridPos: + x: 0 + y: 78 + h: 8 + w: 12 + disk_usage_nsm_graph: + gridPos: + x: 12 + y: 78 + h: 8 + w: 12 + + row_disk_iops: + gridPos: + x: 0 + y: 86 + h: 1 + w: 24 + disk_io_requests_graph: + gridPos: + x: 0 + y: 87 + h: 8 + w: 8 + disk_io_bytes_graph: + gridPos: + x: 8 + y: 87 + h: 8 + w: 8 + disk_io_time_graph: + gridPos: + x: 16 + y: 87 + h: 8 + w: 8 + + row_docker_details: + gridPos: + x: 0 + y: 95 + h: 1 + w: 24 + cpu_docker_combined_current_graph: + gridPos: + x: 0 + y: 96 + h: 8 + w: 24 + cpu_docker_combined_trend_graph: + gridPos: + x: 0 + y: 104 + h: 8 + w: 24 + memory_used_docker_combined_current_graph: + gridPos: + x: 0 + y: 112 + h: 8 + w: 24 + memory_used_docker_combined_trend_graph: + gridPos: + x: 0 + y: 120 + h: 8 + w: 24 + network_usage_docker_combined_current_graph: + gridPos: + x: 0 + y: 128 + h: 8 + w: 24 + network_usage_docker_combined_trend_graph: + gridPos: + x: 0 + y: 136 + h: 8 + w: 24 + uptime_docker_combined_current_graph: + gridPos: + x: 0 + y: 144 + h: 8 + w: 12 + uptime_docker_combined_trend_graph: + gridPos: + x: 12 + y: 144 + h: 8 + w: 12 + + row_logstash: + gridPos: + x: 0 + y: 152 + h: 1 + w: 24 + logstash_estimated_eps_graph: + gridPos: + x: 0 + y: 153 + h: 8 + w: 24 + + row_elasticsearch: + gridPos: + x: 0 + y: 161 + h: 1 + w: 24 + elasticsearch_document_count_graph: + gridPos: + x: 0 + y: 162 + h: 8 + w: 12 + elasticsearch_thread_count_graph: + gridPos: + x: 12 + y: 162 + h: 8 + w: 12 + elasticsearch_store_size_graph: + gridPos: + x: 0 + y: 170 + h: 8 + w: 12 + elasticsearch_field_data_cache_size_graph: + gridPos: + x: 12 + y: 170 + h: 8 + w: 12 + + row_redis: + gridPos: + x: 0 + y: 178 + h: 1 + w: 24 + redis_queue_graph: + gridPos: + x: 0 + y: 179 + h: 8 + w: 24 + row_influxdb: gridPos: x: 0 diff --git a/salt/grafana/templates/servername_mastersearch.json b/salt/grafana/templates/servername_mastersearch.json new file mode 100644 index 000000000..2d1486038 --- /dev/null +++ b/salt/grafana/templates/servername_mastersearch.json @@ -0,0 +1,24 @@ +{ + "allValue": null, + "current": {}, + "datasource": "InfluxDB", + "definition": "show tag values with key=\"host\" where \"role\" = 'heavynode'", + "description": "", + "error": null, + "hide": 0, + "includeAll": false, + "label": "Node", + "multi": false, + "name": "servername", + "options": [], + "query": "show tag values with key=\"host\" where \"role\" = 'heavynode'", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } From 5ea8c978a05d27228c3db5a446722585cf34fa27 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 10:16:40 -0400 Subject: [PATCH 145/266] add managersearch --- salt/grafana/defaults.yaml | 4 ++-- salt/grafana/init.sls | 2 +- ...ername_mastersearch.json => servername_managersearch.json} | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) rename salt/grafana/templates/{servername_mastersearch.json => servername_managersearch.json} (92%) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 02a7e0576..1d279491f 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -459,10 +459,10 @@ grafana: w: 24 - mastersearch: + managersearch: templating: list: - - servername_mastersearch + - servername_managersearch - containers - manint - monint diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 118290e58..4cbb5c9ac 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -14,7 +14,7 @@ {% set nodeTypes = ['eval'] %} {% else %} {#% set nodeTypes = ['standalone', 'manager', 'managersearch', 'sensortab', 'searchnode'] %#} - {% set nodeTypes = ['standalone', 'sensor', 'searchnode', 'heavynode'] %} + {% set nodeTypes = ['standalone', 'sensor', 'searchnode', , 'managersearch', 'heavynode'] %} {% endif %} {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] or (grains.role == 'so-eval' and GRAFANA == 1) %} diff --git a/salt/grafana/templates/servername_mastersearch.json b/salt/grafana/templates/servername_managersearch.json similarity index 92% rename from salt/grafana/templates/servername_mastersearch.json rename to salt/grafana/templates/servername_managersearch.json index 2d1486038..6024c69f5 100644 --- a/salt/grafana/templates/servername_mastersearch.json +++ b/salt/grafana/templates/servername_managersearch.json @@ -2,7 +2,7 @@ "allValue": null, "current": {}, "datasource": "InfluxDB", - "definition": "show tag values with key=\"host\" where \"role\" = 'heavynode'", + "definition": "show tag values with key=\"host\" where \"role\" = 'managersearch'", "description": "", "error": null, "hide": 0, @@ -11,7 +11,7 @@ "multi": false, "name": "servername", "options": [], - "query": "show tag values with key=\"host\" where \"role\" = 'heavynode'", + "query": "show tag values with key=\"host\" where \"role\" = 'managersearch'", "refresh": 1, "regex": "", "skipUrlSync": false, From 9d06aff1d17963bbe332101d3b82dde03731cd00 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 10:23:39 -0400 Subject: [PATCH 146/266] add manager dashboard --- salt/grafana/defaults.yaml | 329 ++++++++++++++++++ salt/grafana/init.sls | 2 +- .../grafana/templates/servername_manager.json | 24 ++ 3 files changed, 354 insertions(+), 1 deletion(-) create mode 100644 salt/grafana/templates/servername_manager.json diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 1d279491f..8d51a4a00 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -459,6 +459,335 @@ grafana: w: 24 + manager: + templating: + list: + - servername_manager + - containers + - manint + - monint + - cpucount + - disk + panels: + row_overview: + gridPos: + x: 0 + y: 0 + h: 1 + w: 24 + system_uptime: + gridPos: + x: 0 + y: 1 + h: 4 + w: 4 + load_average_5_minute_stat: + gridPos: + x: 4 + y: 1 + h: 4 + w: 4 + cpu_usage_guage: + gridPos: + x: 8 + y: 1 + h: 4 + w: 2 + ram_usage_guage: + gridPos: + x: 10 + y: 1 + h: 4 + w: 2 + swap_usage_guage: + gridPos: + x: 12 + y: 1 + h: 4 + w: 2 + rootfs_used_guage: + gridPos: + x: 14 + y: 1 + h: 4 + w: 2 + nsm_used_guage: + gridPos: + x: 16 + y: 1 + h: 4 + w: 2 + io_wait_stat: + gridPos: + x: 20 + y: 1 + h: 4 + w: 4 + logstash_estimated_eps_stat: + gridPos: + x: 0 + y: 5 + h: 4 + w: 4 + redis_queue_stat: + gridPos: + x: 4 + y: 5 + h: 4 + w: 4 + + row_cpu: + gridPos: + x: 0 + y: 9 + h: 1 + w: 24 + cpu_usage_tasks_graph: + gridPos: + x: 0 + y: 10 + h: 8 + w: 24 + load_averages_graph: + gridPos: + x: 0 + y: 18 + h: 8 + w: 12 + process_status_graph: + gridPos: + x: 12 + y: 18 + h: 8 + w: 12 + + row_memory: + gridPos: + x: 0 + y: 26 + h: 1 + w: 24 + memory_usage_graph: + gridPos: + x: 0 + y: 27 + h: 8 + w: 24 + + row_swap: + gridPos: + x: 0 + y: 35 + h: 1 + w: 24 + swap_io_bytes_graph: + gridPos: + x: 0 + y: 36 + h: 8 + w: 12 + swap_usage_bytes_graph: + gridPos: + x: 12 + y: 36 + h: 8 + w: 12 + + row_network: + gridPos: + x: 0 + y: 44 + h: 1 + w: 24 + management_traffic_graph: + gridPos: + x: 0 + y: 45 + h: 8 + w: 24 + management_interface_packets_graph: + gridPos: + x: 0 + y: 53 + h: 8 + w: 12 + management_interface_drops_graph: + gridPos: + x: 12 + y: 53 + h: 8 + w: 12 + + row_disk_usage: + gridPos: + x: 0 + y: 77 + h: 1 + w: 24 + disk_usage_root_graph: + gridPos: + x: 0 + y: 78 + h: 8 + w: 12 + disk_usage_nsm_graph: + gridPos: + x: 12 + y: 78 + h: 8 + w: 12 + + row_disk_iops: + gridPos: + x: 0 + y: 86 + h: 1 + w: 24 + disk_io_requests_graph: + gridPos: + x: 0 + y: 87 + h: 8 + w: 8 + disk_io_bytes_graph: + gridPos: + x: 8 + y: 87 + h: 8 + w: 8 + disk_io_time_graph: + gridPos: + x: 16 + y: 87 + h: 8 + w: 8 + + row_docker_details: + gridPos: + x: 0 + y: 95 + h: 1 + w: 24 + cpu_docker_combined_current_graph: + gridPos: + x: 0 + y: 96 + h: 8 + w: 24 + cpu_docker_combined_trend_graph: + gridPos: + x: 0 + y: 104 + h: 8 + w: 24 + memory_used_docker_combined_current_graph: + gridPos: + x: 0 + y: 112 + h: 8 + w: 24 + memory_used_docker_combined_trend_graph: + gridPos: + x: 0 + y: 120 + h: 8 + w: 24 + network_usage_docker_combined_current_graph: + gridPos: + x: 0 + y: 128 + h: 8 + w: 24 + network_usage_docker_combined_trend_graph: + gridPos: + x: 0 + y: 136 + h: 8 + w: 24 + uptime_docker_combined_current_graph: + gridPos: + x: 0 + y: 144 + h: 8 + w: 12 + uptime_docker_combined_trend_graph: + gridPos: + x: 12 + y: 144 + h: 8 + w: 12 + + row_logstash: + gridPos: + x: 0 + y: 152 + h: 1 + w: 24 + logstash_estimated_eps_graph: + gridPos: + x: 0 + y: 153 + h: 8 + w: 24 + + row_elasticsearch: + gridPos: + x: 0 + y: 161 + h: 1 + w: 24 + elasticsearch_document_count_graph: + gridPos: + x: 0 + y: 162 + h: 8 + w: 12 + elasticsearch_thread_count_graph: + gridPos: + x: 12 + y: 162 + h: 8 + w: 12 + elasticsearch_store_size_graph: + gridPos: + x: 0 + y: 170 + h: 8 + w: 12 + elasticsearch_field_data_cache_size_graph: + gridPos: + x: 12 + y: 170 + h: 8 + w: 12 + + row_redis: + gridPos: + x: 0 + y: 178 + h: 1 + w: 24 + redis_queue_graph: + gridPos: + x: 0 + y: 179 + h: 8 + w: 24 + + row_influxdb: + gridPos: + x: 0 + y: 214 + h: 1 + w: 24 + influxdb_db_size_graph: + gridPos: + x: 0 + y: 214 + h: 8 + w: 24 + + managersearch: templating: list: diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 4cbb5c9ac..585aeeb3a 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -14,7 +14,7 @@ {% set nodeTypes = ['eval'] %} {% else %} {#% set nodeTypes = ['standalone', 'manager', 'managersearch', 'sensortab', 'searchnode'] %#} - {% set nodeTypes = ['standalone', 'sensor', 'searchnode', , 'managersearch', 'heavynode'] %} + {% set nodeTypes = ['standalone', 'sensor', 'searchnode', 'manager', 'managersearch', 'heavynode'] %} {% endif %} {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] or (grains.role == 'so-eval' and GRAFANA == 1) %} diff --git a/salt/grafana/templates/servername_manager.json b/salt/grafana/templates/servername_manager.json new file mode 100644 index 000000000..8f688093d --- /dev/null +++ b/salt/grafana/templates/servername_manager.json @@ -0,0 +1,24 @@ +{ + "allValue": null, + "current": {}, + "datasource": "InfluxDB", + "definition": "show tag values with key=\"host\" where \"role\" = 'manager'", + "description": "", + "error": null, + "hide": 0, + "includeAll": false, + "label": "Node", + "multi": false, + "name": "servername", + "options": [], + "query": "show tag values with key=\"host\" where \"role\" = 'manager'", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } From 47d82b3d35e56f0fe7bb53d03b31ecf08a3da14f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 10:36:07 -0400 Subject: [PATCH 147/266] sort desc remaining tooltips --- salt/grafana/panels/cpu_docker_combined_trend_graph.json.jinja | 2 +- .../panels/memory_used_docker_combined_current_graph.json.jinja | 2 +- .../panels/memory_used_docker_combined_trend_graph.json.jinja | 2 +- .../network_usage_docker_combined_current_graph.json.jinja | 2 +- .../panels/network_usage_docker_combined_trend_graph.json.jinja | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/salt/grafana/panels/cpu_docker_combined_trend_graph.json.jinja b/salt/grafana/panels/cpu_docker_combined_trend_graph.json.jinja index f295bfe03..f8ddce1c1 100644 --- a/salt/grafana/panels/cpu_docker_combined_trend_graph.json.jinja +++ b/salt/grafana/panels/cpu_docker_combined_trend_graph.json.jinja @@ -135,7 +135,7 @@ "tooltip": { "value_type": "individual", "shared": true, - "sort": 0 + "sort": 2 }, "aliasColors": {}, "seriesOverrides": [], diff --git a/salt/grafana/panels/memory_used_docker_combined_current_graph.json.jinja b/salt/grafana/panels/memory_used_docker_combined_current_graph.json.jinja index 5a77123ed..ada18f612 100644 --- a/salt/grafana/panels/memory_used_docker_combined_current_graph.json.jinja +++ b/salt/grafana/panels/memory_used_docker_combined_current_graph.json.jinja @@ -129,7 +129,7 @@ "tooltip": { "value_type": "individual", "shared": true, - "sort": 0 + "sort": 2 }, "aliasColors": {}, "seriesOverrides": [], diff --git a/salt/grafana/panels/memory_used_docker_combined_trend_graph.json.jinja b/salt/grafana/panels/memory_used_docker_combined_trend_graph.json.jinja index 41688a197..f97eb8450 100644 --- a/salt/grafana/panels/memory_used_docker_combined_trend_graph.json.jinja +++ b/salt/grafana/panels/memory_used_docker_combined_trend_graph.json.jinja @@ -129,7 +129,7 @@ "tooltip": { "value_type": "individual", "shared": true, - "sort": 0 + "sort": 2 }, "aliasColors": {}, "seriesOverrides": [], diff --git a/salt/grafana/panels/network_usage_docker_combined_current_graph.json.jinja b/salt/grafana/panels/network_usage_docker_combined_current_graph.json.jinja index f90b03f97..97055b54b 100644 --- a/salt/grafana/panels/network_usage_docker_combined_current_graph.json.jinja +++ b/salt/grafana/panels/network_usage_docker_combined_current_graph.json.jinja @@ -181,7 +181,7 @@ "title": "Container Network Usage Current", "tooltip": { "shared": true, - "sort": 0, + "sort": 2, "value_type": "individual" }, "type": "graph", diff --git a/salt/grafana/panels/network_usage_docker_combined_trend_graph.json.jinja b/salt/grafana/panels/network_usage_docker_combined_trend_graph.json.jinja index 498d45857..2a3860d9f 100644 --- a/salt/grafana/panels/network_usage_docker_combined_trend_graph.json.jinja +++ b/salt/grafana/panels/network_usage_docker_combined_trend_graph.json.jinja @@ -181,7 +181,7 @@ "title": "Container Network Usage Trend", "tooltip": { "shared": true, - "sort": 0, + "sort": 2, "value_type": "individual" }, "type": "graph", From f4d3e13c7f3e2265e24814e6b656bdc57fca4f63 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 11:26:02 -0400 Subject: [PATCH 148/266] begin overview dashboard --- .../dashboards/common_template.json.jinja | 4 +- salt/grafana/defaults.yaml | 23 +++ salt/grafana/init.sls | 3 +- .../panels/cpu_usage_current_graph.json.jinja | 160 ++++++++++++++++++ salt/grafana/templates/servername_all.json | 24 +++ 5 files changed, 210 insertions(+), 4 deletions(-) create mode 100644 salt/grafana/panels/cpu_usage_current_graph.json.jinja create mode 100644 salt/grafana/templates/servername_all.json diff --git a/salt/grafana/dashboards/common_template.json.jinja b/salt/grafana/dashboards/common_template.json.jinja index 2ce023781..c03707ad5 100644 --- a/salt/grafana/dashboards/common_template.json.jinja +++ b/salt/grafana/dashboards/common_template.json.jinja @@ -54,8 +54,8 @@ }, "timezone": "browser", "title": "Detailed {{ NODETYPE }}", - {% if NODETYPE | lower in 'standalone' %} - "uid": "{{ UID }}", + {% if NODETYPE | lower in 'overview' %} + "uid": "so_overview", {% endif %} "version": 1 } diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 8d51a4a00..26bf799e1 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -25,6 +25,29 @@ grafana: # enterprise: # license_path: /opt/so/conf/grafana/etc/files/license.jwt dashboards: + overview: + templating: + list: + - servername_all + - containers + - manint + - monint + - cpucount + - disk + panels: + row_cpu: + gridPos: + x: 0 + y: 0 + h: 1 + w: 24 + cpu_usage_current_graph: + gridPos: + x: 0 + y: 1 + h: 8 + w: 24 + standalone: templating: list: diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 585aeeb3a..f43c63e13 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -14,7 +14,7 @@ {% set nodeTypes = ['eval'] %} {% else %} {#% set nodeTypes = ['standalone', 'manager', 'managersearch', 'sensortab', 'searchnode'] %#} - {% set nodeTypes = ['standalone', 'sensor', 'searchnode', 'manager', 'managersearch', 'heavynode'] %} + {% set nodeTypes = ['overview', 'standalone', 'sensor', 'searchnode', 'manager', 'managersearch', 'heavynode'] %} {% endif %} {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] or (grains.role == 'so-eval' and GRAFANA == 1) %} @@ -95,7 +95,6 @@ detailed-{{nodeType}}-dashboard: - template: jinja - source: salt://grafana/dashboards/common_template.json.jinja - defaults: - UID: so_overview PANELS: {{GRAFANA_SETTINGS.dashboards[nodeType].panels}} TEMPLATES: {{GRAFANA_SETTINGS.dashboards[nodeType].templating.list}} NODETYPE: {{ nodeType | capitalize }} diff --git a/salt/grafana/panels/cpu_usage_current_graph.json.jinja b/salt/grafana/panels/cpu_usage_current_graph.json.jinja new file mode 100644 index 000000000..ae3164fea --- /dev/null +++ b/salt/grafana/panels/cpu_usage_current_graph.json.jinja @@ -0,0 +1,160 @@ +{ + "type": "graph", + "title": "CPU Usage", + "gridPos": { + "x": {{ PANELS.cpu_usage_current_graph.gridPos.x }}, + "y": {{ PANELS.cpu_usage_current_graph.gridPos.y }}, + "w": {{ PANELS.cpu_usage_current_graph.gridPos.w }}, + "h": {{ PANELS.cpu_usage_current_graph.gridPos.h }} + }, + "id": 69001, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "usage_idle" + ] + }, + { + "type": "mean", + "params": [] + }, + { + "type": "math", + "params": [ + "*-1 + 100" + ] + } + ] + ], + "measurement": "cpu", + "alias": "$tag_host" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "unit": "percent" + }, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": "0", + "max": null, + "format": "percent", + "$$hashKey": "object:933" + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:934" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": true, + "min": false, + "max": true, + "current": true, + "sort": "current", + "sortDesc": false, + "total": false, + "avg": true, + "alignAsTable": true, + "rightSide": true + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 2 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "decimals": 1, + "fill": 0, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null, + "interval": "30", + "maxDataPoints": 750 +} diff --git a/salt/grafana/templates/servername_all.json b/salt/grafana/templates/servername_all.json new file mode 100644 index 000000000..806363ce0 --- /dev/null +++ b/salt/grafana/templates/servername_all.json @@ -0,0 +1,24 @@ +{ + "allValue": null, + "current": {}, + "datasource": "InfluxDB", + "definition": "show tag values with key=\"host\"", + "description": "", + "error": null, + "hide": 0, + "includeAll": false, + "label": "Node", + "multi": false, + "name": "servername", + "options": [], + "query": "show tag values with key=\"host\"", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } From a7551a44e5b50d7a191bba8a9cda144d25fa0012 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 11:29:30 -0400 Subject: [PATCH 149/266] allow multi and all on servername_all template var --- salt/grafana/templates/servername_all.json | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/salt/grafana/templates/servername_all.json b/salt/grafana/templates/servername_all.json index 806363ce0..c6c1c80f4 100644 --- a/salt/grafana/templates/servername_all.json +++ b/salt/grafana/templates/servername_all.json @@ -1,21 +1,26 @@ { "allValue": null, - "current": {}, + "current": { + "selected": true, + "tags": [], + "text": [], + "value": [] + }, "datasource": "InfluxDB", "definition": "show tag values with key=\"host\"", "description": "", "error": null, "hide": 0, - "includeAll": false, + "includeAll": true, "label": "Node", - "multi": false, + "multi": true, "name": "servername", "options": [], "query": "show tag values with key=\"host\"", "refresh": 1, "regex": "", "skipUrlSync": false, - "sort": 0, + "sort": 1, "tagValuesQuery": "", "tags": [], "tagsQuery": "", From 07d5736d61a3e49b3b9a55ea84e8c52795332dbd Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 11:33:48 -0400 Subject: [PATCH 150/266] change sort of legend --- salt/grafana/panels/cpu_usage_current_graph.json.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/panels/cpu_usage_current_graph.json.jinja b/salt/grafana/panels/cpu_usage_current_graph.json.jinja index ae3164fea..34a29172e 100644 --- a/salt/grafana/panels/cpu_usage_current_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_current_graph.json.jinja @@ -127,7 +127,7 @@ "max": true, "current": true, "sort": "current", - "sortDesc": false, + "sortDesc": true, "total": false, "avg": true, "alignAsTable": true, From 4cc3c5ada9d1135556c9912d66ce251101fce48c Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 11:35:02 -0400 Subject: [PATCH 151/266] add role template var to overview dashboard --- salt/grafana/defaults.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 26bf799e1..9adaa104e 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -29,6 +29,7 @@ grafana: templating: list: - servername_all + - role - containers - manint - monint From 457ae54341991059cacd5c96581d1462bcaabcaa Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 11:50:06 -0400 Subject: [PATCH 152/266] role var --- salt/grafana/templates/role.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/salt/grafana/templates/role.json b/salt/grafana/templates/role.json index f76de3cad..f398f679b 100644 --- a/salt/grafana/templates/role.json +++ b/salt/grafana/templates/role.json @@ -1,6 +1,11 @@ { "allValue": null, - "current": {}, + "current": { + "selected": true, + "tags": [], + "text": [], + "value": [] + }, "datasource": "InfluxDB", "definition": "show tag values with key=\"role\"", "description": null, From 37fcda381783db737cfcd75c8935d378b0fd3ce4 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 14:30:41 -0400 Subject: [PATCH 153/266] add cpu row and panels to overview dashboard --- salt/grafana/defaults.yaml | 63 +++++- .../panels/cpu_usage_current_graph.json.jinja | 206 +++++++++--------- ...a => cpu_usage_tasks_all_graph.json.jinja} | 8 +- .../cpu_usage_tasks_blocked_graph.json.jinja | 132 +++++++++++ .../cpu_usage_tasks_paging_graph.json.jinja | 132 +++++++++++ .../cpu_usage_tasks_running_graph.json.jinja | 132 +++++++++++ .../cpu_usage_tasks_sleeping_graph.json.jinja | 132 +++++++++++ .../cpu_usage_tasks_stopped_graph.json.jinja | 132 +++++++++++ .../cpu_usage_tasks_unknown_graph.json.jinja | 132 +++++++++++ .../cpu_usage_tasks_zombies_graph.json.jinja | 132 +++++++++++ salt/grafana/panels/io_wait_graph.json.jinja | 161 ++++++++++++++ salt/telegraf/etc/telegraf.conf | 2 + 12 files changed, 1257 insertions(+), 107 deletions(-) rename salt/grafana/panels/{cpu_usage_tasks_graph.json.jinja => cpu_usage_tasks_all_graph.json.jinja} (94%) create mode 100644 salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja create mode 100644 salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja create mode 100644 salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja create mode 100644 salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja create mode 100644 salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja create mode 100644 salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja create mode 100644 salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja create mode 100644 salt/grafana/panels/io_wait_graph.json.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 9adaa104e..97e04f63d 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -48,6 +48,57 @@ grafana: y: 1 h: 8 w: 24 + io_wait_graph: + gridPos: + x: 0 + y: 9 + h: 8 + w: 24 + cpu_usage_tasks_running_graph: + gridPos: + x: 0 + y: 17 + h: 8 + w: 24 + cpu_usage_tasks_zombies_graph: + gridPos: + x: 0 + y: 25 + h: 8 + w: 12 + cpu_usage_tasks_stopped_graph: + gridPos: + x: 12 + y: 25 + h: 8 + w: 12 + cpu_usage_tasks_sleeping_graph: + gridPos: + x: 0 + y: 33 + h: 8 + w: 12 + cpu_usage_tasks_blocked_graph: + gridPos: + x: 12 + y: 33 + h: 8 + w: 12 + cpu_usage_tasks_paging_graph: + gridPos: + x: 0 + y: 41 + h: 8 + w: 12 + cpu_usage_tasks_unknown_graph: + gridPos: + x: 12 + y: 41 + h: 8 + w: 12 + + + standalone: templating: @@ -162,7 +213,7 @@ grafana: y: 9 h: 1 w: 24 - cpu_usage_tasks_graph: + cpu_usage_tasks_all_graph: gridPos: x: 0 y: 10 @@ -566,7 +617,7 @@ grafana: y: 9 h: 1 w: 24 - cpu_usage_tasks_graph: + cpu_usage_tasks_all_graph: gridPos: x: 0 y: 10 @@ -895,7 +946,7 @@ grafana: y: 9 h: 1 w: 24 - cpu_usage_tasks_graph: + cpu_usage_tasks_all_graph: gridPos: x: 0 y: 10 @@ -1242,7 +1293,7 @@ grafana: y: 9 h: 1 w: 24 - cpu_usage_tasks_graph: + cpu_usage_tasks_all_graph: gridPos: x: 0 y: 10 @@ -1575,7 +1626,7 @@ grafana: y: 9 h: 1 w: 24 - cpu_usage_tasks_graph: + cpu_usage_tasks_all_graph: gridPos: x: 0 y: 10 @@ -1890,7 +1941,7 @@ grafana: y: 9 h: 1 w: 24 - cpu_usage_tasks_graph: + cpu_usage_tasks_all_graph: gridPos: x: 0 y: 10 diff --git a/salt/grafana/panels/cpu_usage_current_graph.json.jinja b/salt/grafana/panels/cpu_usage_current_graph.json.jinja index 34a29172e..555d23221 100644 --- a/salt/grafana/panels/cpu_usage_current_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_current_graph.json.jinja @@ -1,6 +1,14 @@ { - "type": "graph", - "title": "CPU Usage", + "aliasColors": {}, + "dashLength": 10, + "datasource": "InfluxDB", + "decimals": 1, + "fieldConfig": { + "defaults": { + "unit": "percent" + }, + "overrides": [] + }, "gridPos": { "x": {{ PANELS.cpu_usage_current_graph.gridPos.x }}, "y": {{ PANELS.cpu_usage_current_graph.gridPos.y }}, @@ -8,46 +16,67 @@ "h": {{ PANELS.cpu_usage_current_graph.gridPos.h }} }, "id": 69001, + "interval": "30", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "maxDataPoints": 750, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "pluginVersion": "7.5.4", + "pointradius": 2, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, "targets": [ { - "refId": "A", - "queryType": "randomWalk", - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ], + "alias": "$tag_host $tag_role", "groupBy": [ { - "type": "time", "params": [ "$__interval" - ] + ], + "type": "time" + }, + { + "params": [ + "host" + ], + "type": "tag" }, { "type": "tag", "params": [ - "host" + "role" ] }, { - "type": "fill", "params": [ "null" - ] + ], + "type": "fill" } ], + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "default", + "queryType": "randomWalk", + "refId": "A", + "resultFormat": "time_series", "select": [ [ { @@ -68,93 +97,76 @@ } ] ], - "measurement": "cpu", - "alias": "$tag_host" + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + }, + { + "condition": "AND", + "key": "role", + "operator": "=~", + "value": "/^$role$/" + } + ] } ], - "options": { - "alertThreshold": true + "thresholds": [], + "timeRegions": [], + "title": "CPU Usage", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" }, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "unit": "percent" - }, - "overrides": [] - }, - "pluginVersion": "7.5.4", - "renderer": "flot", - "yaxes": [ - { - "label": null, - "show": true, - "logBase": 1, - "min": "0", - "max": null, - "format": "percent", - "$$hashKey": "object:933" - }, - { - "label": null, - "show": true, - "logBase": 1, - "min": null, - "max": null, - "format": "short", - "$$hashKey": "object:934" - } - ], + "type": "graph", "xaxis": { - "show": true, + "buckets": null, "mode": "time", "name": null, - "values": [], - "buckets": null + "show": true, + "values": [] }, + "yaxes": [ + { + "$$hashKey": "object:933", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "$$hashKey": "object:934", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], "yaxis": { "align": false, "alignLevel": null }, - "lines": true, - "linewidth": 1, - "dashLength": 10, - "spaceLength": 10, - "pointradius": 2, - "legend": { - "show": true, - "values": true, - "min": false, - "max": true, - "current": true, - "sort": "current", - "sortDesc": true, - "total": false, - "avg": true, - "alignAsTable": true, - "rightSide": true - }, - "nullPointMode": "connected", - "tooltip": { - "value_type": "individual", - "shared": true, - "sort": 2 - }, - "aliasColors": {}, - "seriesOverrides": [], - "thresholds": [], - "timeRegions": [], - "decimals": 1, + "bars": false, + "dashes": false, "fill": 0, "fillGradient": 0, - "dashes": false, "hiddenSeries": false, - "points": false, - "bars": false, - "stack": false, "percentage": false, + "points": false, + "stack": false, "steppedLine": false, "timeFrom": null, - "timeShift": null, - "interval": "30", - "maxDataPoints": 750 + "timeShift": null } diff --git a/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_all_graph.json.jinja similarity index 94% rename from salt/grafana/panels/cpu_usage_tasks_graph.json.jinja rename to salt/grafana/panels/cpu_usage_tasks_all_graph.json.jinja index 9f51d6648..e865f446f 100644 --- a/salt/grafana/panels/cpu_usage_tasks_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_all_graph.json.jinja @@ -8,10 +8,10 @@ }, "fill": 1, "gridPos": { - "x": {{ PANELS.cpu_usage_tasks_graph.gridPos.x }}, - "y": {{ PANELS.cpu_usage_tasks_graph.gridPos.y }}, - "w": {{ PANELS.cpu_usage_tasks_graph.gridPos.w }}, - "h": {{ PANELS.cpu_usage_tasks_graph.gridPos.h }} + "x": {{ PANELS.cpu_usage_tasks_all_graph.gridPos.x }}, + "y": {{ PANELS.cpu_usage_tasks_all_graph.gridPos.y }}, + "w": {{ PANELS.cpu_usage_tasks_all_graph.gridPos.w }}, + "h": {{ PANELS.cpu_usage_tasks_all_graph.gridPos.h }} }, "id": 61871, "legend": { diff --git a/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja new file mode 100644 index 000000000..7d9020445 --- /dev/null +++ b/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja @@ -0,0 +1,132 @@ +{ + "type": "graph", + "title": "CPU Tasks Blocked", + "gridPos": { + "x": {{ PANELS.cpu_usage_tasks_blocked_graph.gridPos.x }}, + "y": {{ PANELS.cpu_usage_tasks_blocked_graph.gridPos.y }}, + "w": {{ PANELS.cpu_usage_tasks_blocked_graph.gridPos.w }}, + "h": {{ PANELS.cpu_usage_tasks_blocked_graph.gridPos.h }} + }, + "id": 69005, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT mean(blocked) as blocked FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "rawQuery": true, + "alias": "$tag_host $tag_role: $col" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:412" + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:413" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 2 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "fill": 0, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja new file mode 100644 index 000000000..ef963eb47 --- /dev/null +++ b/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja @@ -0,0 +1,132 @@ +{ + "type": "graph", + "title": "CPU Tasks Paging", + "gridPos": { + "x": {{ PANELS.cpu_usage_tasks_paging_graph.gridPos.x }}, + "y": {{ PANELS.cpu_usage_tasks_paging_graph.gridPos.y }}, + "w": {{ PANELS.cpu_usage_tasks_paging_graph.gridPos.w }}, + "h": {{ PANELS.cpu_usage_tasks_paging_graph.gridPos.h }} + }, + "id": 69008, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT mean(paging) as paging FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "rawQuery": true, + "alias": "$tag_host $tag_role: $col" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:412" + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:413" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 2 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "fill": 0, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja new file mode 100644 index 000000000..fdbc20719 --- /dev/null +++ b/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja @@ -0,0 +1,132 @@ +{ + "type": "graph", + "title": "CPU Tasks Running", + "gridPos": { + "x": {{ PANELS.cpu_usage_tasks_running_graph.gridPos.x }}, + "y": {{ PANELS.cpu_usage_tasks_running_graph.gridPos.y }}, + "w": {{ PANELS.cpu_usage_tasks_running_graph.gridPos.w }}, + "h": {{ PANELS.cpu_usage_tasks_running_graph.gridPos.h }} + }, + "id": 69003, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT mean(running) as running FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "rawQuery": true, + "alias": "$tag_host $tag_role: $col" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:412" + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:413" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 2 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "fill": 0, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja new file mode 100644 index 000000000..4aadfb2cc --- /dev/null +++ b/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja @@ -0,0 +1,132 @@ +{ + "type": "graph", + "title": "CPU Tasks Sleeping", + "gridPos": { + "x": {{ PANELS.cpu_usage_tasks_sleeping_graph.gridPos.x }}, + "y": {{ PANELS.cpu_usage_tasks_sleeping_graph.gridPos.y }}, + "w": {{ PANELS.cpu_usage_tasks_sleeping_graph.gridPos.w }}, + "h": {{ PANELS.cpu_usage_tasks_sleeping_graph.gridPos.h }} + }, + "id": 69006, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT mean(sleeping) as sleeping FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "rawQuery": true, + "alias": "$tag_host $tag_role: $col" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:412" + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:413" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 2 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "fill": 0, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja new file mode 100644 index 000000000..4905d2e6d --- /dev/null +++ b/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja @@ -0,0 +1,132 @@ +{ + "type": "graph", + "title": "CPU Tasks Stopped", + "gridPos": { + "x": {{ PANELS.cpu_usage_tasks_stopped_graph.gridPos.x }}, + "y": {{ PANELS.cpu_usage_tasks_stopped_graph.gridPos.y }}, + "w": {{ PANELS.cpu_usage_tasks_stopped_graph.gridPos.w }}, + "h": {{ PANELS.cpu_usage_tasks_stopped_graph.gridPos.h }} + }, + "id": 69007, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT mean(stopped) as stopped FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "rawQuery": true, + "alias": "$tag_host $tag_role: $col" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:412" + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:413" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 2 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "fill": 0, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja new file mode 100644 index 000000000..c86a97b72 --- /dev/null +++ b/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja @@ -0,0 +1,132 @@ +{ + "type": "graph", + "title": "CPU Tasks Unknown", + "gridPos": { + "x": {{ PANELS.cpu_usage_tasks_unknown_graph.gridPos.x }}, + "y": {{ PANELS.cpu_usage_tasks_unknown_graph.gridPos.y }}, + "w": {{ PANELS.cpu_usage_tasks_unknown_graph.gridPos.w }}, + "h": {{ PANELS.cpu_usage_tasks_unknown_graph.gridPos.h }} + }, + "id": 69009, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT mean(unknown) as unknown FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "rawQuery": true, + "alias": "$tag_host $tag_role: $col" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:412" + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:413" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 2 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "fill": 0, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja new file mode 100644 index 000000000..1a4b83aea --- /dev/null +++ b/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja @@ -0,0 +1,132 @@ +{ + "type": "graph", + "title": "CPU Tasks Zombies", + "gridPos": { + "x": {{ PANELS.cpu_usage_tasks_zombies_graph.gridPos.x }}, + "y": {{ PANELS.cpu_usage_tasks_zombies_graph.gridPos.y }}, + "w": {{ PANELS.cpu_usage_tasks_zombies_graph.gridPos.w }}, + "h": {{ PANELS.cpu_usage_tasks_zombies_graph.gridPos.h }} + }, + "id": 69004, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "value" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "query": "SELECT mean(zombies) as zombies FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "rawQuery": true, + "alias": "$tag_host $tag_role: $col" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:412" + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:413" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 2 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "fill": 0, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/io_wait_graph.json.jinja b/salt/grafana/panels/io_wait_graph.json.jinja new file mode 100644 index 000000000..73057830e --- /dev/null +++ b/salt/grafana/panels/io_wait_graph.json.jinja @@ -0,0 +1,161 @@ +{ + "type": "graph", + "title": "IO Wait", + "gridPos": { + "x": {{ PANELS.io_wait_graph.gridPos.x }}, + "y": {{ PANELS.io_wait_graph.gridPos.y }}, + "w": {{ PANELS.io_wait_graph.gridPos.w }}, + "h": {{ PANELS.io_wait_graph.gridPos.h }} + }, + "id": 69011, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" + }, + { + "condition": "AND", + "key": "role", + "operator": "=~", + "value": "/^$role$/" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "tag", + "params": [ + "role" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "usage_iowait" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "measurement": "cpu", + "alias": "$tag_host $tag_role" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": "0", + "max": null, + "format": "percent", + "$$hashKey": "object:1740" + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:1741" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 2 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "fill": 0, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "decimals": 1, + "description": "" +} diff --git a/salt/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf index d8620a082..b04b1549d 100644 --- a/salt/telegraf/etc/telegraf.conf +++ b/salt/telegraf/etc/telegraf.conf @@ -27,6 +27,8 @@ # rack = "1a" ## Environment variables can be used as tags, and throughout the config file # user = "$USER" + role = "{{ grains.id.split('_') | last }}" + {% if grains['role'] == 'so-helix' %} meta_cbid = "{{ UNIQUEID }}" From e2baa932704106bdc28746ae95e46cd23ec59e46 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 14:32:01 -0400 Subject: [PATCH 154/266] remove role from node_config for telegraf --- salt/telegraf/node_config.json.jinja | 1 - 1 file changed, 1 deletion(-) diff --git a/salt/telegraf/node_config.json.jinja b/salt/telegraf/node_config.json.jinja index 6aeef5fb7..ec05426a8 100644 --- a/salt/telegraf/node_config.json.jinja +++ b/salt/telegraf/node_config.json.jinja @@ -1,5 +1,4 @@ { - "role": "{{ grains.id.split('_') | last }}", "manint": "{{ salt['pillar.get']('host:mainint', '') }}", {%- if grains.role in ['so-standalone', 'so-eval', 'so-sensor', 'so-heavynode', ] %} "monint": "{{ salt['pillar.get']('sensor:interface', '') }}" From 9bf6d478c51fe1240a5f164958ef02701df56ea3 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 14:36:08 -0400 Subject: [PATCH 155/266] remove $col var --- salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja | 2 +- salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja | 2 +- salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja | 2 +- salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja | 2 +- salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja | 2 +- salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja | 2 +- salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja index 7d9020445..aec992a91 100644 --- a/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja @@ -46,7 +46,7 @@ ], "query": "SELECT mean(blocked) as blocked FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", "rawQuery": true, - "alias": "$tag_host $tag_role: $col" + "alias": "$tag_host $tag_role" } ], "options": { diff --git a/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja index ef963eb47..a8eb777b3 100644 --- a/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja @@ -46,7 +46,7 @@ ], "query": "SELECT mean(paging) as paging FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", "rawQuery": true, - "alias": "$tag_host $tag_role: $col" + "alias": "$tag_host $tag_role" } ], "options": { diff --git a/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja index fdbc20719..1cc63be59 100644 --- a/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja @@ -46,7 +46,7 @@ ], "query": "SELECT mean(running) as running FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", "rawQuery": true, - "alias": "$tag_host $tag_role: $col" + "alias": "$tag_host $tag_role" } ], "options": { diff --git a/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja index 4aadfb2cc..89227a20d 100644 --- a/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja @@ -46,7 +46,7 @@ ], "query": "SELECT mean(sleeping) as sleeping FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", "rawQuery": true, - "alias": "$tag_host $tag_role: $col" + "alias": "$tag_host $tag_role" } ], "options": { diff --git a/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja index 4905d2e6d..fcd94eae1 100644 --- a/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja @@ -46,7 +46,7 @@ ], "query": "SELECT mean(stopped) as stopped FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", "rawQuery": true, - "alias": "$tag_host $tag_role: $col" + "alias": "$tag_host $tag_role" } ], "options": { diff --git a/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja index c86a97b72..efd53cdf4 100644 --- a/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja @@ -46,7 +46,7 @@ ], "query": "SELECT mean(unknown) as unknown FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", "rawQuery": true, - "alias": "$tag_host $tag_role: $col" + "alias": "$tag_host $tag_role" } ], "options": { diff --git a/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja index 1a4b83aea..2a6af6b73 100644 --- a/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja @@ -46,7 +46,7 @@ ], "query": "SELECT mean(zombies) as zombies FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", "rawQuery": true, - "alias": "$tag_host $tag_role: $col" + "alias": "$tag_host $tag_role" } ], "options": { From 43bf75217f73ac4e650a7bb6894580d27af724b3 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 21 Jul 2021 14:40:23 -0400 Subject: [PATCH 156/266] Update VERSION --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 678d59d4f..625e2aa35 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.60 +2.3.61 From 7c9df2d75a6636ac2416e3966e8350c340051e79 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 21 Jul 2021 14:40:53 -0400 Subject: [PATCH 157/266] Update HOTFIX --- HOTFIX | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/HOTFIX b/HOTFIX index 31f81a97c..d3f5a12fa 100644 --- a/HOTFIX +++ b/HOTFIX @@ -1 +1 @@ -ECSFIX HEAVYNODE_SSL_LOGSTASH_REDIS_PIPELINES FBPIPELINE CURATORAUTH + From 235d8b7cf0abf8b6b9f48c8e286015dfc151466c Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 14:44:07 -0400 Subject: [PATCH 158/266] ensure role matches --- salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja | 2 +- salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja | 2 +- salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja | 2 +- salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja | 2 +- salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja | 2 +- salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja | 2 +- salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja | 2 +- salt/grafana/panels/io_wait_stat.json.jinja | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja index aec992a91..cea753c84 100644 --- a/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja @@ -44,7 +44,7 @@ } ] ], - "query": "SELECT mean(blocked) as blocked FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "query": "SELECT mean(blocked) as blocked FROM \"processes\" WHERE (host =~ /$servername$/ AND role =~ /$role$/) AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", "rawQuery": true, "alias": "$tag_host $tag_role" } diff --git a/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja index a8eb777b3..098a02542 100644 --- a/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja @@ -44,7 +44,7 @@ } ] ], - "query": "SELECT mean(paging) as paging FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "query": "SELECT mean(paging) as paging FROM \"processes\" WHERE (host =~ /$servername$/ AND role =~ /$role$/) AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", "rawQuery": true, "alias": "$tag_host $tag_role" } diff --git a/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja index 1cc63be59..d01a78168 100644 --- a/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja @@ -44,7 +44,7 @@ } ] ], - "query": "SELECT mean(running) as running FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "query": "SELECT mean(running) as running FROM \"processes\" WHERE (host =~ /$servername$/ AND role =~ /$role$/) AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", "rawQuery": true, "alias": "$tag_host $tag_role" } diff --git a/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja index 89227a20d..80faf0037 100644 --- a/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja @@ -44,7 +44,7 @@ } ] ], - "query": "SELECT mean(sleeping) as sleeping FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "query": "SELECT mean(sleeping) as sleeping FROM \"processes\" WHERE (host =~ /$servername$/ AND role =~ /$role$/) AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", "rawQuery": true, "alias": "$tag_host $tag_role" } diff --git a/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja index fcd94eae1..f7a7e0bfe 100644 --- a/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja @@ -44,7 +44,7 @@ } ] ], - "query": "SELECT mean(stopped) as stopped FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "query": "SELECT mean(stopped) as stopped FROM \"processes\" WHERE (host =~ /$servername$/ AND role =~ /$role$/) AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", "rawQuery": true, "alias": "$tag_host $tag_role" } diff --git a/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja index efd53cdf4..910012b00 100644 --- a/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja @@ -44,7 +44,7 @@ } ] ], - "query": "SELECT mean(unknown) as unknown FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "query": "SELECT mean(unknown) as unknown FROM \"processes\" WHERE (host =~ /$servername$/ AND role =~ /$role$/) AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", "rawQuery": true, "alias": "$tag_host $tag_role" } diff --git a/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja index 2a6af6b73..e4776b42f 100644 --- a/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja @@ -44,7 +44,7 @@ } ] ], - "query": "SELECT mean(zombies) as zombies FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "query": "SELECT mean(zombies) as zombies FROM \"processes\" WHERE (host =~ /$servername$/ AND role =~ /$role$/) AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", "rawQuery": true, "alias": "$tag_host $tag_role" } diff --git a/salt/grafana/panels/io_wait_stat.json.jinja b/salt/grafana/panels/io_wait_stat.json.jinja index baaf462d8..840d282cc 100644 --- a/salt/grafana/panels/io_wait_stat.json.jinja +++ b/salt/grafana/panels/io_wait_stat.json.jinja @@ -65,7 +65,7 @@ ], "measurement": "cpu", "policy": "default", - "query": "SELECT non_negative_derivative(mean(\"usage_iowait\"), 1s) FROM \"cpu\" WHERE \"host\" =~ /^$servername$/ AND \"cpu\" = 'cpu-total' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT non_negative_derivative(mean(\"usage_iowait\"), 1s) FROM \"cpu\" WHERE (host =~ /$servername$/ AND role =~ /$role$/ AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", From ceb108a5fe9f58f9d3c5fc74aba61399a1376d49 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 14:47:57 -0400 Subject: [PATCH 159/266] set min yaxes to 0 --- salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja | 2 +- salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja | 2 +- salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja | 2 +- salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja | 2 +- salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja | 2 +- salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja | 2 +- salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja index cea753c84..6e6d92331 100644 --- a/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja @@ -64,7 +64,7 @@ "label": null, "show": true, "logBase": 1, - "min": null, + "min": 0, "max": null, "format": "short", "$$hashKey": "object:412" diff --git a/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja index 098a02542..392063f07 100644 --- a/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja @@ -64,7 +64,7 @@ "label": null, "show": true, "logBase": 1, - "min": null, + "min": 0, "max": null, "format": "short", "$$hashKey": "object:412" diff --git a/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja index d01a78168..c6b9d4b58 100644 --- a/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja @@ -64,7 +64,7 @@ "label": null, "show": true, "logBase": 1, - "min": null, + "min": 0, "max": null, "format": "short", "$$hashKey": "object:412" diff --git a/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja index 80faf0037..bd58ca9ea 100644 --- a/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja @@ -64,7 +64,7 @@ "label": null, "show": true, "logBase": 1, - "min": null, + "min": 0, "max": null, "format": "short", "$$hashKey": "object:412" diff --git a/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja index f7a7e0bfe..cc801ce9e 100644 --- a/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja @@ -64,7 +64,7 @@ "label": null, "show": true, "logBase": 1, - "min": null, + "min": 0, "max": null, "format": "short", "$$hashKey": "object:412" diff --git a/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja index 910012b00..f6e2062ca 100644 --- a/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja @@ -64,7 +64,7 @@ "label": null, "show": true, "logBase": 1, - "min": null, + "min": 0, "max": null, "format": "short", "$$hashKey": "object:412" diff --git a/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja index e4776b42f..712ea7c6b 100644 --- a/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja @@ -64,7 +64,7 @@ "label": null, "show": true, "logBase": 1, - "min": null, + "min": 0, "max": null, "format": "short", "$$hashKey": "object:412" From 74874dfff2337a69a864e45fb5628a8d359b9763 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 21 Jul 2021 14:59:33 -0400 Subject: [PATCH 160/266] Allow web pages to load blob data --- salt/nginx/etc/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index cafa583b5..4fa5c8435 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -149,7 +149,7 @@ http { root /opt/socore/html; index index.html; - add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-ancestors 'self'"; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; frame-ancestors 'self'"; add_header X-Frame-Options SAMEORIGIN; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options nosniff; From 479fcb6c46fb6be7c1c66ac86e6892751c37375e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 15:00:05 -0400 Subject: [PATCH 161/266] add panel for memory usage percent --- salt/grafana/defaults.yaml | 13 ++ .../memory_usage_percent_graph.json.jinja | 155 ++++++++++++++++++ 2 files changed, 168 insertions(+) create mode 100644 salt/grafana/panels/memory_usage_percent_graph.json.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 97e04f63d..3a0b11719 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -97,6 +97,19 @@ grafana: h: 8 w: 12 + row_memory: + gridPos: + x: 0 + y: 49 + h: 1 + w: 24 + memory_usage_percent_graph: + gridPos: + x: 0 + y: 50 + h: 8 + w: 24 + diff --git a/salt/grafana/panels/memory_usage_percent_graph.json.jinja b/salt/grafana/panels/memory_usage_percent_graph.json.jinja new file mode 100644 index 000000000..dddfd73d6 --- /dev/null +++ b/salt/grafana/panels/memory_usage_percent_graph.json.jinja @@ -0,0 +1,155 @@ +{ + "type": "graph", + "title": "Memory Usage", + "gridPos": { + "x": {{ PANELS.memory_usage_percent_graph.gridPos.x }}, + "y": {{ PANELS.memory_usage_percent_graph.gridPos.y }}, + "w": {{ PANELS.memory_usage_percent_graph.gridPos.w }}, + "h": {{ PANELS.memory_usage_percent_graph.gridPos.h }} + }, + "id": 69013, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "role", + "operator": "=~", + "value": "/^$role$/" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "tag", + "params": [ + "role" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "used_percent" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "measurement": "mem", + "alias": "$tag_host $tag_role" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": "0", + "max": null, + "format": "percent", + "$$hashKey": "object:504" + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:505" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 2 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "decimals": 1, + "fill": 0, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "description": "" +} From ad8c12afa5340e67066ff74a0604bf8005794726 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 21 Jul 2021 15:07:02 -0400 Subject: [PATCH 162/266] Upgrade ES to 7.13.4 --- salt/kibana/files/saved_objects.ndjson | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/kibana/files/saved_objects.ndjson b/salt/kibana/files/saved_objects.ndjson index ee2842b66..56fd82222 100644 --- a/salt/kibana/files/saved_objects.ndjson +++ b/salt/kibana/files/saved_objects.ndjson @@ -460,7 +460,7 @@ {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\",\"time_zone\":\"America/New_York\"}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":96,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":28,\"x\":8,\"y\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":28,\"x\":28,\"y\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":72,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":48,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":24,\"x\":16,\"y\":72,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":120,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"columns\":[\"event_type\",\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"z16.04 - Sysmon - Logs","version":1},"id":"6d189680-6d62-11e7-8ddb-e71eb260f4a3","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"8cfdeff0-6d6b-11e7-ad64-15aa071374a6","name":"panel_1","type":"visualization"},{"id":"0eb1fd80-6d70-11e7-b09b-f57b22df6524","name":"panel_2","type":"visualization"},{"id":"3072c750-6d71-11e7-b09b-f57b22df6524","name":"panel_3","type":"visualization"},{"id":"7bc74b40-6d71-11e7-b09b-f57b22df6524","name":"panel_4","type":"visualization"},{"id":"13ed0810-6d72-11e7-b09b-f57b22df6524","name":"panel_5","type":"visualization"},{"id":"3b6c92c0-6d72-11e7-b09b-f57b22df6524","name":"panel_6","type":"visualization"},{"id":"e09f6010-6d72-11e7-b09b-f57b22df6524","name":"panel_7","type":"visualization"},{"id":"29611940-6d75-11e7-b09b-f57b22df6524","name":"panel_8","type":"visualization"},{"id":"6b70b840-6d75-11e7-b09b-f57b22df6524","name":"panel_9","type":"visualization"},{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"panel_10","type":"search"},{"id":"AWDHHk1sxQT5EBNmq43Y","name":"panel_11","type":"visualization"}],"type":"dashboard","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQyLDRd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SMB - Action (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMB - Action (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"action.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"6f883480-3aad-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQzLDRd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.certificate.subject.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.certificate.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"},"id":"6fccb600-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ0LDRd"} -{"attributes":{"buildNum":39457,"defaultIndex":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute":"/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize":100,"theme:darkMode":true,"timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion":"7.13.2","id":"7.13.2","migrationVersion":{"config":"7.12.0"},"references":[],"type":"config","updated_at":"2021-04-29T21:42:52.430Z","version":"WzY3NTUsM10="} +{"attributes":{"buildNum":39457,"defaultIndex":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute":"/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize":100,"theme:darkMode":true,"timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion":"7.13.4","id":"7.13.4","migrationVersion":{"config":"7.12.0"},"references":[],"type":"config","updated_at":"2021-04-29T21:42:52.430Z","version":"WzY3NTUsM10="} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - File - MIME Flavors","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Strelka - File - MIME Flavors\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.flavors.mime.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"70243970-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ2LDRd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Modbus - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG_9KpxQT5EBNmq4Oo","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ3LDRd"} {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"z16.04 - Bro - Modbus","version":1},"id":"70c005f0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"0d168a30-363f-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"20eabd60-380b-11e7-a1cc-ebc6a7e70e84","name":"panel_2","type":"visualization"},{"id":"3c65f500-380b-11e7-a1cc-ebc6a7e70e84","name":"panel_3","type":"visualization"},{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"panel_4","type":"search"},{"id":"178209e0-6e1b-11e7-b553-7f80727663c1","name":"panel_5","type":"visualization"},{"id":"AWDG_9KpxQT5EBNmq4Oo","name":"panel_6","type":"visualization"},{"id":"453f8b90-4a58-11e8-9b0a-f1d33346f773","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ4LDRd"} From f732b80b92fcf8adb1e672365a53c649fa694ed3 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 15:48:04 -0400 Subject: [PATCH 163/266] add swap usage percent to overview dash --- salt/grafana/defaults.yaml | 24 +++ .../swap_usage_percent_graph.json.jinja | 154 ++++++++++++++++++ 2 files changed, 178 insertions(+) create mode 100644 salt/grafana/panels/swap_usage_percent_graph.json.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 3a0b11719..0983f75f2 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -110,7 +110,31 @@ grafana: h: 8 w: 24 + row_swap: + gridPos: + x: 0 + y: 58 + h: 1 + w: 24 + swap_usage_percent_graph: + gridPos: + x: 0 + y: 59 + h: 8 + w: 24 + row_network: + gridPos: + x: 0 + y: 67 + h: 1 + w: 24 + management_interface_traffic_graph: + gridPos: + x: 0 + y: 68 + h: 8 + w: 24 standalone: diff --git a/salt/grafana/panels/swap_usage_percent_graph.json.jinja b/salt/grafana/panels/swap_usage_percent_graph.json.jinja new file mode 100644 index 000000000..ebe5c1bd0 --- /dev/null +++ b/salt/grafana/panels/swap_usage_percent_graph.json.jinja @@ -0,0 +1,154 @@ +{ + "type": "graph", + "title": "Swap Usage", + "gridPos": { + "x": {{ PANELS.swap_usage_percent_graph.gridPos.x }}, + "y": {{ PANELS.swap_usage_percent_graph.gridPos.y }}, + "w": {{ PANELS.swap_usage_percent_graph.gridPos.w }}, + "h": {{ PANELS.swap_usage_percent_graph.gridPos.h }} + }, + "id": 69013, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "role", + "operator": "=~", + "value": "/^$role$/" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "tag", + "params": [ + "role" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "used_percent" + ] + }, + { + "type": "mean", + "params": [] + } + ] + ], + "measurement": "swap", + "alias": "$tag_host $tag_role" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "percent", + "$$hashKey": "object:100", + "decimals": 1 + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:101" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 2 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "fill": 0, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false +} From cd8d9c657e24a3b13487dc7e2d0081b45285c94b Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 16:24:16 -0400 Subject: [PATCH 164/266] add mgmt interface traffic graphs to overview --- salt/grafana/defaults.yaml | 8 +- ...interface_traffic_inbound_graph.json.jinja | 188 ++++++++++++++++++ ...nterface_traffic_outbound_graph.json.jinja | 186 +++++++++++++++++ 3 files changed, 381 insertions(+), 1 deletion(-) create mode 100644 salt/grafana/panels/management_interface_traffic_inbound_graph.json.jinja create mode 100644 salt/grafana/panels/management_interface_traffic_outbound_graph.json.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 0983f75f2..350ff94ea 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -129,12 +129,18 @@ grafana: y: 67 h: 1 w: 24 - management_interface_traffic_graph: + management_interface_traffic_inbound_graph: gridPos: x: 0 y: 68 h: 8 w: 24 + management_interface_traffic_outbound_graph: + gridPos: + x: 0 + y: 76 + h: 8 + w: 24 standalone: diff --git a/salt/grafana/panels/management_interface_traffic_inbound_graph.json.jinja b/salt/grafana/panels/management_interface_traffic_inbound_graph.json.jinja new file mode 100644 index 000000000..f6a396ea2 --- /dev/null +++ b/salt/grafana/panels/management_interface_traffic_inbound_graph.json.jinja @@ -0,0 +1,188 @@ +{ + "aliasColors": { + "InBound": "#629E51", + "OutBound": "#5195CE", + "net.non_negative_derivative": "super-light-blue" + }, + "dashLength": 10, + "datasource": "InfluxDB", + "editable": true, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "gridPos": { + "x": {{ PANELS.management_interface_traffic_inbound_graph.gridPos.x }}, + "y": {{ PANELS.management_interface_traffic_inbound_graph.gridPos.y }}, + "w": {{ PANELS.management_interface_traffic_inbound_graph.gridPos.w }}, + "h": {{ PANELS.management_interface_traffic_inbound_graph.gridPos.h }} + }, + "id": 18, + "interval": "30s", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "maxDataPoints": 750, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "pluginVersion": "7.5.4", + "pointradius": 5, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "targets": [ + { + "alias": "$tag_host $tag_role $manint", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "tag", + "params": [ + "role" + ] + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "net", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes_recv" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=~", + "value": "/^$manint$/" + }, + { + "condition": "AND", + "key": "role", + "operator": "=~", + "value": "/^$role$/" + } + ], + "query": "SELECT non_negative_derivative(mean(\"bytes_recv\"), 1s) *8 FROM \"net\" WHERE (\"host\" = '$servername' AND \"interface\" = '$manint') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Management Interface Traffic - Inbound", + "tooltip": { + "msResolution": true, + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bps", + "logBase": 1, + "max": null, + "min": 0, + "show": true, + "$$hashKey": "object:353", + "decimals": 1 + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true, + "$$hashKey": "object:354" + } + ], + "yaxis": { + "align": false, + "alignLevel": null + }, + "decimals": 1, + "bars": false, + "dashes": false, + "error": false, + "fill": 0, + "fillGradient": 0, + "hiddenSeries": false, + "percentage": false, + "points": false, + "stack": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/management_interface_traffic_outbound_graph.json.jinja b/salt/grafana/panels/management_interface_traffic_outbound_graph.json.jinja new file mode 100644 index 000000000..045c3e7a1 --- /dev/null +++ b/salt/grafana/panels/management_interface_traffic_outbound_graph.json.jinja @@ -0,0 +1,186 @@ +{ + "aliasColors": { + "InBound": "#629E51", + "OutBound": "#5195CE", + "net.non_negative_derivative": "super-light-blue" + }, + "dashLength": 10, + "datasource": "InfluxDB", + "editable": true, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "gridPos": { + "x": {{ PANELS.management_interface_traffic_outbound_graph.gridPos.x }}, + "y": {{ PANELS.management_interface_traffic_outbound_graph.gridPos.y }}, + "w": {{ PANELS.management_interface_traffic_outbound_graph.gridPos.w }}, + "h": {{ PANELS.management_interface_traffic_outbound_graph.gridPos.h }} + }, + "id": 69014, + "interval": "30s", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "maxDataPoints": 750, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "pluginVersion": "7.5.4", + "pointradius": 5, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "targets": [ + { + "alias": "$tag_host $tag_role $manint", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "tag", + "params": [ + "role" + ] + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "net", + "orderByTime": "ASC", + "policy": "default", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes_sent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=~", + "value": "/^$manint$/" + }, + { + "condition": "AND", + "key": "role", + "operator": "=~", + "value": "/^$role$/" + } + ] + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Management Interface Traffic - Outbound", + "tooltip": { + "msResolution": true, + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bps", + "logBase": 1, + "max": null, + "min": 0, + "show": true, + "$$hashKey": "object:353", + "decimals": 1 + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true, + "$$hashKey": "object:354" + } + ], + "yaxis": { + "align": false, + "alignLevel": null + }, + "decimals": 1, + "bars": false, + "dashes": false, + "error": false, + "fill": 0, + "fillGradient": 0, + "hiddenSeries": false, + "percentage": false, + "points": false, + "stack": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} From 690699ddf70b2239a356addf111616bc5a288718 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 17:17:23 -0400 Subject: [PATCH 165/266] update template vars to use regex for $servername --- salt/grafana/templates/containers.json | 4 ++-- salt/grafana/templates/cpucount.json | 4 ++-- salt/grafana/templates/manint.json | 4 ++-- salt/grafana/templates/monint.json | 4 ++-- salt/grafana/templates/servername_all.json | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/salt/grafana/templates/containers.json b/salt/grafana/templates/containers.json index 9cecddf8e..955c5c8e3 100644 --- a/salt/grafana/templates/containers.json +++ b/salt/grafana/templates/containers.json @@ -7,7 +7,7 @@ "value": [] }, "datasource": "InfluxDB", - "definition": "SHOW TAG VALUES ON telegraf WITH KEY = container_name WHERE (_name = 'docker_container_cpu') AND ((host = '$servername') AND (_tagKey = 'container_name'))", + "definition": "SHOW TAG VALUES ON telegraf WITH KEY = container_name WHERE (_name = 'docker_container_cpu') AND ((host =~ /^$servername$/) AND (_tagKey = 'container_name'))", "description": null, "error": null, "hide": 0, @@ -16,7 +16,7 @@ "multi": true, "name": "containers", "options": [], - "query": "SHOW TAG VALUES ON telegraf WITH KEY = container_name WHERE (_name = 'docker_container_cpu') AND ((host = '$servername') AND (_tagKey = 'container_name'))", + "query": "SHOW TAG VALUES ON telegraf WITH KEY = container_name WHERE (_name = 'docker_container_cpu') AND ((host =~ /^$servername$/) AND (_tagKey = 'container_name'))", "refresh": 1, "regex": "/so-*/", "skipUrlSync": false, diff --git a/salt/grafana/templates/cpucount.json b/salt/grafana/templates/cpucount.json index 202ae7a49..c3917ebd7 100644 --- a/salt/grafana/templates/cpucount.json +++ b/salt/grafana/templates/cpucount.json @@ -2,7 +2,7 @@ "allValue": null, "current": {}, "datasource": "InfluxDB", - "definition": "SELECT \"n_cpus\" FROM \"system\" WHERE \"host\" = '$servername'", + "definition": "SELECT \"n_cpus\" FROM \"system\" WHERE \"host\" =~ /^$servername$/", "description": null, "error": null, "hide": 2, @@ -11,7 +11,7 @@ "multi": false, "name": "cpucount", "options": [], - "query": "SELECT \"n_cpus\" FROM \"system\" WHERE \"host\" = '$servername'", + "query": "SELECT \"n_cpus\" FROM \"system\" WHERE \"host\" =~ /^$servername$/", "refresh": 1, "regex": "", "skipUrlSync": false, diff --git a/salt/grafana/templates/manint.json b/salt/grafana/templates/manint.json index e1578b3d7..cd88214ae 100644 --- a/salt/grafana/templates/manint.json +++ b/salt/grafana/templates/manint.json @@ -2,7 +2,7 @@ "allValue": null, "current": {}, "datasource": "InfluxDB", - "definition": "SELECT \"manint\" FROM \"node_config\" WHERE (\"host\" = '$servername')", + "definition": "SELECT \"manint\" FROM \"node_config\" WHERE (\"host\" =~ /^$servername$/)", "description": null, "error": null, "hide": 2, @@ -11,7 +11,7 @@ "multi": false, "name": "manint", "options": [], - "query": "SELECT \"manint\" FROM \"node_config\" WHERE (\"host\" = '$servername')", + "query": "SELECT \"manint\" FROM \"node_config\" WHERE (\"host\" =~ /^$servername$/)", "refresh": 1, "regex": "", "skipUrlSync": false, diff --git a/salt/grafana/templates/monint.json b/salt/grafana/templates/monint.json index 68ceec062..b51ff5a61 100644 --- a/salt/grafana/templates/monint.json +++ b/salt/grafana/templates/monint.json @@ -2,7 +2,7 @@ "allValue": null, "current": {}, "datasource": "InfluxDB", - "definition": "SELECT \"monint\" FROM \"node_config\" WHERE (\"host\" = '$servername')", + "definition": "SELECT \"monint\" FROM \"node_config\" WHERE (\"host\" =~ /^$servername$/)", "description": null, "error": null, "hide": 2, @@ -11,7 +11,7 @@ "multi": false, "name": "monint", "options": [], - "query": "SELECT \"monint\" FROM \"node_config\" WHERE (\"host\" = '$servername')", + "query": "SELECT \"monint\" FROM \"node_config\" WHERE (\"host\" =~ /^$servername$/)", "refresh": 1, "regex": "", "skipUrlSync": false, diff --git a/salt/grafana/templates/servername_all.json b/salt/grafana/templates/servername_all.json index c6c1c80f4..70c8c6210 100644 --- a/salt/grafana/templates/servername_all.json +++ b/salt/grafana/templates/servername_all.json @@ -7,7 +7,7 @@ "value": [] }, "datasource": "InfluxDB", - "definition": "show tag values with key=\"host\"", + "definition": "show tag values with key=\"host\" WHERE (\"role\" =~ /^$role$/)", "description": "", "error": null, "hide": 0, @@ -16,7 +16,7 @@ "multi": true, "name": "servername", "options": [], - "query": "show tag values with key=\"host\"", + "query": "show tag values with key=\"host\" WHERE (\"role\" =~ /^$role$/)", "refresh": 1, "regex": "", "skipUrlSync": false, From a528c5d54bddc6a9a909ca9426b2200f1e7026c1 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 17:41:53 -0400 Subject: [PATCH 166/266] role first var for overview --- salt/grafana/defaults.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 350ff94ea..462d51f44 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -28,8 +28,8 @@ grafana: overview: templating: list: - - servername_all - role + - servername_all - containers - manint - monint From a6630540a4f8e5738716c75b17f87afe762478ac Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 21 Jul 2021 18:11:42 -0400 Subject: [PATCH 167/266] add system uptime graph to overview dash --- salt/grafana/defaults.yaml | 40 +++-- .../panels/system_uptime_graph.json.jinja | 154 ++++++++++++++++++ 2 files changed, 177 insertions(+), 17 deletions(-) create mode 100644 salt/grafana/panels/system_uptime_graph.json.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 462d51f44..29678137e 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -36,109 +36,115 @@ grafana: - cpucount - disk panels: - row_cpu: + system_uptime_graph: gridPos: x: 0 y: 0 + h: 8 + w: 24 + row_cpu: + gridPos: + x: 0 + y: 8 h: 1 w: 24 cpu_usage_current_graph: gridPos: x: 0 - y: 1 + y: 8 h: 8 w: 24 io_wait_graph: gridPos: x: 0 - y: 9 + y: 17 h: 8 w: 24 cpu_usage_tasks_running_graph: gridPos: x: 0 - y: 17 + y: 25 h: 8 w: 24 cpu_usage_tasks_zombies_graph: gridPos: x: 0 - y: 25 + y: 33 h: 8 w: 12 cpu_usage_tasks_stopped_graph: gridPos: x: 12 - y: 25 + y: 33 h: 8 w: 12 cpu_usage_tasks_sleeping_graph: gridPos: x: 0 - y: 33 + y: 41 h: 8 w: 12 cpu_usage_tasks_blocked_graph: gridPos: x: 12 - y: 33 + y: 41 h: 8 w: 12 cpu_usage_tasks_paging_graph: gridPos: x: 0 - y: 41 + y: 49 h: 8 w: 12 cpu_usage_tasks_unknown_graph: gridPos: x: 12 - y: 41 + y: 49 h: 8 w: 12 row_memory: gridPos: x: 0 - y: 49 + y: 57 h: 1 w: 24 memory_usage_percent_graph: gridPos: x: 0 - y: 50 + y: 58 h: 8 w: 24 row_swap: gridPos: x: 0 - y: 58 + y: 64 h: 1 w: 24 swap_usage_percent_graph: gridPos: x: 0 - y: 59 + y: 65 h: 8 w: 24 row_network: gridPos: x: 0 - y: 67 + y: 73 h: 1 w: 24 management_interface_traffic_inbound_graph: gridPos: x: 0 - y: 68 + y: 74 h: 8 w: 24 management_interface_traffic_outbound_graph: gridPos: x: 0 - y: 76 + y: 82 h: 8 w: 24 diff --git a/salt/grafana/panels/system_uptime_graph.json.jinja b/salt/grafana/panels/system_uptime_graph.json.jinja new file mode 100644 index 000000000..74073651c --- /dev/null +++ b/salt/grafana/panels/system_uptime_graph.json.jinja @@ -0,0 +1,154 @@ +{ + "type": "graph", + "title": "System Uptime", + "gridPos": { + "x": {{ PANELS.system_uptime_graph.gridPos.x }}, + "y": {{ PANELS.system_uptime_graph.gridPos.y }}, + "w": {{ PANELS.system_uptime_graph.gridPos.w }}, + "h": {{ PANELS.system_uptime_graph.gridPos.h }} + }, + "id": 69016, + "targets": [ + { + "refId": "A", + "queryType": "randomWalk", + "policy": "default", + "resultFormat": "time_series", + "orderByTime": "ASC", + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "role", + "operator": "=~", + "value": "/^$role$/" + } + ], + "groupBy": [ + { + "type": "time", + "params": [ + "$__interval" + ] + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "tag", + "params": [ + "role" + ] + }, + { + "type": "fill", + "params": [ + "null" + ] + } + ], + "select": [ + [ + { + "type": "field", + "params": [ + "uptime" + ] + }, + { + "type": "last", + "params": [] + } + ] + ], + "measurement": "system", + "alias": "$tag_host $tag_role" + } + ], + "options": { + "alertThreshold": true + }, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "pluginVersion": "7.5.4", + "renderer": "flot", + "yaxes": [ + { + "label": "", + "show": true, + "logBase": 1, + "min": "0", + "max": "604800", + "format": "s", + "$$hashKey": "object:213", + "decimals": 1 + }, + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:214" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": true, + "min": false, + "max": false, + "current": true, + "total": false, + "avg": false, + "alignAsTable": true, + "rightSide": true + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 1 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "fill": 0, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false, + "decimals": 1, + "description": "" +} From b89162e086bfbf46d99792bb8ff68cfaf5cde986 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Jul 2021 08:01:54 -0400 Subject: [PATCH 168/266] change id --- salt/grafana/panels/swap_usage_percent_graph.json.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/panels/swap_usage_percent_graph.json.jinja b/salt/grafana/panels/swap_usage_percent_graph.json.jinja index ebe5c1bd0..ffd45e6fa 100644 --- a/salt/grafana/panels/swap_usage_percent_graph.json.jinja +++ b/salt/grafana/panels/swap_usage_percent_graph.json.jinja @@ -7,7 +7,7 @@ "w": {{ PANELS.swap_usage_percent_graph.gridPos.w }}, "h": {{ PANELS.swap_usage_percent_graph.gridPos.h }} }, - "id": 69013, + "id": 69873, "targets": [ { "refId": "A", From a81ef0017c22c2d2ed068ed664a0329c252f689a Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Jul 2021 09:15:22 -0400 Subject: [PATCH 169/266] rename panels source, reorg overview --- salt/grafana/defaults.yaml | 167 ++++++++++-------- ...gement_interface_traffic_graph.json.jinja} | 8 +- ...onitor_interface_traffic_graph.json.jinja} | 8 +- 3 files changed, 103 insertions(+), 80 deletions(-) rename salt/grafana/panels/{management_traffic_graph.json.jinja => management_interface_traffic_graph.json.jinja} (96%) rename salt/grafana/panels/{monitor_traffic_graph.json.jinja => monitor_interface_traffic_graph.json.jinja} (94%) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 29678137e..eecd2d1f5 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -36,117 +36,140 @@ grafana: - cpucount - disk panels: - system_uptime_graph: + row_overview: gridPos: x: 0 y: 0 - h: 8 + h: 1 w: 24 - row_cpu: + system_uptime_graph: gridPos: x: 0 - y: 8 - h: 1 + y: 1 + h: 8 w: 24 cpu_usage_current_graph: gridPos: x: 0 - y: 8 + y: 9 h: 8 w: 24 - io_wait_graph: + memory_usage_percent_graph: gridPos: x: 0 y: 17 h: 8 w: 24 - cpu_usage_tasks_running_graph: + disk_usage_root_graph: gridPos: x: 0 y: 25 h: 8 w: 24 - cpu_usage_tasks_zombies_graph: + disk_usage_nsm_graph: gridPos: x: 0 y: 33 h: 8 - w: 12 - cpu_usage_tasks_stopped_graph: - gridPos: - x: 12 - y: 33 - h: 8 - w: 12 - cpu_usage_tasks_sleeping_graph: - gridPos: - x: 0 - y: 41 - h: 8 - w: 12 - cpu_usage_tasks_blocked_graph: - gridPos: - x: 12 - y: 41 - h: 8 - w: 12 - cpu_usage_tasks_paging_graph: - gridPos: - x: 0 - y: 49 - h: 8 - w: 12 - cpu_usage_tasks_unknown_graph: - gridPos: - x: 12 - y: 49 - h: 8 - w: 12 - - row_memory: - gridPos: - x: 0 - y: 57 - h: 1 - w: 24 - memory_usage_percent_graph: - gridPos: - x: 0 - y: 58 - h: 8 - w: 24 - - row_swap: - gridPos: - x: 0 - y: 64 - h: 1 w: 24 swap_usage_percent_graph: gridPos: x: 0 - y: 65 + y: 41 + h: 8 + w: 24 + io_wait_graph: + gridPos: + x: 0 + y: 49 h: 8 w: 24 row_network: gridPos: x: 0 - y: 73 + y: 57 h: 1 w: 24 management_interface_traffic_inbound_graph: gridPos: x: 0 - y: 74 + y: 58 h: 8 w: 24 management_interface_traffic_outbound_graph: gridPos: x: 0 - y: 82 + y: 58 h: 8 w: 24 + management_interface_drops_graph: + gridPos: + x: 0 + y: 58 + h: 8 + w: 24 + monitor_interface_traffic_inbound_graph: + gridPos: + x: 0 + y: 58 + h: 8 + w: 24 + monitor_interface_drops_graph: + gridPos: + x: 0 + y: 66 + h: 8 + w: 24 + + cpu_network: + gridPos: + x: 0 + y: 74 + h: 1 + w: 24 + cpu_usage_tasks_running_graph: + gridPos: + x: 0 + y: 75 + h: 8 + w: 24 + cpu_usage_tasks_zombies_graph: + gridPos: + x: 0 + y: 83 + h: 8 + w: 12 + cpu_usage_tasks_stopped_graph: + gridPos: + x: 12 + y: 83 + h: 8 + w: 12 + cpu_usage_tasks_sleeping_graph: + gridPos: + x: 0 + y: 91 + h: 8 + w: 12 + cpu_usage_tasks_blocked_graph: + gridPos: + x: 12 + y: 91 + h: 8 + w: 12 + cpu_usage_tasks_paging_graph: + gridPos: + x: 0 + y: 99 + h: 8 + w: 12 + cpu_usage_tasks_unknown_graph: + gridPos: + x: 12 + y: 99 + h: 8 + w: 12 standalone: @@ -319,7 +342,7 @@ grafana: y: 44 h: 1 w: 24 - management_traffic_graph: + management_interface_traffic_graph: gridPos: x: 0 y: 45 @@ -337,7 +360,7 @@ grafana: y: 53 h: 8 w: 12 - monitor_traffic_graph: + monitor_interface_traffic_graph: gridPos: x: 0 y: 61 @@ -723,7 +746,7 @@ grafana: y: 44 h: 1 w: 24 - management_traffic_graph: + management_interface_traffic_graph: gridPos: x: 0 y: 45 @@ -1052,7 +1075,7 @@ grafana: y: 44 h: 1 w: 24 - management_traffic_graph: + management_interface_traffic_graph: gridPos: x: 0 y: 45 @@ -1399,7 +1422,7 @@ grafana: y: 44 h: 1 w: 24 - management_traffic_graph: + management_interface_traffic_graph: gridPos: x: 0 y: 45 @@ -1417,7 +1440,7 @@ grafana: y: 53 h: 8 w: 12 - monitor_traffic_graph: + monitor_interface_traffic_graph: gridPos: x: 0 y: 61 @@ -1732,7 +1755,7 @@ grafana: y: 44 h: 1 w: 24 - management_traffic_graph: + management_interface_traffic_graph: gridPos: x: 0 y: 45 @@ -2047,7 +2070,7 @@ grafana: y: 44 h: 1 w: 24 - management_traffic_graph: + management_interface_traffic_graph: gridPos: x: 0 y: 45 @@ -2065,7 +2088,7 @@ grafana: y: 53 h: 8 w: 12 - monitor_traffic_graph: + monitor_interface_traffic_graph: gridPos: x: 0 y: 61 diff --git a/salt/grafana/panels/management_traffic_graph.json.jinja b/salt/grafana/panels/management_interface_traffic_graph.json.jinja similarity index 96% rename from salt/grafana/panels/management_traffic_graph.json.jinja rename to salt/grafana/panels/management_interface_traffic_graph.json.jinja index f8dedf55a..179a6fdc0 100644 --- a/salt/grafana/panels/management_traffic_graph.json.jinja +++ b/salt/grafana/panels/management_interface_traffic_graph.json.jinja @@ -21,10 +21,10 @@ "fill": 1, "fillGradient": 0, "gridPos": { - "x": {{ PANELS.management_traffic_graph.gridPos.x }}, - "y": {{ PANELS.management_traffic_graph.gridPos.y }}, - "w": {{ PANELS.management_traffic_graph.gridPos.w }}, - "h": {{ PANELS.management_traffic_graph.gridPos.h }} + "x": {{ PANELS.management_interface_traffic_graph.gridPos.x }}, + "y": {{ PANELS.management_interface_traffic_graph.gridPos.y }}, + "w": {{ PANELS.management_interface_traffic_graph.gridPos.w }}, + "h": {{ PANELS.management_interface_traffic_graph.gridPos.h }} }, "hiddenSeries": false, "id": 18, diff --git a/salt/grafana/panels/monitor_traffic_graph.json.jinja b/salt/grafana/panels/monitor_interface_traffic_graph.json.jinja similarity index 94% rename from salt/grafana/panels/monitor_traffic_graph.json.jinja rename to salt/grafana/panels/monitor_interface_traffic_graph.json.jinja index b446f9a74..91ec7c4f1 100644 --- a/salt/grafana/panels/monitor_traffic_graph.json.jinja +++ b/salt/grafana/panels/monitor_interface_traffic_graph.json.jinja @@ -21,10 +21,10 @@ "fill": 1, "fillGradient": 0, "gridPos": { - "x": {{ PANELS.monitor_traffic_graph.gridPos.x }}, - "y": {{ PANELS.monitor_traffic_graph.gridPos.y }}, - "w": {{ PANELS.monitor_traffic_graph.gridPos.w }}, - "h": {{ PANELS.monitor_traffic_graph.gridPos.h }} + "x": {{ PANELS.monitor_interface_traffic_graph.gridPos.x }}, + "y": {{ PANELS.monitor_interface_traffic_graph.gridPos.y }}, + "w": {{ PANELS.monitor_interface_traffic_graph.gridPos.w }}, + "h": {{ PANELS.monitor_interface_traffic_graph.gridPos.h }} }, "hiddenSeries": false, "id": 10, From e1e6304a8a3b096c1dd4e132d5ce5502e674f9bf Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Jul 2021 09:29:37 -0400 Subject: [PATCH 170/266] rename --- salt/grafana/defaults.yaml | 18 +- ...t_interface_traffic_both_graph.json.jinja} | 8 +- ...r_interface_traffic_both_graph.json.jinja} | 8 +- ...interface_traffic_inbound_graph.json.jinja | 224 ++++++++++++++++++ 4 files changed, 241 insertions(+), 17 deletions(-) rename salt/grafana/panels/{management_interface_traffic_graph.json.jinja => management_interface_traffic_both_graph.json.jinja} (95%) rename salt/grafana/panels/{monitor_interface_traffic_graph.json.jinja => monitor_interface_traffic_both_graph.json.jinja} (93%) create mode 100644 salt/grafana/panels/monitor_interface_traffic_inbound_graph.json.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index eecd2d1f5..bfd914a55 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -342,7 +342,7 @@ grafana: y: 44 h: 1 w: 24 - management_interface_traffic_graph: + management_interface_traffic_both_graph: gridPos: x: 0 y: 45 @@ -360,7 +360,7 @@ grafana: y: 53 h: 8 w: 12 - monitor_interface_traffic_graph: + monitor_interface_traffic_both_graph: gridPos: x: 0 y: 61 @@ -746,7 +746,7 @@ grafana: y: 44 h: 1 w: 24 - management_interface_traffic_graph: + management_interface_traffic_both_graph: gridPos: x: 0 y: 45 @@ -1075,7 +1075,7 @@ grafana: y: 44 h: 1 w: 24 - management_interface_traffic_graph: + management_interface_traffic_both_graph: gridPos: x: 0 y: 45 @@ -1422,7 +1422,7 @@ grafana: y: 44 h: 1 w: 24 - management_interface_traffic_graph: + management_interface_traffic_both_graph: gridPos: x: 0 y: 45 @@ -1440,7 +1440,7 @@ grafana: y: 53 h: 8 w: 12 - monitor_interface_traffic_graph: + monitor_interface_traffic_both_graph: gridPos: x: 0 y: 61 @@ -1755,7 +1755,7 @@ grafana: y: 44 h: 1 w: 24 - management_interface_traffic_graph: + management_interface_traffic_both_graph: gridPos: x: 0 y: 45 @@ -2070,7 +2070,7 @@ grafana: y: 44 h: 1 w: 24 - management_interface_traffic_graph: + management_interface_traffic_both_graph: gridPos: x: 0 y: 45 @@ -2088,7 +2088,7 @@ grafana: y: 53 h: 8 w: 12 - monitor_interface_traffic_graph: + monitor_interface_traffic_both_graph: gridPos: x: 0 y: 61 diff --git a/salt/grafana/panels/management_interface_traffic_graph.json.jinja b/salt/grafana/panels/management_interface_traffic_both_graph.json.jinja similarity index 95% rename from salt/grafana/panels/management_interface_traffic_graph.json.jinja rename to salt/grafana/panels/management_interface_traffic_both_graph.json.jinja index 179a6fdc0..94e067d53 100644 --- a/salt/grafana/panels/management_interface_traffic_graph.json.jinja +++ b/salt/grafana/panels/management_interface_traffic_both_graph.json.jinja @@ -21,10 +21,10 @@ "fill": 1, "fillGradient": 0, "gridPos": { - "x": {{ PANELS.management_interface_traffic_graph.gridPos.x }}, - "y": {{ PANELS.management_interface_traffic_graph.gridPos.y }}, - "w": {{ PANELS.management_interface_traffic_graph.gridPos.w }}, - "h": {{ PANELS.management_interface_traffic_graph.gridPos.h }} + "x": {{ PANELS.management_interface_traffic_both_graph.gridPos.x }}, + "y": {{ PANELS.management_interface_traffic_both_graph.gridPos.y }}, + "w": {{ PANELS.management_interface_traffic_both_graph.gridPos.w }}, + "h": {{ PANELS.management_interface_traffic_both_graph.gridPos.h }} }, "hiddenSeries": false, "id": 18, diff --git a/salt/grafana/panels/monitor_interface_traffic_graph.json.jinja b/salt/grafana/panels/monitor_interface_traffic_both_graph.json.jinja similarity index 93% rename from salt/grafana/panels/monitor_interface_traffic_graph.json.jinja rename to salt/grafana/panels/monitor_interface_traffic_both_graph.json.jinja index 91ec7c4f1..0c7fd3a0c 100644 --- a/salt/grafana/panels/monitor_interface_traffic_graph.json.jinja +++ b/salt/grafana/panels/monitor_interface_traffic_both_graph.json.jinja @@ -21,10 +21,10 @@ "fill": 1, "fillGradient": 0, "gridPos": { - "x": {{ PANELS.monitor_interface_traffic_graph.gridPos.x }}, - "y": {{ PANELS.monitor_interface_traffic_graph.gridPos.y }}, - "w": {{ PANELS.monitor_interface_traffic_graph.gridPos.w }}, - "h": {{ PANELS.monitor_interface_traffic_graph.gridPos.h }} + "x": {{ PANELS.monitor_interface_traffic_both_graph.gridPos.x }}, + "y": {{ PANELS.monitor_interface_traffic_both_graph.gridPos.y }}, + "w": {{ PANELS.monitor_interface_traffic_both_graph.gridPos.w }}, + "h": {{ PANELS.monitor_interface_traffic_both_graph.gridPos.h }} }, "hiddenSeries": false, "id": 10, diff --git a/salt/grafana/panels/monitor_interface_traffic_inbound_graph.json.jinja b/salt/grafana/panels/monitor_interface_traffic_inbound_graph.json.jinja new file mode 100644 index 000000000..bc84d89d1 --- /dev/null +++ b/salt/grafana/panels/monitor_interface_traffic_inbound_graph.json.jinja @@ -0,0 +1,224 @@ +{ + "aliasColors": { + "InBound": "#629E51", + "OutBound": "#5195CE", + "net.non_negative_derivative": "light-orange" + }, + "bars": false, + "maxDataPoints": 750, + "interval": "30s", + "dashLength": 10, + "dashes": false, + "datasource": "InfluxDB", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "x": {{ PANELS.monitor_interface_traffic_inbound_graph.gridPos.x }}, + "y": {{ PANELS.monitor_interface_traffic_inbound_graph.gridPos.y }}, + "w": {{ PANELS.monitor_interface_traffic_inbound_graph.gridPos.w }}, + "h": {{ PANELS.monitor_interface_traffic_inbound_graph.gridPos.h }} + }, + "hiddenSeries": false, + "id": 111845, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.4", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Inbound Current", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "net", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "bytes_recv" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=", + "value": "$monint" + } + ] + }, + { + "alias": "Inbound Trend", + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "net", + "orderByTime": "ASC", + "policy": "so_long_term", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "mean_bytes_recv" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + }, + { + "params": [ + "1s" + ], + "type": "non_negative_derivative" + }, + { + "params": [ + "*8" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=", + "value": "$servername" + }, + { + "condition": "AND", + "key": "interface", + "operator": "=", + "value": "$monint" + } + ] + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Monitor Interface Inbound Traffic", + "tooltip": { + "msResolution": true, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bps", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } +} From 257a88ec8e6cf5ab90120e3801158325ce7da33f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Jul 2021 09:30:43 -0400 Subject: [PATCH 171/266] change row name --- salt/grafana/defaults.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index bfd914a55..71b63469f 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -122,7 +122,7 @@ grafana: h: 8 w: 24 - cpu_network: + cpu_row: gridPos: x: 0 y: 74 From ae5f351e1a410e776c0a47648e75e545eebb9cc7 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Jul 2021 09:31:17 -0400 Subject: [PATCH 172/266] change row name --- salt/grafana/defaults.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 71b63469f..88608aee7 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -122,7 +122,7 @@ grafana: h: 8 w: 24 - cpu_row: + row_cpu: gridPos: x: 0 y: 74 From fa9d7afb46a6f6dfff675c6e18484356aff82511 Mon Sep 17 00:00:00 2001 From: doug Date: Fri, 16 Jul 2021 16:50:49 -0400 Subject: [PATCH 173/266] FIX: Airgap link to Release Notes #4685 --- salt/soc/files/soc/soc.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json index 36135b6e5..fc6d5f28d 100644 --- a/salt/soc/files/soc/soc.json +++ b/salt/soc/files/soc/soc.json @@ -91,9 +91,11 @@ {%- if ISAIRGAP is sameas true %} "docsUrl": "/docs/", "cheatsheetUrl": "/docs/cheatsheet.pdf", + "releaseNotesUrl": "/docs/#release-notes", {%- else %} "docsUrl": "https://docs.securityonion.net/en/2.3/", "cheatsheetUrl": "https://github.com/Security-Onion-Solutions/securityonion-docs/raw/2.3/images/cheat-sheet/Security-Onion-Cheat-Sheet.pdf", + "releaseNotesUrl": "https://docs.securityonion.net/en/2.3/release-notes", {%- endif %} "apiTimeoutMs": {{ API_TIMEOUT }}, "webSocketTimeoutMs": {{ WEBSOCKET_TIMEOUT }}, From 257062e20c30e10cebc4a827e53a75301e57d181 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 22 Jul 2021 09:48:34 -0400 Subject: [PATCH 174/266] Update release notes link to match top right menu for airgap --- salt/soc/files/soc/motd.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/soc/files/soc/motd.md b/salt/soc/files/soc/motd.md index ab9d6b843..fd95b089d 100644 --- a/salt/soc/files/soc/motd.md +++ b/salt/soc/files/soc/motd.md @@ -6,7 +6,7 @@ If you're ready to dive-in, take a look at the [Alerts](/#/alerts) interface to ## What's New -The release notes have moved to the upper-right menu. Click on the [What's New](/docs/#document-release-notes) menu option to find all the latest fixes and features in this version of Security Onion! +The release notes have moved to the upper-right menu. Click on the [What's New](/docs/#release-notes) menu option to find all the latest fixes and features in this version of Security Onion! ## Customize This Space From 3d3593a1a9f8edb658a3c2ec1b206d5c825e2bae Mon Sep 17 00:00:00 2001 From: doug Date: Mon, 12 Jul 2021 13:24:21 -0400 Subject: [PATCH 175/266] FIX: Suricata dns.response.code needs to be renamed to dns.response.code_name #4770 --- salt/elasticsearch/files/ingest/suricata.dns | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/files/ingest/suricata.dns b/salt/elasticsearch/files/ingest/suricata.dns index 85229ee92..2f5958e2e 100644 --- a/salt/elasticsearch/files/ingest/suricata.dns +++ b/salt/elasticsearch/files/ingest/suricata.dns @@ -12,7 +12,7 @@ { "rename": { "field": "message2.dns.qr", "target_field": "dns.qr", "ignore_missing": true } }, { "rename": { "field": "message2.dns.rd", "target_field": "dns.recursion.desired", "ignore_missing": true } }, { "rename": { "field": "message2.dns.ra", "target_field": "dns.recursion.available", "ignore_missing": true } }, - { "rename": { "field": "message2.dns.rcode", "target_field": "dns.response.code", "ignore_missing": true } }, + { "rename": { "field": "message2.dns.rcode", "target_field": "dns.response.code_name", "ignore_missing": true } }, { "rename": { "field": "message2.grouped.A", "target_field": "dns.answers.data", "ignore_missing": true } }, { "rename": { "field": "message2.grouped.CNAME", "target_field": "dns.answers.name", "ignore_missing": true } }, { "pipeline": { "if": "ctx.dns.query?.name != null && ctx.dns.query.name.contains('.')", "name": "dns.tld" } }, From aa333794f7df6b0f15ca54ab857db07da268a9f0 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Jul 2021 09:54:17 -0400 Subject: [PATCH 176/266] add disk usage percent graphs --- salt/grafana/defaults.yaml | 4 +- .../disk_usage_nsm_percent_graph.json.jinja | 167 ++++++++++++++++++ .../disk_usage_root_percent_graph.json.jinja | 167 ++++++++++++++++++ 3 files changed, 336 insertions(+), 2 deletions(-) create mode 100644 salt/grafana/panels/disk_usage_nsm_percent_graph.json.jinja create mode 100644 salt/grafana/panels/disk_usage_root_percent_graph.json.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 88608aee7..f7fe1df9b 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -60,13 +60,13 @@ grafana: y: 17 h: 8 w: 24 - disk_usage_root_graph: + disk_usage_root_percent_graph: gridPos: x: 0 y: 25 h: 8 w: 24 - disk_usage_nsm_graph: + disk_usage_nsm_percent_graph: gridPos: x: 0 y: 33 diff --git a/salt/grafana/panels/disk_usage_nsm_percent_graph.json.jinja b/salt/grafana/panels/disk_usage_nsm_percent_graph.json.jinja new file mode 100644 index 000000000..ff492bf52 --- /dev/null +++ b/salt/grafana/panels/disk_usage_nsm_percent_graph.json.jinja @@ -0,0 +1,167 @@ +{ + "aliasColors": {}, + "dashLength": 10, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "gridPos": { + "x": {{ PANELS.disk_usage_nsm_percent_graph.gridPos.x }}, + "y": {{ PANELS.disk_usage_nsm_percent_graph.gridPos.y }}, + "w": {{ PANELS.disk_usage_nsm_percent_graph.gridPos.w }}, + "h": {{ PANELS.disk_usage_nsm_percent_graph.gridPos.h }} + }, + "id": 47230, + "interval": "30s", + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "maxDataPoints": 750, + "nullPointMode": "connected", + "options": { + "alertThreshold": false + }, + "pluginVersion": "7.5.4", + "pointradius": 2, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "steppedLine": true, + "targets": [ + { + "alias": "$tag_host $tag_role", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "tag", + "params": [ + "role" + ] + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(total) AS \"total\", mean(used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/nsm' AND $timeFilter GROUP BY time($__interval), \"host\", \"path\"", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "used_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "role", + "operator": "=~", + "value": "/^$role$/" + }, + { + "condition": "AND", + "key": "path", + "operator": "=", + "value": "/nsm" + } + ], + "measurement": "disk" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Disk Usage /nsm", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:235", + "format": "percent", + "label": "", + "logBase": 1, + "max": "100", + "min": "0", + "show": true, + "decimals": 1 + }, + { + "$$hashKey": "object:236", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + }, + "fill": 0, + "bars": false, + "dashes": false, + "fillGradient": 0, + "hiddenSeries": false, + "percentage": false, + "points": false, + "stack": false, + "timeFrom": null, + "timeShift": null, + "decimals": 1 +} diff --git a/salt/grafana/panels/disk_usage_root_percent_graph.json.jinja b/salt/grafana/panels/disk_usage_root_percent_graph.json.jinja new file mode 100644 index 000000000..3aaa18f4d --- /dev/null +++ b/salt/grafana/panels/disk_usage_root_percent_graph.json.jinja @@ -0,0 +1,167 @@ +{ + "aliasColors": {}, + "dashLength": 10, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "gridPos": { + "x": {{ PANELS.disk_usage_root_percent_graph.gridPos.x }}, + "y": {{ PANELS.disk_usage_root_percent_graph.gridPos.y }}, + "w": {{ PANELS.disk_usage_root_percent_graph.gridPos.w }}, + "h": {{ PANELS.disk_usage_root_percent_graph.gridPos.h }} + }, + "id": 67830, + "interval": "30s", + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "maxDataPoints": 750, + "nullPointMode": "connected", + "options": { + "alertThreshold": false + }, + "pluginVersion": "7.5.4", + "pointradius": 2, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "steppedLine": true, + "targets": [ + { + "alias": "$tag_host $tag_role", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "tag", + "params": [ + "role" + ] + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(total) AS \"total\", mean(used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/' AND $timeFilter GROUP BY time($__interval), \"host\", \"path\"", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "used_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "role", + "operator": "=~", + "value": "/^$role$/" + }, + { + "condition": "AND", + "key": "path", + "operator": "=", + "value": "/" + } + ], + "measurement": "disk" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Disk Usage /", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:235", + "format": "percent", + "label": "", + "logBase": 1, + "max": "100", + "min": "0", + "show": true, + "decimals": 1 + }, + { + "$$hashKey": "object:236", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + }, + "fill": 0, + "bars": false, + "dashes": false, + "fillGradient": 0, + "hiddenSeries": false, + "percentage": false, + "points": false, + "stack": false, + "timeFrom": null, + "timeShift": null, + "decimals": 1 +} From ff436aea936aa8e9716da11c73532916fdf0c666 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Jul 2021 10:06:31 -0400 Subject: [PATCH 177/266] allow multi and all for manint and monint vars --- salt/grafana/templates/manint.json | 11 ++++++++--- salt/grafana/templates/monint.json | 11 ++++++++--- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/salt/grafana/templates/manint.json b/salt/grafana/templates/manint.json index cd88214ae..22015d274 100644 --- a/salt/grafana/templates/manint.json +++ b/salt/grafana/templates/manint.json @@ -1,14 +1,19 @@ { "allValue": null, - "current": {}, + "current": { + "selected": true, + "tags": [], + "text": [], + "value": [] + }, "datasource": "InfluxDB", "definition": "SELECT \"manint\" FROM \"node_config\" WHERE (\"host\" =~ /^$servername$/)", "description": null, "error": null, "hide": 2, - "includeAll": false, + "includeAll": true, "label": "Management Interface", - "multi": false, + "multi": true, "name": "manint", "options": [], "query": "SELECT \"manint\" FROM \"node_config\" WHERE (\"host\" =~ /^$servername$/)", diff --git a/salt/grafana/templates/monint.json b/salt/grafana/templates/monint.json index b51ff5a61..417ea8e62 100644 --- a/salt/grafana/templates/monint.json +++ b/salt/grafana/templates/monint.json @@ -1,14 +1,19 @@ { "allValue": null, - "current": {}, + "current": { + "selected": true, + "tags": [], + "text": [], + "value": [] + }, "datasource": "InfluxDB", "definition": "SELECT \"monint\" FROM \"node_config\" WHERE (\"host\" =~ /^$servername$/)", "description": null, "error": null, "hide": 2, - "includeAll": false, + "includeAll": true, "label": "Monitor Interface", - "multi": false, + "multi": true, "name": "monint", "options": [], "query": "SELECT \"monint\" FROM \"node_config\" WHERE (\"host\" =~ /^$servername$/)", From 1c460cc19c822d74c69908d95234a86f36f3b861 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Jul 2021 10:31:47 -0400 Subject: [PATCH 178/266] fix traffic overview graphs --- ...interface_traffic_inbound_graph.json.jinja | 34 ++--- ...nterface_traffic_outbound_graph.json.jinja | 28 ++-- ...interface_traffic_inbound_graph.json.jinja | 142 +++++++----------- 3 files changed, 84 insertions(+), 120 deletions(-) diff --git a/salt/grafana/panels/management_interface_traffic_inbound_graph.json.jinja b/salt/grafana/panels/management_interface_traffic_inbound_graph.json.jinja index f6a396ea2..287666290 100644 --- a/salt/grafana/panels/management_interface_traffic_inbound_graph.json.jinja +++ b/salt/grafana/panels/management_interface_traffic_inbound_graph.json.jinja @@ -6,6 +6,7 @@ }, "dashLength": 10, "datasource": "InfluxDB", + "decimals": 1, "editable": true, "fieldConfig": { "defaults": { @@ -23,9 +24,9 @@ "interval": "30s", "legend": { "alignAsTable": true, - "avg": true, + "avg": false, "current": true, - "max": true, + "max": false, "min": false, "rightSide": true, "show": true, @@ -40,7 +41,7 @@ "maxDataPoints": 750, "nullPointMode": "connected", "options": { - "alertThreshold": true + "alertThreshold": false }, "pluginVersion": "7.5.4", "pointradius": 5, @@ -49,7 +50,7 @@ "spaceLength": 10, "targets": [ { - "alias": "$tag_host $tag_role $manint", + "alias": "$tag_host $tag_role", "dsType": "influxdb", "groupBy": [ { @@ -59,16 +60,16 @@ "type": "time" }, { - "type": "tag", "params": [ "host" - ] + ], + "type": "tag" }, { - "type": "tag", "params": [ "role" - ] + ], + "type": "tag" }, { "params": [ @@ -80,6 +81,8 @@ "measurement": "net", "orderByTime": "ASC", "policy": "default", + "query": "SELECT non_negative_derivative(mean(\"bytes_recv\"), 1s) *8 FROM \"net\" WHERE (\"host\" = '$servername' AND \"interface\" = '$manint') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, "refId": "A", "resultFormat": "time_series", "select": [ @@ -126,9 +129,7 @@ "operator": "=~", "value": "/^$role$/" } - ], - "query": "SELECT non_negative_derivative(mean(\"bytes_recv\"), 1s) *8 FROM \"net\" WHERE (\"host\" = '$servername' AND \"interface\" = '$manint') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false + ] } ], "thresholds": [], @@ -150,29 +151,28 @@ }, "yaxes": [ { + "$$hashKey": "object:353", + "decimals": 1, "format": "bps", "logBase": 1, "max": null, "min": 0, - "show": true, - "$$hashKey": "object:353", - "decimals": 1 + "show": true }, { + "$$hashKey": "object:354", "format": "short", "label": null, "logBase": 1, "max": null, "min": null, - "show": true, - "$$hashKey": "object:354" + "show": true } ], "yaxis": { "align": false, "alignLevel": null }, - "decimals": 1, "bars": false, "dashes": false, "error": false, diff --git a/salt/grafana/panels/management_interface_traffic_outbound_graph.json.jinja b/salt/grafana/panels/management_interface_traffic_outbound_graph.json.jinja index 045c3e7a1..87ad16750 100644 --- a/salt/grafana/panels/management_interface_traffic_outbound_graph.json.jinja +++ b/salt/grafana/panels/management_interface_traffic_outbound_graph.json.jinja @@ -6,6 +6,7 @@ }, "dashLength": 10, "datasource": "InfluxDB", + "decimals": 1, "editable": true, "fieldConfig": { "defaults": { @@ -23,9 +24,9 @@ "interval": "30s", "legend": { "alignAsTable": true, - "avg": true, + "avg": false, "current": true, - "max": true, + "max": false, "min": false, "rightSide": true, "show": true, @@ -40,7 +41,7 @@ "maxDataPoints": 750, "nullPointMode": "connected", "options": { - "alertThreshold": true + "alertThreshold": false }, "pluginVersion": "7.5.4", "pointradius": 5, @@ -49,7 +50,7 @@ "spaceLength": 10, "targets": [ { - "alias": "$tag_host $tag_role $manint", + "alias": "$tag_host $tag_role", "dsType": "influxdb", "groupBy": [ { @@ -59,16 +60,16 @@ "type": "time" }, { - "type": "tag", "params": [ "host" - ] + ], + "type": "tag" }, { - "type": "tag", "params": [ "role" - ] + ], + "type": "tag" }, { "params": [ @@ -148,29 +149,28 @@ }, "yaxes": [ { + "$$hashKey": "object:353", + "decimals": 1, "format": "bps", "logBase": 1, "max": null, "min": 0, - "show": true, - "$$hashKey": "object:353", - "decimals": 1 + "show": true }, { + "$$hashKey": "object:354", "format": "short", "label": null, "logBase": 1, "max": null, "min": null, - "show": true, - "$$hashKey": "object:354" + "show": true } ], "yaxis": { "align": false, "alignLevel": null }, - "decimals": 1, "bars": false, "dashes": false, "error": false, diff --git a/salt/grafana/panels/monitor_interface_traffic_inbound_graph.json.jinja b/salt/grafana/panels/monitor_interface_traffic_inbound_graph.json.jinja index bc84d89d1..6ef26c5ee 100644 --- a/salt/grafana/panels/monitor_interface_traffic_inbound_graph.json.jinja +++ b/salt/grafana/panels/monitor_interface_traffic_inbound_graph.json.jinja @@ -2,61 +2,55 @@ "aliasColors": { "InBound": "#629E51", "OutBound": "#5195CE", - "net.non_negative_derivative": "light-orange" + "net.non_negative_derivative": "super-light-blue" }, - "bars": false, - "maxDataPoints": 750, - "interval": "30s", "dashLength": 10, - "dashes": false, "datasource": "InfluxDB", + "decimals": 1, "editable": true, - "error": false, "fieldConfig": { "defaults": { "links": [] }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "x": {{ PANELS.monitor_interface_traffic_inbound_graph.gridPos.x }}, "y": {{ PANELS.monitor_interface_traffic_inbound_graph.gridPos.y }}, "w": {{ PANELS.monitor_interface_traffic_inbound_graph.gridPos.w }}, "h": {{ PANELS.monitor_interface_traffic_inbound_graph.gridPos.h }} }, - "hiddenSeries": false, - "id": 111845, + "id": 188188, + "interval": "30s", "legend": { "alignAsTable": true, - "avg": true, + "avg": false, "current": true, - "max": true, - "min": true, + "max": false, + "min": false, + "rightSide": true, "show": true, + "sort": "current", + "sortDesc": true, "total": false, "values": true }, "lines": true, "linewidth": 2, "links": [], + "maxDataPoints": 750, "nullPointMode": "connected", "options": { - "alertThreshold": true + "alertThreshold": false }, - "percentage": false, "pluginVersion": "7.5.4", "pointradius": 5, - "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, - "stack": false, - "steppedLine": false, "targets": [ { - "alias": "Inbound Current", + "alias": "$tag_host $tag_role", "dsType": "influxdb", "groupBy": [ { @@ -65,6 +59,18 @@ ], "type": "time" }, + { + "params": [ + "host" + ], + "type": "tag" + }, + { + "params": [ + "role" + ], + "type": "tag" + }, { "params": [ "null" @@ -75,6 +81,8 @@ "measurement": "net", "orderByTime": "ASC", "policy": "default", + "query": "SELECT non_negative_derivative(mean(\"bytes_recv\"), 1s) *8 FROM \"net\" WHERE (\"host\" = '$servername' AND \"interface\" = '$monint') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, "refId": "A", "resultFormat": "time_series", "select": [ @@ -106,90 +114,31 @@ "tags": [ { "key": "host", - "operator": "=", - "value": "$servername" + "operator": "=~", + "value": "/^$servername$/" }, { "condition": "AND", "key": "interface", - "operator": "=", - "value": "$monint" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" + "operator": "=~", + "value": "/^$monint$/" }, { "condition": "AND", - "key": "interface", - "operator": "=", - "value": "$monint" + "key": "role", + "operator": "=~", + "value": "/^$role$/" } ] } ], "thresholds": [], - "timeFrom": null, "timeRegions": [], - "timeShift": null, - "title": "Monitor Interface Inbound Traffic", + "title": "Monitor Interface Traffic - Inbound", "tooltip": { "msResolution": true, "shared": true, - "sort": 0, + "sort": 2, "value_type": "cumulative" }, "type": "graph", @@ -202,13 +151,16 @@ }, "yaxes": [ { + "$$hashKey": "object:353", + "decimals": 1, "format": "bps", "logBase": 1, "max": null, - "min": null, + "min": 0, "show": true }, { + "$$hashKey": "object:354", "format": "short", "label": null, "logBase": 1, @@ -220,5 +172,17 @@ "yaxis": { "align": false, "alignLevel": null - } + }, + "bars": false, + "dashes": false, + "error": false, + "fill": 0, + "fillGradient": 0, + "hiddenSeries": false, + "percentage": false, + "points": false, + "stack": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null } From 578c7aac35608c2c3ddeec01127812725ccf32e2 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 22 Jul 2021 13:06:26 -0400 Subject: [PATCH 179/266] 2.3.61 --- VERIFY_ISO.md | 22 +++++++++++----------- sigs/securityonion-2.3.61.iso.sig | Bin 0 -> 543 bytes 2 files changed, 11 insertions(+), 11 deletions(-) create mode 100644 sigs/securityonion-2.3.61.iso.sig diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 1e35ea1c7..f71c088cf 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,18 +1,18 @@ -### 2.3.60-CURATORAUTH ISO image built on 2021/07/19 +### 2.3.61 ISO image built on 2021/07/22 ### Download and Verify -2.3.60-CURATORAUTH ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.60-CURATORAUTH.iso +2.3.61 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.61.iso -MD5: 953DD42AB3A3560BB35F4E9F69212AE3 -SHA1: 5D18B98B19FD7F8C799E88FC28ABC46990FC6B9B -SHA256: E26F43F969241985DC74915842492F876EC7B8CBAF5F2F52405554E7C92408C2 +MD5: 538F29F3AB57087FC879108FFC81447C +SHA1: C2239206572CBEB697CFA2A4850A16A54BF5FB0D +SHA256: F5035361B63D1EE8D87CE7B0D8333E521A44453274785B62630CAC76C1BEA929 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.60-CURATORAUTH.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.61.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.60-CURATORAUTH.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.61.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.60-CURATORAUTH.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.61.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.60-CURATORAUTH.iso.sig securityonion-2.3.60-CURATORAUTH.iso +gpg --verify securityonion-2.3.61.iso.sig securityonion-2.3.61.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Mon 19 Jul 2021 01:25:34 PM EDT using RSA key ID FE507013 +gpg: Signature made Thu 22 Jul 2021 10:28:58 AM EDT using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/sigs/securityonion-2.3.61.iso.sig b/sigs/securityonion-2.3.61.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..4e191e92e47c6afafbeb0f041867b484d8f36da4 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;9CfT{or2@re`V7LBIa1+~%5BvOM0jYh4l-9AQB5Zui0q#+#cO zjA&c*#$Ko|PEbmw-|;@3r^+uHAs$u|m$KoxR{?t6Sng!TGgKH@aC3RuidTnh(4lCQ zGT3bQpumljQvi@Ha2Tl)GjY zlGEO}XfzK#06-cma3eu(hKWb1wUu%j9UKv8$zH`yJ3j6XFsEM3i4CW|*0^5;0 z_g_U!Bb1Z?uz&%rR0(JlZ literal 0 HcmV?d00001 From 9ae84c810836a0dc16eb6d879b0988cbbec9d627 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Jul 2021 13:16:39 -0400 Subject: [PATCH 180/266] add network and tool packetloss panels to overview --- salt/grafana/defaults.yaml | 74 ++++++--- ...t_interface_drops_inbound_graph.json.jinja | 143 ++++++++++++++++++ ..._interface_drops_outbound_graph.json.jinja | 143 ++++++++++++++++++ ...interface_traffic_inbound_graph.json.jinja | 2 +- ...r_interface_drops_inbound_graph.json.jinja | 141 +++++++++++++++++ salt/grafana/panels/row_packetloss.json.jinja | 15 ++ 6 files changed, 499 insertions(+), 19 deletions(-) create mode 100644 salt/grafana/panels/management_interface_drops_inbound_graph.json.jinja create mode 100644 salt/grafana/panels/management_interface_drops_outbound_graph.json.jinja create mode 100644 salt/grafana/panels/monitor_interface_drops_inbound_graph.json.jinja create mode 100644 salt/grafana/panels/row_packetloss.json.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index f7fe1df9b..bc82f4272 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -100,74 +100,112 @@ grafana: management_interface_traffic_outbound_graph: gridPos: x: 0 - y: 58 + y: 64 h: 8 w: 24 - management_interface_drops_graph: + management_interface_drops_inbound_graph: gridPos: x: 0 - y: 58 + y: 72 h: 8 w: 24 + management_interface_drops_outbound_graph: + gridPos: + x: 0 + y: 80 + h: 8 + w: 24 + monitor_interface_traffic_inbound_graph: gridPos: x: 0 - y: 58 - h: 8 - w: 24 - monitor_interface_drops_graph: - gridPos: - x: 0 - y: 66 + y: 88 h: 8 w: 24 + monitor_interface_traffic_outbound_graph: + gridPos: + x: 0 + y: 96 + h: 8 + w: 24 + monitor_interface_drops_inbound_graph: + gridPos: + x: 0 + y: 104 + h: 8 + w: 24 + + row_packetloss: + gridPos: + x: 0 + y: 112 + h: 1 + w: 24 + zeek_packet_loss_graph: + gridPos: + x: 0 + y: 113 + h: 8 + w: 24 + suricata_packetloss_graph: + gridPos: + x: 0 + y: 121 + h: 8 + w: 12 + stenographer_packetloss_graph: + gridPos: + x: 12 + y: 129 + h: 8 + w: 12 row_cpu: gridPos: x: 0 - y: 74 + y: 999 h: 1 w: 24 cpu_usage_tasks_running_graph: gridPos: x: 0 - y: 75 + y: 1000 h: 8 w: 24 cpu_usage_tasks_zombies_graph: gridPos: x: 0 - y: 83 + y: 1008 h: 8 w: 12 cpu_usage_tasks_stopped_graph: gridPos: x: 12 - y: 83 + y: 1008 h: 8 w: 12 cpu_usage_tasks_sleeping_graph: gridPos: x: 0 - y: 91 + y: 1016 h: 8 w: 12 cpu_usage_tasks_blocked_graph: gridPos: x: 12 - y: 91 + y: 1016 h: 8 w: 12 cpu_usage_tasks_paging_graph: gridPos: x: 0 - y: 99 + y: 1024 h: 8 w: 12 cpu_usage_tasks_unknown_graph: gridPos: x: 12 - y: 99 + y: 1024 h: 8 w: 12 diff --git a/salt/grafana/panels/management_interface_drops_inbound_graph.json.jinja b/salt/grafana/panels/management_interface_drops_inbound_graph.json.jinja new file mode 100644 index 000000000..3ec958adc --- /dev/null +++ b/salt/grafana/panels/management_interface_drops_inbound_graph.json.jinja @@ -0,0 +1,143 @@ +{ + "aliasColors": {}, + "dashLength": 10, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "gridPos": { + "x": {{ PANELS.management_interface_drops_inbound_graph.gridPos.x }}, + "y": {{ PANELS.management_interface_drops_inbound_graph.gridPos.y }}, + "w": {{ PANELS.management_interface_drops_inbound_graph.gridPos.w }}, + "h": {{ PANELS.management_interface_drops_inbound_graph.gridPos.h }} + }, + "id": 61877, + "interval": "30s", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "maxDataPoints": 750, + "nullPointMode": "connected", + "options": { + "alertThreshold": false + }, + "pluginVersion": "7.5.4", + "pointradius": 2, + "renderer": "flot", + "seriesOverrides": [ + { + "$$hashKey": "object:592", + "alias": "/veth/", + "hiddenSeries": true, + "legend": false + } + ], + "spaceLength": 10, + "targets": [ + { + "alias": "$tag_host: $tag_role", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND role =~ /$role/ AND $timeFilter GROUP BY time($__interval), host,role fill(none)", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Management Interface Drops - Inbound", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:500", + "format": "pps", + "label": "Drops per second", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "$$hashKey": "object:501", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true, + "decimals": 0 + } + ], + "yaxis": { + "align": false, + "alignLevel": null + }, + "fill": 0, + "bars": false, + "dashes": false, + "decimals": 0, + "fillGradient": 0, + "hiddenSeries": false, + "percentage": false, + "points": false, + "stack": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/management_interface_drops_outbound_graph.json.jinja b/salt/grafana/panels/management_interface_drops_outbound_graph.json.jinja new file mode 100644 index 000000000..3e59e1136 --- /dev/null +++ b/salt/grafana/panels/management_interface_drops_outbound_graph.json.jinja @@ -0,0 +1,143 @@ +{ + "aliasColors": {}, + "dashLength": 10, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "gridPos": { + "x": {{ PANELS.management_interface_drops_outbound_graph.gridPos.x }}, + "y": {{ PANELS.management_interface_drops_outbound_graph.gridPos.y }}, + "w": {{ PANELS.management_interface_drops_outbound_graph.gridPos.w }}, + "h": {{ PANELS.management_interface_drops_outbound_graph.gridPos.h }} + }, + "id": 188189, + "interval": "30s", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "maxDataPoints": 750, + "nullPointMode": "connected", + "options": { + "alertThreshold": false + }, + "pluginVersion": "7.5.4", + "pointradius": 2, + "renderer": "flot", + "seriesOverrides": [ + { + "$$hashKey": "object:592", + "alias": "/veth/", + "hiddenSeries": true, + "legend": false + } + ], + "spaceLength": 10, + "targets": [ + { + "alias": "$tag_host: $tag_role", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(drop_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND role =~ /$role/ AND $timeFilter GROUP BY time($__interval), host,role fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Management Interface Drops - Outbound", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:500", + "format": "pps", + "label": "Drops per second", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "$$hashKey": "object:501", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true, + "decimals": 0 + } + ], + "yaxis": { + "align": false, + "alignLevel": null + }, + "fill": 0, + "bars": false, + "dashes": false, + "decimals": 0, + "fillGradient": 0, + "hiddenSeries": false, + "percentage": false, + "points": false, + "stack": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/management_interface_traffic_inbound_graph.json.jinja b/salt/grafana/panels/management_interface_traffic_inbound_graph.json.jinja index 287666290..863644e58 100644 --- a/salt/grafana/panels/management_interface_traffic_inbound_graph.json.jinja +++ b/salt/grafana/panels/management_interface_traffic_inbound_graph.json.jinja @@ -24,7 +24,7 @@ "interval": "30s", "legend": { "alignAsTable": true, - "avg": false, + "avg": true, "current": true, "max": false, "min": false, diff --git a/salt/grafana/panels/monitor_interface_drops_inbound_graph.json.jinja b/salt/grafana/panels/monitor_interface_drops_inbound_graph.json.jinja new file mode 100644 index 000000000..42b274bbb --- /dev/null +++ b/salt/grafana/panels/monitor_interface_drops_inbound_graph.json.jinja @@ -0,0 +1,141 @@ +{ + "aliasColors": {}, + "dashLength": 10, + "datasource": "InfluxDB", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "gridPos": { + "x": {{ PANELS.monitor_interface_drops_inbound_graph.gridPos.x }}, + "y": {{ PANELS.monitor_interface_drops_inbound_graph.gridPos.y }}, + "w": {{ PANELS.monitor_interface_drops_inbound_graph.gridPos.w }}, + "h": {{ PANELS.monitor_interface_drops_inbound_graph.gridPos.h }} + }, + "id": 188190, + "interval": "30s", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": false, + "min": false, + "show": true, + "total": false, + "values": true, + "rightSide": true + }, + "lines": true, + "linewidth": 1, + "maxDataPoints": 750, + "nullPointMode": "connected", + "options": { + "alertThreshold": false + }, + "pluginVersion": "7.5.4", + "pointradius": 2, + "renderer": "flot", + "seriesOverrides": [ + { + "$$hashKey": "object:592", + "alias": "/veth/", + "hiddenSeries": true, + "legend": false + } + ], + "spaceLength": 10, + "targets": [ + { + "alias": "$tag_host: $tag_role", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND role =~ /$role/ AND $timeFilter GROUP BY time($__interval), host,role fill(none)", + "queryType": "randomWalk", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Monitor Interface Drops - Inbound", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:500", + "format": "pps", + "label": "Drops per second", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "$$hashKey": "object:501", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true, + "decimals": 0 + } + ], + "yaxis": { + "align": false, + "alignLevel": null + }, + "fill": 0, + "bars": false, + "dashes": false, + "decimals": 0, + "fillGradient": 0, + "hiddenSeries": false, + "percentage": false, + "points": false, + "stack": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null +} diff --git a/salt/grafana/panels/row_packetloss.json.jinja b/salt/grafana/panels/row_packetloss.json.jinja new file mode 100644 index 000000000..4eafeeca8 --- /dev/null +++ b/salt/grafana/panels/row_packetloss.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_packetloss.gridPos.x }}, + "y": {{ PANELS.row_packetloss.gridPos.y }}, + "w": {{ PANELS.row_packetloss.gridPos.w }}, + "h": {{ PANELS.row_packetloss.gridPos.h }} + }, + "id": 816341, + "panels": [], + "repeat": null, + "title": "Packet Loss", + "type": "row" + } From d47566f667d7ab4af28f7f599a27c375c91e6744 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Jul 2021 13:18:31 -0400 Subject: [PATCH 181/266] remove monitor inbound graph --- salt/grafana/defaults.yaml | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index bc82f4272..7111743e6 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -115,48 +115,41 @@ grafana: y: 80 h: 8 w: 24 - monitor_interface_traffic_inbound_graph: gridPos: x: 0 y: 88 h: 8 w: 24 - monitor_interface_traffic_outbound_graph: - gridPos: - x: 0 - y: 96 - h: 8 - w: 24 monitor_interface_drops_inbound_graph: gridPos: x: 0 - y: 104 + y: 96 h: 8 w: 24 row_packetloss: gridPos: x: 0 - y: 112 + y: 104 h: 1 w: 24 zeek_packet_loss_graph: gridPos: x: 0 - y: 113 + y: 105 h: 8 w: 24 suricata_packetloss_graph: gridPos: x: 0 - y: 121 + y: 113 h: 8 w: 12 stenographer_packetloss_graph: gridPos: x: 12 - y: 129 + y: 121 h: 8 w: 12 From 44eb23615a063fc4ddc8a4c18d0bd0da4c9ddce3 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Jul 2021 13:20:19 -0400 Subject: [PATCH 182/266] change to packet_loss --- salt/grafana/defaults.yaml | 6 +++--- salt/grafana/panels/row_packet_loss.json.jinja | 15 +++++++++++++++ salt/grafana/panels/row_packetloss.json.jinja | 15 --------------- 3 files changed, 18 insertions(+), 18 deletions(-) create mode 100644 salt/grafana/panels/row_packet_loss.json.jinja delete mode 100644 salt/grafana/panels/row_packetloss.json.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 7111743e6..bb406e672 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -128,7 +128,7 @@ grafana: h: 8 w: 24 - row_packetloss: + row_packet_loss: gridPos: x: 0 y: 104 @@ -140,13 +140,13 @@ grafana: y: 105 h: 8 w: 24 - suricata_packetloss_graph: + suricata_packet_loss_graph: gridPos: x: 0 y: 113 h: 8 w: 12 - stenographer_packetloss_graph: + stenographer_packet_loss_graph: gridPos: x: 12 y: 121 diff --git a/salt/grafana/panels/row_packet_loss.json.jinja b/salt/grafana/panels/row_packet_loss.json.jinja new file mode 100644 index 000000000..b9d2c8a96 --- /dev/null +++ b/salt/grafana/panels/row_packet_loss.json.jinja @@ -0,0 +1,15 @@ +{ + "collapsed": false, + "datasource": null, + "gridPos": { + "x": {{ PANELS.row_packet_loss.gridPos.x }}, + "y": {{ PANELS.row_packet_loss.gridPos.y }}, + "w": {{ PANELS.row_packet_loss.gridPos.w }}, + "h": {{ PANELS.row_packet_loss.gridPos.h }} + }, + "id": 816341, + "panels": [], + "repeat": null, + "title": "Packet Loss", + "type": "row" + } diff --git a/salt/grafana/panels/row_packetloss.json.jinja b/salt/grafana/panels/row_packetloss.json.jinja deleted file mode 100644 index 4eafeeca8..000000000 --- a/salt/grafana/panels/row_packetloss.json.jinja +++ /dev/null @@ -1,15 +0,0 @@ -{ - "collapsed": false, - "datasource": null, - "gridPos": { - "x": {{ PANELS.row_packetloss.gridPos.x }}, - "y": {{ PANELS.row_packetloss.gridPos.y }}, - "w": {{ PANELS.row_packetloss.gridPos.w }}, - "h": {{ PANELS.row_packetloss.gridPos.h }} - }, - "id": 816341, - "panels": [], - "repeat": null, - "title": "Packet Loss", - "type": "row" - } From 7dc2e2ca73dd08647f37be11898617239a3d96b3 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Jul 2021 13:35:25 -0400 Subject: [PATCH 183/266] add option to hide trend on zeek packet loss graph --- salt/grafana/defaults.yaml | 1 + .../panels/zeek_packet_loss_graph.json.jinja | 47 ++++++++++--------- 2 files changed, 26 insertions(+), 22 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index bb406e672..f9fb4ee30 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -140,6 +140,7 @@ grafana: y: 105 h: 8 w: 24 + hideTrend: true suricata_packet_loss_graph: gridPos: x: 0 diff --git a/salt/grafana/panels/zeek_packet_loss_graph.json.jinja b/salt/grafana/panels/zeek_packet_loss_graph.json.jinja index b8d9f67ef..56ac95630 100644 --- a/salt/grafana/panels/zeek_packet_loss_graph.json.jinja +++ b/salt/grafana/panels/zeek_packet_loss_graph.json.jinja @@ -1,11 +1,6 @@ { "aliasColors": {}, - "bars": false, - "maxDataPoints": 750, - "interval": "30s", - "cacheTimeout": null, "dashLength": 10, - "dashes": false, "datasource": "InfluxDB", "fieldConfig": { "defaults": { @@ -14,15 +9,14 @@ "overrides": [] }, "fill": 1, - "fillGradient": 0, "gridPos": { "x": {{ PANELS.zeek_packet_loss_graph.gridPos.x }}, "y": {{ PANELS.zeek_packet_loss_graph.gridPos.y }}, "w": {{ PANELS.zeek_packet_loss_graph.gridPos.w }}, "h": {{ PANELS.zeek_packet_loss_graph.gridPos.h }} }, - "hiddenSeries": false, "id": 2022, + "interval": "30s", "legend": { "alignAsTable": true, "avg": true, @@ -40,14 +34,13 @@ "lines": true, "linewidth": 1, "links": [], + "maxDataPoints": 750, "nullPointMode": "connected", "options": { "alertThreshold": true }, - "percentage": false, "pluginVersion": "7.5.4", "pointradius": 2, - "points": false, "renderer": "flot", "seriesOverrides": [ { @@ -55,12 +48,11 @@ "dashLength": 4, "dashes": true, "fill": 0, - "linewidth": 4 + "linewidth": 4, + "$$hashKey": "object:314" } ], "spaceLength": 10, - "stack": false, - "steppedLine": false, "targets": [ { "alias": "Loss Current", @@ -107,8 +99,8 @@ "tags": [ { "key": "host", - "operator": "=", - "value": "$servername" + "operator": "=~", + "value": "/^$servername$/" } ] }, @@ -129,7 +121,7 @@ "type": "fill" } ], - "hide": false, + "hide": {% PANELS.zeek_packet_loss_graph.get('hideTrend', false) %}, "measurement": "zeekdrop", "orderByTime": "ASC", "policy": "so_long_term", @@ -158,16 +150,14 @@ "tags": [ { "key": "host", - "operator": "=", - "value": "$servername" + "operator": "=~", + "value": "/^$servername$/" } ] } ], "thresholds": [], - "timeFrom": null, "timeRegions": [], - "timeShift": null, "title": "Zeek Packet Loss", "tooltip": { "shared": true, @@ -190,7 +180,8 @@ "logBase": 1, "max": null, "min": 0, - "show": true + "show": true, + "$$hashKey": "object:327" }, { "format": "short", @@ -198,11 +189,23 @@ "logBase": 1, "max": null, "min": null, - "show": false + "show": false, + "$$hashKey": "object:328" } ], "yaxis": { "align": false, "alignLevel": null - } + }, + "bars": false, + "cacheTimeout": null, + "dashes": false, + "fillGradient": 0, + "hiddenSeries": false, + "percentage": false, + "points": false, + "stack": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null } From 7b38b4e280e54b25bf7e32216d562f62809b78fe Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Jul 2021 13:36:44 -0400 Subject: [PATCH 184/266] fix {{}} --- salt/grafana/panels/zeek_packet_loss_graph.json.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/panels/zeek_packet_loss_graph.json.jinja b/salt/grafana/panels/zeek_packet_loss_graph.json.jinja index 56ac95630..95df0ce3a 100644 --- a/salt/grafana/panels/zeek_packet_loss_graph.json.jinja +++ b/salt/grafana/panels/zeek_packet_loss_graph.json.jinja @@ -121,7 +121,7 @@ "type": "fill" } ], - "hide": {% PANELS.zeek_packet_loss_graph.get('hideTrend', false) %}, + "hide": {{ PANELS.zeek_packet_loss_graph.get('hideTrend', false) }}, "measurement": "zeekdrop", "orderByTime": "ASC", "policy": "so_long_term", From 7a753a56ece051427440b95e657b0b291ae2493f Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 22 Jul 2021 13:53:58 -0400 Subject: [PATCH 185/266] Update README with 2.3.61 --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4bff52b20..b3a31cbf8 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -## Security Onion 2.3.60 +## Security Onion 2.3.61 -Security Onion 2.3.60 is here! +Security Onion 2.3.61 is here! ## Screenshots From 191def686bb4be412e19796dca7952f83a7e5dcd Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Jul 2021 15:02:06 -0400 Subject: [PATCH 186/266] add packet loss panels --- salt/grafana/defaults.yaml | 10 +- .../stenographer_packet_loss_graph.json.jinja | 111 ++++++++++++------ .../suricata_packet_loss_graph.json.jinja | 99 +++++++++++----- .../panels/zeek_packet_loss_graph.json.jinja | 66 ++++++++--- 4 files changed, 204 insertions(+), 82 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index f9fb4ee30..c89559bc7 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -147,12 +147,14 @@ grafana: y: 113 h: 8 w: 12 + hideTrend: true stenographer_packet_loss_graph: gridPos: x: 12 y: 121 h: 8 - w: 12 + w: 1 + hideTrend: true row_cpu: gridPos: @@ -208,6 +210,7 @@ grafana: templating: list: - servername_standalone + - role - containers - manint - monint @@ -642,6 +645,7 @@ grafana: templating: list: - servername_manager + - role - containers - manint - monint @@ -971,6 +975,7 @@ grafana: templating: list: - servername_managersearch + - role - containers - manint - monint @@ -1300,6 +1305,7 @@ grafana: templating: list: - servername_sensor + - role - containers - manint - monint @@ -1651,6 +1657,7 @@ grafana: templating: list: - servername_searchnode + - role - containers - manint - monint @@ -1936,6 +1943,7 @@ grafana: templating: list: - servername_heavynode + - role - containers - manint - monint diff --git a/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja b/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja index 53d539a4d..5b540262d 100644 --- a/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja +++ b/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja @@ -1,11 +1,6 @@ { "aliasColors": {}, - "bars": false, - "maxDataPoints": 750, - "interval": "30s", - "cacheTimeout": null, "dashLength": 10, - "dashes": false, "datasource": "InfluxDB", "fieldConfig": { "defaults": { @@ -13,24 +8,22 @@ }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "x": {{ PANELS.stenographer_packet_loss_graph.gridPos.x }}, "y": {{ PANELS.stenographer_packet_loss_graph.gridPos.y }}, "w": {{ PANELS.stenographer_packet_loss_graph.gridPos.w }}, "h": {{ PANELS.stenographer_packet_loss_graph.gridPos.h }} }, - "hiddenSeries": false, "id": 19, + "interval": "30s", "legend": { "alignAsTable": true, "avg": true, "current": true, "hideEmpty": true, - "max": true, + "max": false, "min": false, - "rightSide": false, + "rightSide": true, "show": true, "sort": "current", "sortDesc": true, @@ -40,14 +33,13 @@ "lines": true, "linewidth": 1, "links": [], + "maxDataPoints": 750, "nullPointMode": "connected", "options": { "alertThreshold": true }, - "percentage": false, "pluginVersion": "7.5.4", "pointradius": 2, - "points": false, "renderer": "flot", "seriesOverrides": [ { @@ -55,15 +47,14 @@ "dashLength": 4, "dashes": true, "fill": 0, - "linewidth": 4 + "linewidth": 4, + "$$hashKey": "object:2274" } ], "spaceLength": 10, - "stack": false, - "steppedLine": false, "targets": [ { - "alias": "Loss Current", + "alias": "Current $tag_host $tag_role", "dsType": "influxdb", "groupBy": [ { @@ -72,6 +63,18 @@ ], "type": "time" }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "tag", + "params": [ + "role" + ] + }, { "params": [ "null" @@ -87,27 +90,33 @@ "select": [ [ { + "type": "field", "params": [ "drop" - ], - "type": "field" + ] }, { - "params": [], - "type": "last" + "type": "mean", + "params": [] } ] ], "tags": [ { "key": "host", - "operator": "=", - "value": "$servername" + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "role", + "operator": "=~", + "value": "/^$role$/" } ] }, { - "alias": "Loss Trend", + "alias": "Trend $tag_host $tag_role", "dsType": "influxdb", "groupBy": [ { @@ -116,6 +125,18 @@ ], "type": "time" }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "tag", + "params": [ + "role" + ] + }, { "params": [ "null" @@ -123,7 +144,7 @@ "type": "fill" } ], - "hide": false, + "hide": {{ PANELS.stenographer_packet_loss_graph.get('hideTrend', false)|json }},, "measurement": "stenodrop", "orderByTime": "ASC", "policy": "so_long_term", @@ -132,34 +153,38 @@ "select": [ [ { + "type": "field", "params": [ "mean_drop" - ], - "type": "field" + ] }, { - "params": [], - "type": "last" + "type": "mean", + "params": [] } ] ], "tags": [ { "key": "host", - "operator": "=", - "value": "$servername" + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "role", + "operator": "=~", + "value": "/^$role$/" } ] } ], "thresholds": [], - "timeFrom": null, "timeRegions": [], - "timeShift": null, "title": "Stenographer Packet Loss", "tooltip": { "shared": true, - "sort": 0, + "sort": 2, "value_type": "individual" }, "type": "graph", @@ -178,7 +203,8 @@ "logBase": 1, "max": null, "min": 0, - "show": true + "show": true, + "$$hashKey": "object:2287" }, { "format": "short", @@ -186,11 +212,24 @@ "logBase": 1, "max": null, "min": null, - "show": false + "show": false, + "$$hashKey": "object:2288" } ], "yaxis": { "align": false, "alignLevel": null - } + }, + "bars": false, + "cacheTimeout": null, + "dashes": false, + "fill": 0, + "fillGradient": 0, + "hiddenSeries": false, + "percentage": false, + "points": false, + "stack": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null } diff --git a/salt/grafana/panels/suricata_packet_loss_graph.json.jinja b/salt/grafana/panels/suricata_packet_loss_graph.json.jinja index 42ba5fefb..e9ec68e31 100644 --- a/salt/grafana/panels/suricata_packet_loss_graph.json.jinja +++ b/salt/grafana/panels/suricata_packet_loss_graph.json.jinja @@ -1,11 +1,6 @@ { "aliasColors": {}, - "bars": false, - "maxDataPoints": 750, - "interval": "30s", - "cacheTimeout": null, "dashLength": 10, - "dashes": false, "datasource": "InfluxDB", "fieldConfig": { "defaults": { @@ -13,24 +8,22 @@ }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "x": {{ PANELS.suricata_packet_loss_graph.gridPos.x }}, "y": {{ PANELS.suricata_packet_loss_graph.gridPos.y }}, "w": {{ PANELS.suricata_packet_loss_graph.gridPos.w }}, "h": {{ PANELS.suricata_packet_loss_graph.gridPos.h }} }, - "hiddenSeries": false, "id": 21, + "interval": "30s", "legend": { "alignAsTable": true, "avg": true, "current": true, "hideEmpty": true, - "max": true, + "max": false, "min": false, - "rightSide": false, + "rightSide": true, "show": true, "sort": "current", "sortDesc": true, @@ -40,14 +33,13 @@ "lines": true, "linewidth": 1, "links": [], + "maxDataPoints": 750, "nullPointMode": "connected", "options": { "alertThreshold": true }, - "percentage": false, "pluginVersion": "7.5.4", "pointradius": 2, - "points": false, "renderer": "flot", "seriesOverrides": [ { @@ -55,15 +47,14 @@ "dashLength": 4, "dashes": true, "fill": 0, - "linewidth": 4 + "linewidth": 4, + "$$hashKey": "object:1059" } ], "spaceLength": 10, - "stack": false, - "steppedLine": false, "targets": [ { - "alias": "Loss Current", + "alias": "Current $tag_host $tag_role", "dsType": "influxdb", "groupBy": [ { @@ -72,6 +63,18 @@ ], "type": "time" }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "tag", + "params": [ + "role" + ] + }, { "params": [ "null" @@ -94,7 +97,7 @@ }, { "params": [], - "type": "last" + "type": "mean" }, { "params": [ @@ -107,13 +110,19 @@ "tags": [ { "key": "host", - "operator": "=", - "value": "$servername" + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "role", + "operator": "=~", + "value": "/^$role$/" } ] }, { - "alias": "Loss Trend", + "alias": "Trend $tag_host $tag_role", "dsType": "influxdb", "groupBy": [ { @@ -122,6 +131,18 @@ ], "type": "time" }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "tag", + "params": [ + "role" + ] + }, { "params": [ "null" @@ -129,7 +150,7 @@ "type": "fill" } ], - "hide": false, + "hide": {{ PANELS.suricata_packet_loss_graph.get('hideTrend', false)|json }}, "measurement": "suridrop", "orderByTime": "ASC", "policy": "so_long_term", @@ -145,7 +166,7 @@ }, { "params": [], - "type": "last" + "type": "mean" }, { "params": [ @@ -158,20 +179,24 @@ "tags": [ { "key": "host", - "operator": "=", - "value": "$servername" + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "role", + "operator": "=~", + "value": "/^$role$/" } ] } ], "thresholds": [], - "timeFrom": null, "timeRegions": [], - "timeShift": null, "title": "Suricata Packet Loss", "tooltip": { "shared": true, - "sort": 0, + "sort": 2, "value_type": "individual" }, "type": "graph", @@ -189,7 +214,8 @@ "logBase": 1, "max": null, "min": 0, - "show": true + "show": true, + "$$hashKey": "object:1072" }, { "format": "short", @@ -197,11 +223,24 @@ "logBase": 1, "max": null, "min": null, - "show": false + "show": false, + "$$hashKey": "object:1073" } ], "yaxis": { "align": false, "alignLevel": null - } + }, + "bars": false, + "cacheTimeout": null, + "dashes": false, + "fill": 0, + "fillGradient": 0, + "hiddenSeries": false, + "percentage": false, + "points": false, + "stack": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null } diff --git a/salt/grafana/panels/zeek_packet_loss_graph.json.jinja b/salt/grafana/panels/zeek_packet_loss_graph.json.jinja index 95df0ce3a..89d1d57f1 100644 --- a/salt/grafana/panels/zeek_packet_loss_graph.json.jinja +++ b/salt/grafana/panels/zeek_packet_loss_graph.json.jinja @@ -8,7 +8,6 @@ }, "overrides": [] }, - "fill": 1, "gridPos": { "x": {{ PANELS.zeek_packet_loss_graph.gridPos.x }}, "y": {{ PANELS.zeek_packet_loss_graph.gridPos.y }}, @@ -22,9 +21,9 @@ "avg": true, "current": true, "hideEmpty": true, - "max": true, + "max": false, "min": false, - "rightSide": false, + "rightSide": true, "show": true, "sort": "current", "sortDesc": true, @@ -44,18 +43,18 @@ "renderer": "flot", "seriesOverrides": [ { + "$$hashKey": "object:314", "alias": "/Trend/", "dashLength": 4, "dashes": true, "fill": 0, - "linewidth": 4, - "$$hashKey": "object:314" + "linewidth": 4 } ], "spaceLength": 10, "targets": [ { - "alias": "Loss Current", + "alias": "Current $tag_host $tag_role", "dsType": "influxdb", "groupBy": [ { @@ -64,6 +63,18 @@ ], "type": "time" }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "tag", + "params": [ + "role" + ] + }, { "params": [ "null" @@ -86,7 +97,7 @@ }, { "params": [], - "type": "last" + "type": "mean" }, { "params": [ @@ -101,11 +112,17 @@ "key": "host", "operator": "=~", "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "role", + "operator": "=~", + "value": "/^$role$/" } ] }, { - "alias": "Loss Trend", + "alias": "Trend $tag_host $tag_role", "dsType": "influxdb", "groupBy": [ { @@ -114,6 +131,18 @@ ], "type": "time" }, + { + "type": "tag", + "params": [ + "host" + ] + }, + { + "type": "tag", + "params": [ + "role" + ] + }, { "params": [ "null" @@ -121,7 +150,7 @@ "type": "fill" } ], - "hide": {{ PANELS.zeek_packet_loss_graph.get('hideTrend', false) }}, + "hide": {{ PANELS.zeek_packet_loss_graph.get('hideTrend', false)|json }}, "measurement": "zeekdrop", "orderByTime": "ASC", "policy": "so_long_term", @@ -137,7 +166,7 @@ }, { "params": [], - "type": "last" + "type": "mean" }, { "params": [ @@ -152,6 +181,12 @@ "key": "host", "operator": "=~", "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "role", + "operator": "=~", + "value": "/^$role$/" } ] } @@ -161,7 +196,7 @@ "title": "Zeek Packet Loss", "tooltip": { "shared": true, - "sort": 0, + "sort": 2, "value_type": "individual" }, "type": "graph", @@ -174,23 +209,23 @@ }, "yaxes": [ { + "$$hashKey": "object:327", "decimals": null, "format": "percent", "label": null, "logBase": 1, "max": null, "min": 0, - "show": true, - "$$hashKey": "object:327" + "show": true }, { + "$$hashKey": "object:328", "format": "short", "label": null, "logBase": 1, "max": null, "min": null, - "show": false, - "$$hashKey": "object:328" + "show": false } ], "yaxis": { @@ -200,6 +235,7 @@ "bars": false, "cacheTimeout": null, "dashes": false, + "fill": 0, "fillGradient": 0, "hiddenSeries": false, "percentage": false, From 613979ea3f743b476da1fa98abcc547135e03cd4 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Jul 2021 15:03:58 -0400 Subject: [PATCH 187/266] remove extra comma --- salt/grafana/panels/stenographer_packet_loss_graph.json.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja b/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja index 5b540262d..351b2505f 100644 --- a/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja +++ b/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja @@ -144,7 +144,7 @@ "type": "fill" } ], - "hide": {{ PANELS.stenographer_packet_loss_graph.get('hideTrend', false)|json }},, + "hide": {{ PANELS.stenographer_packet_loss_graph.get('hideTrend', false)|json }}, "measurement": "stenodrop", "orderByTime": "ASC", "policy": "so_long_term", From 3b6befdb975ac56bca0ea61573e8ed49498266ef Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Jul 2021 15:05:37 -0400 Subject: [PATCH 188/266] adjust gridpos --- salt/grafana/defaults.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index c89559bc7..3eb8452dc 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -146,14 +146,14 @@ grafana: x: 0 y: 113 h: 8 - w: 12 + w: 24 hideTrend: true stenographer_packet_loss_graph: gridPos: - x: 12 + x: 0 y: 121 h: 8 - w: 1 + w: 24 hideTrend: true row_cpu: From 8ea4682aab252011578b1af18356f0881d4807d7 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 23 Jul 2021 07:34:01 -0400 Subject: [PATCH 189/266] add docker container uptime to overview dash --- salt/grafana/defaults.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 3eb8452dc..45afb85e3 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -47,7 +47,13 @@ grafana: x: 0 y: 1 h: 8 - w: 24 + w: 12 + uptime_docker_combined_current_graph: + gridPos: + x: 12 + y: 1 + h: 8 + w: 12 cpu_usage_current_graph: gridPos: x: 0 From 61312397e1bfad34455e54bf42b8f31858a9bc51 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 23 Jul 2021 08:25:43 -0400 Subject: [PATCH 190/266] update container uptime panel --- ...e_docker_combined_current_graph.json.jinja | 229 +++++++++--------- 1 file changed, 120 insertions(+), 109 deletions(-) diff --git a/salt/grafana/panels/uptime_docker_combined_current_graph.json.jinja b/salt/grafana/panels/uptime_docker_combined_current_graph.json.jinja index 15a10fae6..2422cbbcc 100644 --- a/salt/grafana/panels/uptime_docker_combined_current_graph.json.jinja +++ b/salt/grafana/panels/uptime_docker_combined_current_graph.json.jinja @@ -1,6 +1,12 @@ { - "type": "graph", - "title": "Container Uptime Current", + "aliasColors": {}, + "dashLength": 10, + "datasource": "InfluxDB", + "decimals": 1, + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, "gridPos": { "x": {{ PANELS.uptime_docker_combined_current_graph.gridPos.x }}, "y": {{ PANELS.uptime_docker_combined_current_graph.gridPos.y }}, @@ -8,46 +14,73 @@ "h": {{ PANELS.uptime_docker_combined_current_graph.gridPos.h }} }, "id": 68896, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": false, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "pluginVersion": "7.5.4", + "pointradius": 2, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, "targets": [ { - "refId": "A", - "queryType": "randomWalk", - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=~", - "value": "/^$containers$/" - } - ], + "alias": "$tag_host $tag_role $tag_container_name", "groupBy": [ { - "type": "time", "params": [ "$__interval" + ], + "type": "time" + }, + { + "params": [ + "container_name" + ], + "type": "tag" + }, + { + "type": "tag", + "params": [ + "host" ] }, { "type": "tag", "params": [ - "container_name" + "role" ] }, { - "type": "fill", "params": [ "null" - ] + ], + "type": "fill" } ], + "measurement": "docker_container_status", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT last(\"uptime_ns\") FROM \"docker_container_status\" WHERE (\"host\" =~ /^$servername$/ AND \"container_name\" =~ /^$containers$/ AND \"role\" =~ /^$role$/) AND $timeFilter GROUP BY time($__interval), \"container_name\", \"host\", \"role\" fill(null)", + "queryType": "randomWalk", + "rawQuery": false, + "refId": "A", + "resultFormat": "time_series", "select": [ [ { @@ -62,102 +95,80 @@ } ] ], - "measurement": "docker_container_status", - "alias": "$tag_container_name", - "query": "SELECT last(\"health_status\") FROM \"docker_container_health\" WHERE (\"host\" =~ /^$servername$/ AND \"container_name\" =~ /^$containers$/) AND $timeFilter GROUP BY time($__interval), \"container_name\" fill(null)", - "rawQuery": false + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$servername$/" + }, + { + "condition": "AND", + "key": "container_name", + "operator": "=~", + "value": "/^$containers$/" + }, + { + "condition": "AND", + "key": "role", + "operator": "=~", + "value": "/^$role$/" + } + ], + "slimit": "", + "limit": "" } ], - "options": { - "alertThreshold": true + "thresholds": [], + "timeRegions": [], + "title": "Container Uptime Current", + "tooltip": { + "shared": true, + "sort": 1, + "value_type": "individual" }, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "pluginVersion": "7.5.4", - "renderer": "flot", - "yaxes": [ - { - "label": null, - "show": true, - "logBase": 1, - "min": null, - "max": null, - "format": "ns", - "$$hashKey": "object:192" - }, - { - "label": "", - "show": true, - "logBase": 1, - "min": "0", - "max": null, - "format": "short", - "$$hashKey": "object:193", - "decimals": 2 - } - ], + "type": "graph", "xaxis": { - "show": true, + "buckets": null, "mode": "time", "name": null, - "values": [], - "buckets": null + "show": true, + "values": [] }, + "yaxes": [ + { + "$$hashKey": "object:192", + "format": "ns", + "label": null, + "logBase": 1, + "max": "604800000000000", + "min": "0", + "show": true, + "decimals": 1 + }, + { + "$$hashKey": "object:193", + "decimals": 2, + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": "0", + "show": false + } + ], "yaxis": { "align": false, "alignLevel": null }, - "lines": true, - "linewidth": 1, - "dashLength": 10, - "spaceLength": 10, - "pointradius": 2, - "legend": { - "show": true, - "values": true, - "min": false, - "max": false, - "current": true, - "sort": "current", - "sortDesc": false, - "total": false, - "avg": false, - "alignAsTable": true, - "rightSide": true - }, - "nullPointMode": "connected", - "tooltip": { - "value_type": "individual", - "shared": true, - "sort": 1 - }, - "aliasColors": {}, - "seriesOverrides": [], - "thresholds": [ - { - "value": 4500000000000, - "colorMode": "critical", - "op": "lt", - "fill": false, - "line": true, - "yaxis": "left", - "$$hashKey": "object:1299" - } - ], - "timeRegions": [], - "decimals": 2, - "fill": 0, - "timeFrom": null, - "timeShift": null, - "fillGradient": 0, - "dashes": false, - "hiddenSeries": false, - "points": false, "bars": false, - "stack": false, + "dashes": false, + "fill": 0, + "fillGradient": 0, + "hiddenSeries": false, "percentage": false, - "steppedLine": false + "points": false, + "stack": false, + "steppedLine": false, + "timeFrom": null, + "timeShift": null } From b8e3a45a7efcb727676bb2706fa64cc52fc6901a Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 23 Jul 2021 08:53:45 -0400 Subject: [PATCH 191/266] [wip] Add logscan state Do not add state to top file or setup yet, script will be written to enable the feature shortly --- salt/allowed_states.map.jinja | 20 ++++++++---- salt/logscan/files/logscan.conf | 6 ++++ salt/logscan/init.sls | 57 +++++++++++++++++++++++++++++++++ 3 files changed, 76 insertions(+), 7 deletions(-) create mode 100644 salt/logscan/files/logscan.conf create mode 100644 salt/logscan/init.sls diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja index 665fdbe3d..12d8f99ec 100644 --- a/salt/allowed_states.map.jinja +++ b/salt/allowed_states.map.jinja @@ -45,7 +45,8 @@ 'schedule', 'soctopus', 'tcpreplay', - 'docker_clean' + 'docker_clean', + 'logscsan' ], 'so-heavynode': [ 'ca', @@ -75,7 +76,8 @@ 'logstash', 'schedule', 'tcpreplay', - 'docker_clean' + 'docker_clean', + 'logscsan' ], 'so-fleet': [ 'ca', @@ -108,7 +110,8 @@ 'zeek', 'schedule', 'tcpreplay', - 'docker_clean' + 'docker_clean', + 'logscsan' ], 'so-manager': [ 'salt.master', @@ -127,7 +130,8 @@ 'utility', 'schedule', 'soctopus', - 'docker_clean' + 'docker_clean', + 'logscsan' ], 'so-managersearch': [ 'salt.master', @@ -146,7 +150,8 @@ 'utility', 'schedule', 'soctopus', - 'docker_clean' + 'docker_clean', + 'logscsan' ], 'so-node': [ 'ca', @@ -178,7 +183,8 @@ 'schedule', 'soctopus', 'tcpreplay', - 'docker_clean' + 'docker_clean', + 'logscsan' ], 'so-sensor': [ 'ca', @@ -296,4 +302,4 @@ {% endif %} {# all nodes can always run salt.minion state #} -{% do allowed_states.append('salt.minion') %} \ No newline at end of file +{% do allowed_states.append('salt.minion') %} diff --git a/salt/logscan/files/logscan.conf b/salt/logscan/files/logscan.conf new file mode 100644 index 000000000..9b3df8027 --- /dev/null +++ b/salt/logscan/files/logscan.conf @@ -0,0 +1,6 @@ +[global] +ts_format = iso8601 +scan_interval = 30s + +[kratos] +log_path = kratos/kratos.log diff --git a/salt/logscan/init.sls b/salt/logscan/init.sls new file mode 100644 index 000000000..51badbcdd --- /dev/null +++ b/salt/logscan/init.sls @@ -0,0 +1,57 @@ +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls in allowed_states %} + +{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} +{% set MANAGER = salt['grains.get']('master') %} +{% set logscan_cpu_period = salt['pillar.get']('logscan:cpu_period', 10000) %} + +logscan_data_dir: + file.directory: + - name: /nsm/logscan/data + - user: 939 + - group: 939 + - makedirs: True + +logscan_conf_dir: + file.directory: + - name: /opt/so/conf/logscan + - user: 939 + - group: 939 + - makedirs: True + +logscan_conf: + file.managed: + - name: /opt/so/conf/logscan/logscan.conf + - source: salt://logscan/files/logscan.conf + - user: 939 + - group: 939 + - mode: 600 + - template: jinja + +logscan_log_dir: + file.directory: + - name: /opt/so/log/logscan + - user: 939 + - group: 939 + +so-logscan: + docker_container.running: + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-logscan:{{ VERSION }} + - hostname: logscan + - name: so-logscan + - binds: + - /nsm/logscan/data:/logscan/data:rw + - /opt/so/conf/logscan.conf:/logscan/logscan.conf:ro + - /opt/so/log/logscan:/logscan/output:rw + - /opt/so/log:/logscan/logs:ro + - cpu_period: {{ logscan_cpu_period }} + + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} From fceb2851efa978f58590698ec394a041c9716b87 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 23 Jul 2021 09:02:40 -0400 Subject: [PATCH 192/266] add eval dashboard --- salt/grafana/defaults.yaml | 415 ++++++++++++++++++++++++++++++++++++- salt/grafana/init.sls | 2 +- 2 files changed, 415 insertions(+), 2 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 45afb85e3..db470db0a 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -2336,4 +2336,417 @@ grafana: w: 8 - \ No newline at end of file + eval: + templating: + list: + - servername_standalone + - role + - containers + - manint + - monint + - cpucount + - disk + panels: + row_overview: + gridPos: + x: 0 + y: 0 + h: 1 + w: 24 + system_uptime: + gridPos: + x: 0 + y: 1 + h: 4 + w: 4 + load_average_5_minute_stat: + gridPos: + x: 4 + y: 1 + h: 4 + w: 4 + cpu_usage_guage: + gridPos: + x: 8 + y: 1 + h: 4 + w: 2 + ram_usage_guage: + gridPos: + x: 10 + y: 1 + h: 4 + w: 2 + swap_usage_guage: + gridPos: + x: 12 + y: 1 + h: 4 + w: 2 + rootfs_used_guage: + gridPos: + x: 14 + y: 1 + h: 4 + w: 2 + nsm_used_guage: + gridPos: + x: 16 + y: 1 + h: 4 + w: 2 + pcap_retention_stat: + gridPos: + x: 18 + y: 1 + h: 4 + w: 2 + io_wait_stat: + gridPos: + x: 20 + y: 1 + h: 4 + w: 4 + redis_queue_stat: + gridPos: + x: 4 + y: 5 + h: 4 + w: 4 + monitor_interface_traffic_stat: + gridPos: + x: 8 + y: 5 + h: 4 + w: 4 + zeek_packet_loss_stat: + gridPos: + x: 12 + y: 5 + h: 4 + w: 4 + suricata_packet_loss_stat: + gridPos: + x: 16 + y: 5 + h: 4 + w: 4 + stenographer_packet_loss_stat: + gridPos: + x: 20 + y: 5 + h: 4 + w: 4 + + row_cpu: + gridPos: + x: 0 + y: 9 + h: 1 + w: 24 + cpu_usage_tasks_all_graph: + gridPos: + x: 0 + y: 10 + h: 8 + w: 24 + load_averages_graph: + gridPos: + x: 0 + y: 18 + h: 8 + w: 12 + process_status_graph: + gridPos: + x: 12 + y: 18 + h: 8 + w: 12 + + row_memory: + gridPos: + x: 0 + y: 26 + h: 1 + w: 24 + memory_usage_graph: + gridPos: + x: 0 + y: 27 + h: 8 + w: 24 + + row_swap: + gridPos: + x: 0 + y: 35 + h: 1 + w: 24 + swap_io_bytes_graph: + gridPos: + x: 0 + y: 36 + h: 8 + w: 12 + swap_usage_bytes_graph: + gridPos: + x: 12 + y: 36 + h: 8 + w: 12 + + row_network: + gridPos: + x: 0 + y: 44 + h: 1 + w: 24 + management_interface_traffic_both_graph: + gridPos: + x: 0 + y: 45 + h: 8 + w: 24 + management_interface_packets_graph: + gridPos: + x: 0 + y: 53 + h: 8 + w: 12 + management_interface_drops_graph: + gridPos: + x: 12 + y: 53 + h: 8 + w: 12 + monitor_interface_traffic_both_graph: + gridPos: + x: 0 + y: 61 + h: 8 + w: 24 + monitor_interface_packets_graph: + gridPos: + x: 0 + y: 69 + h: 8 + w: 12 + monitor_interface_drops_graph: + gridPos: + x: 12 + y: 69 + h: 8 + w: 12 + + row_disk_usage: + gridPos: + x: 0 + y: 77 + h: 1 + w: 24 + disk_usage_root_graph: + gridPos: + x: 0 + y: 78 + h: 8 + w: 12 + disk_usage_nsm_graph: + gridPos: + x: 12 + y: 78 + h: 8 + w: 12 + + row_disk_iops: + gridPos: + x: 0 + y: 86 + h: 1 + w: 24 + disk_io_requests_graph: + gridPos: + x: 0 + y: 87 + h: 8 + w: 8 + disk_io_bytes_graph: + gridPos: + x: 8 + y: 87 + h: 8 + w: 8 + disk_io_time_graph: + gridPos: + x: 16 + y: 87 + h: 8 + w: 8 + + row_docker_details: + gridPos: + x: 0 + y: 95 + h: 1 + w: 24 + cpu_docker_combined_current_graph: + gridPos: + x: 0 + y: 96 + h: 8 + w: 24 + cpu_docker_combined_trend_graph: + gridPos: + x: 0 + y: 104 + h: 8 + w: 24 + memory_used_docker_combined_current_graph: + gridPos: + x: 0 + y: 112 + h: 8 + w: 24 + memory_used_docker_combined_trend_graph: + gridPos: + x: 0 + y: 120 + h: 8 + w: 24 + network_usage_docker_combined_current_graph: + gridPos: + x: 0 + y: 128 + h: 8 + w: 24 + network_usage_docker_combined_trend_graph: + gridPos: + x: 0 + y: 136 + h: 8 + w: 24 + uptime_docker_combined_current_graph: + gridPos: + x: 0 + y: 144 + h: 8 + w: 12 + uptime_docker_combined_trend_graph: + gridPos: + x: 12 + y: 144 + h: 8 + w: 12 + + row_elasticsearch: + gridPos: + x: 0 + y: 161 + h: 1 + w: 24 + elasticsearch_document_count_graph: + gridPos: + x: 0 + y: 162 + h: 8 + w: 12 + elasticsearch_thread_count_graph: + gridPos: + x: 12 + y: 162 + h: 8 + w: 12 + elasticsearch_store_size_graph: + gridPos: + x: 0 + y: 170 + h: 8 + w: 12 + elasticsearch_field_data_cache_size_graph: + gridPos: + x: 12 + y: 170 + h: 8 + w: 12 + + row_redis: + gridPos: + x: 0 + y: 178 + h: 1 + w: 24 + redis_queue_graph: + gridPos: + x: 0 + y: 179 + h: 8 + w: 24 + + row_zeek: + gridPos: + x: 0 + y: 187 + h: 1 + w: 24 + zeek_packet_loss_graph: + gridPos: + x: 0 + y: 188 + h: 8 + w: 10 + zeek_capture_loss_graph: + gridPos: + x: 10 + y: 188 + h: 8 + w: 10 + zeek_restarts_healthcheck_stat: + gridPos: + x: 20 + y: 188 + h: 8 + w: 4 + + row_suricata: + gridPos: + x: 0 + y: 196 + h: 1 + w: 24 + suricata_packet_loss_graph: + gridPos: + x: 0 + y: 197 + h: 8 + w: 24 + + row_stenographer: + gridPos: + x: 0 + y: 205 + h: 1 + w: 24 + stenographer_packet_loss_graph: + gridPos: + x: 0 + y: 206 + h: 8 + w: 16 + stenographer_pcap_retention_graph: + gridPos: + x: 16 + y: 206 + h: 8 + w: 8 + + row_influxdb: + gridPos: + x: 0 + y: 214 + h: 1 + w: 24 + influxdb_db_size_graph: + gridPos: + x: 0 + y: 214 + h: 8 + w: 24 diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index f43c63e13..c61e46512 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -14,7 +14,7 @@ {% set nodeTypes = ['eval'] %} {% else %} {#% set nodeTypes = ['standalone', 'manager', 'managersearch', 'sensortab', 'searchnode'] %#} - {% set nodeTypes = ['overview', 'standalone', 'sensor', 'searchnode', 'manager', 'managersearch', 'heavynode'] %} + {% set nodeTypes = ['overview', 'standalone', 'sensor', 'searchnode', 'manager', 'managersearch', 'heavynode', 'eval' ] %} {% endif %} {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] or (grains.role == 'so-eval' and GRAFANA == 1) %} From 7a85a3c7f719740c4442cc9dfc9e3f492cabee41 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 23 Jul 2021 10:20:57 -0400 Subject: [PATCH 193/266] move dashboard location --- .../grafana/dashboards/common_template.json.jinja | 4 ++-- salt/grafana/etc/dashboards/dashboard.yml | 15 ++++----------- salt/grafana/init.sls | 2 +- 3 files changed, 7 insertions(+), 14 deletions(-) diff --git a/salt/grafana/dashboards/common_template.json.jinja b/salt/grafana/dashboards/common_template.json.jinja index c03707ad5..b86394b48 100644 --- a/salt/grafana/dashboards/common_template.json.jinja +++ b/salt/grafana/dashboards/common_template.json.jinja @@ -12,7 +12,7 @@ } ] }, - "description": "Detailed {{NODETYPE}}", + "description": "{{NODETYPE}}", "editable": true, "gnetId": null, "graphTooltip": 0, @@ -53,7 +53,7 @@ ] }, "timezone": "browser", - "title": "Detailed {{ NODETYPE }}", + "title": "{{ NODETYPE }}", {% if NODETYPE | lower in 'overview' %} "uid": "so_overview", {% endif %} diff --git a/salt/grafana/etc/dashboards/dashboard.yml b/salt/grafana/etc/dashboards/dashboard.yml index 3820527e8..2c422069c 100644 --- a/salt/grafana/etc/dashboards/dashboard.yml +++ b/salt/grafana/etc/dashboards/dashboard.yml @@ -1,19 +1,12 @@ apiVersion: 1 providers: -- name: 'Detailed Dashboards' - folder: 'Detailed Dashboards' +- name: 'Dashboards' + folder: 'Dashboards' type: file disableDeletion: false editable: true allowUiUpdates: true options: - path: /etc/grafana/grafana_dashboards/detailed -- name: 'Overview Dashboards' - folder: 'Overview Dashboards' - type: file - disableDeletion: false - editable: true - allowUiUpdates: true - options: - path: /etc/grafana/grafana_dashboards/overview + path: /etc/grafana/grafana_dashboards/ + diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index c61e46512..565823644 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -89,7 +89,7 @@ grafana-config-files: {% for nodeType in nodeTypes %} detailed-{{nodeType}}-dashboard: file.managed: - - name: /opt/so/conf/grafana/grafana_dashboards/detailed/{{nodeType}}.json + - name: /opt/so/conf/grafana/grafana_dashboards/{{nodeType}}.json - user: 939 - group: 939 - template: jinja From d3d02faa1ca9180337298d38cf97c8357791498e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 23 Jul 2021 10:52:30 -0400 Subject: [PATCH 194/266] remove detailed --- salt/grafana/init.sls | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 565823644..e01f5ec31 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -41,13 +41,6 @@ grafanadashdir: - group: 939 - makedirs: True -detailed-dash-dir: - file.directory: - - name: /opt/so/conf/grafana/grafana_dashboards/detailed - - user: 939 - - group: 939 - - makedirs: True - grafana-dashboard-config: file.managed: - name: /opt/so/conf/grafana/etc/dashboards/dashboard.yml @@ -87,7 +80,7 @@ grafana-config-files: - makedirs: True {% for nodeType in nodeTypes %} -detailed-{{nodeType}}-dashboard: +{{nodeType}}-dashboard: file.managed: - name: /opt/so/conf/grafana/grafana_dashboards/{{nodeType}}.json - user: 939 From 41e747dcc12ac104dc6f6d56d9d6892dda6197ae Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 23 Jul 2021 10:55:15 -0400 Subject: [PATCH 195/266] add servername_all template var --- salt/grafana/defaults.yaml | 2 +- salt/grafana/templates/servername_eval.json | 29 +++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 salt/grafana/templates/servername_eval.json diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index db470db0a..46cf0985c 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -2339,7 +2339,7 @@ grafana: eval: templating: list: - - servername_standalone + - servername_eval - role - containers - manint diff --git a/salt/grafana/templates/servername_eval.json b/salt/grafana/templates/servername_eval.json new file mode 100644 index 000000000..70c8c6210 --- /dev/null +++ b/salt/grafana/templates/servername_eval.json @@ -0,0 +1,29 @@ +{ + "allValue": null, + "current": { + "selected": true, + "tags": [], + "text": [], + "value": [] + }, + "datasource": "InfluxDB", + "definition": "show tag values with key=\"host\" WHERE (\"role\" =~ /^$role$/)", + "description": "", + "error": null, + "hide": 0, + "includeAll": true, + "label": "Node", + "multi": true, + "name": "servername", + "options": [], + "query": "show tag values with key=\"host\" WHERE (\"role\" =~ /^$role$/)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } From eb661b7a24dd96fcaa88097c083f6e3941188f53 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 23 Jul 2021 13:31:44 -0400 Subject: [PATCH 196/266] add ability to set title for dashboards, only create dashboards/dirs if that node type exists --- .../dashboards/common_template.json.jinja | 6 ++-- salt/grafana/defaults.yaml | 1 + salt/grafana/init.sls | 28 ++++++++++--------- 3 files changed, 19 insertions(+), 16 deletions(-) diff --git a/salt/grafana/dashboards/common_template.json.jinja b/salt/grafana/dashboards/common_template.json.jinja index b86394b48..0c1c29421 100644 --- a/salt/grafana/dashboards/common_template.json.jinja +++ b/salt/grafana/dashboards/common_template.json.jinja @@ -12,7 +12,7 @@ } ] }, - "description": "{{NODETYPE}}", + "description": "{{TITLE}}", "editable": true, "gnetId": null, "graphTooltip": 0, @@ -53,8 +53,8 @@ ] }, "timezone": "browser", - "title": "{{ NODETYPE }}", - {% if NODETYPE | lower in 'overview' %} + "title": "{{ TITLE }}", + {% if TITLE | lower == 'security onion grid overview' %} "uid": "so_overview", {% endif %} "version": 1 diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 46cf0985c..dd6480402 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -26,6 +26,7 @@ grafana: # license_path: /opt/so/conf/grafana/etc/files/license.jwt dashboards: overview: + title: 'Security Onion Grid Overview' templating: list: - role diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index e01f5ec31..1b9c67046 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -10,15 +10,17 @@ {% import_yaml 'grafana/defaults.yaml' as default_settings %} {% set GRAFANA_SETTINGS = salt['grains.filter_by'](default_settings, default='grafana', merge=salt['pillar.get']('grafana', {})) %} -{% if grains.role == 'so-eval' %} - {% set nodeTypes = ['eval'] %} -{% else %} - {#% set nodeTypes = ['standalone', 'manager', 'managersearch', 'sensortab', 'searchnode'] %#} - {% set nodeTypes = ['overview', 'standalone', 'sensor', 'searchnode', 'manager', 'managersearch', 'heavynode', 'eval' ] %} -{% endif %} - {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] or (grains.role == 'so-eval' and GRAFANA == 1) %} +{% set DASHBOARDS = ['overview' %} +{% if grains.role == 'so-eval' %} + {% do DASHBOARDS.append('eval') %} +{% else %} + {% for dashboard in salt['cmd.run']("ls /opt/so/saltstack/local/pillar/minions/|awk -F'_' {'print $2'}|awk -F'.' {'print $1'}|uniq") %} + {% do DASHBOARDS.append(dashboard) %} + {% endfor %} +{% endif %} + # Grafana all the things grafanadir: file.directory: @@ -79,18 +81,18 @@ grafana-config-files: - source: salt://grafana/etc/files - makedirs: True -{% for nodeType in nodeTypes %} -{{nodeType}}-dashboard: +{% for dashboard in DASHBOARDS %} +{{dashboard}}-dashboard: file.managed: - - name: /opt/so/conf/grafana/grafana_dashboards/{{nodeType}}.json + - name: /opt/so/conf/grafana/grafana_dashboards/{{dashboard}}.json - user: 939 - group: 939 - template: jinja - source: salt://grafana/dashboards/common_template.json.jinja - defaults: - PANELS: {{GRAFANA_SETTINGS.dashboards[nodeType].panels}} - TEMPLATES: {{GRAFANA_SETTINGS.dashboards[nodeType].templating.list}} - NODETYPE: {{ nodeType | capitalize }} + PANELS: {{GRAFANA_SETTINGS.dashboards[dashboard].panels}} + TEMPLATES: {{GRAFANA_SETTINGS.dashboards[dashboard].templating.list}} + TITLE: {{ GRAFANA_SETTINGS.dashboards[dashboard].get('title', dashboard| capitalize) }} ID: {{ loop.index }} {% endfor %} From a02a9289966dd1419e4f362e9751603f7f1fc225 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 23 Jul 2021 13:33:25 -0400 Subject: [PATCH 197/266] add missing ] --- salt/grafana/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 1b9c67046..678e498d8 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -12,7 +12,7 @@ {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] or (grains.role == 'so-eval' and GRAFANA == 1) %} -{% set DASHBOARDS = ['overview' %} +{% set DASHBOARDS = ['overview'] %} {% if grains.role == 'so-eval' %} {% do DASHBOARDS.append('eval') %} {% else %} From f8d2a7f449276190b1d7dc53a26e69a399bafb07 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 23 Jul 2021 13:43:35 -0400 Subject: [PATCH 198/266] fix nodetype listing --- salt/grafana/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 678e498d8..ee2086b5f 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -16,7 +16,7 @@ {% if grains.role == 'so-eval' %} {% do DASHBOARDS.append('eval') %} {% else %} - {% for dashboard in salt['cmd.run']("ls /opt/so/saltstack/local/pillar/minions/|awk -F'_' {'print $2'}|awk -F'.' {'print $1'}|uniq") %} + {% for dashboard in salt['cmd.run']("ls /opt/so/saltstack/local/pillar/minions/").split('_').last().split('.')[0]| unique %} {% do DASHBOARDS.append(dashboard) %} {% endfor %} {% endif %} From 00d311cd6ca9b34f8354f427dcbc9f4c93b4a84b Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 23 Jul 2021 14:40:44 -0400 Subject: [PATCH 199/266] fix nodetype listing --- salt/grafana/init.sls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index ee2086b5f..00c32fb90 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -16,7 +16,8 @@ {% if grains.role == 'so-eval' %} {% do DASHBOARDS.append('eval') %} {% else %} - {% for dashboard in salt['cmd.run']("ls /opt/so/saltstack/local/pillar/minions/").split('_').last().split('.')[0]| unique %} + {# Grab a unique listing of nodetypes that exists so that we create only the needed dashboards #} + {% for dashboard in salt['cmd.shell']("ls /opt/so/saltstack/local/pillar/minions/|awk -F'_' {'print $2'}|awk -F'.' {'print $1'}|uniq").split() %} {% do DASHBOARDS.append(dashboard) %} {% endfor %} {% endif %} From c7306dda12ef4f2fdb25ed066334092ba5b693a8 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 23 Jul 2021 15:38:45 -0400 Subject: [PATCH 200/266] fix servername_eval template var, test using 1 servername template var --- .../dashboards/common_template.json.jinja | 2 +- salt/grafana/defaults.yaml | 17 ++++++---- salt/grafana/init.sls | 1 + salt/grafana/templates/servername.json | 34 +++++++++++++++++++ salt/grafana/templates/servername_eval.json | 4 +-- 5 files changed, 48 insertions(+), 10 deletions(-) create mode 100644 salt/grafana/templates/servername.json diff --git a/salt/grafana/dashboards/common_template.json.jinja b/salt/grafana/dashboards/common_template.json.jinja index 0c1c29421..d8a7ff422 100644 --- a/salt/grafana/dashboards/common_template.json.jinja +++ b/salt/grafana/dashboards/common_template.json.jinja @@ -30,7 +30,7 @@ "tags": [], "templating": { "list": [ -{% for template in TEMPLATES -%} +{% for template in TEMPLATES.keys() -%} {%- import_json "grafana/templates/" ~ template ~ ".json" as template %} {{ template | json }} {% if not loop.last %},{% endif %} {% endfor -%} diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index dd6480402..0caaf6908 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -216,13 +216,16 @@ grafana: standalone: templating: list: - - servername_standalone - - role - - containers - - manint - - monint - - cpucount - - disk + servername: {} + role: + allValue: false + multi: false + hide: 2 + containers: {} + manint: {} + monint: {} + cpucount: {} + disk: {} panels: row_overview: gridPos: diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 00c32fb90..dbb659217 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -91,6 +91,7 @@ grafana-config-files: - template: jinja - source: salt://grafana/dashboards/common_template.json.jinja - defaults: + DASHBOARD: {{ dashboard }} PANELS: {{GRAFANA_SETTINGS.dashboards[dashboard].panels}} TEMPLATES: {{GRAFANA_SETTINGS.dashboards[dashboard].templating.list}} TITLE: {{ GRAFANA_SETTINGS.dashboards[dashboard].get('title', dashboard| capitalize) }} diff --git a/salt/grafana/templates/servername.json b/salt/grafana/templates/servername.json new file mode 100644 index 000000000..a3cd08cb9 --- /dev/null +++ b/salt/grafana/templates/servername.json @@ -0,0 +1,34 @@ +{% if DASHBOARD == 'overview' %} + {% set query = "show tag values with key=\"host\" WHERE (\"role\" =~ /^$role$/)" %} +{% else %} + {% set query = "show tag values with key=\"host\" WHERE (\"role\" = '\' ~ DASHBOARD ~ \'')" %} +{% endif %} +{ + "allValue": null, + "current": { + "selected": true, + "tags": [], + "text": [], + "value": [] + }, + "datasource": "InfluxDB", + "definition": "{{ query }}", + "description": "", + "error": null, + "hide": 0, + "includeAll": true, + "label": "Node", + "multi": true, + "name": "servername", + "options": [], + "query": "{{ query }}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } diff --git a/salt/grafana/templates/servername_eval.json b/salt/grafana/templates/servername_eval.json index 70c8c6210..cca6fef48 100644 --- a/salt/grafana/templates/servername_eval.json +++ b/salt/grafana/templates/servername_eval.json @@ -7,7 +7,7 @@ "value": [] }, "datasource": "InfluxDB", - "definition": "show tag values with key=\"host\" WHERE (\"role\" =~ /^$role$/)", + "definition": "show tag values with key=\"host\" WHERE (\"role\" = 'eval')", "description": "", "error": null, "hide": 0, @@ -16,7 +16,7 @@ "multi": true, "name": "servername", "options": [], - "query": "show tag values with key=\"host\" WHERE (\"role\" =~ /^$role$/)", + "query": "show tag values with key=\"host\" WHERE (\"role\" = 'eval')", "refresh": 1, "regex": "", "skipUrlSync": false, From 17a532f7b56255c698e45102d09865ff1400ebfb Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 23 Jul 2021 15:41:03 -0400 Subject: [PATCH 201/266] add new templating defs to overview --- salt/grafana/defaults.yaml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 0caaf6908..b574c155c 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -28,14 +28,16 @@ grafana: overview: title: 'Security Onion Grid Overview' templating: - list: - - role - - servername_all - - containers - - manint - - monint - - cpucount - - disk + servername: {} + role: + allValue: false + multi: false + hide: 2 + containers: {} + manint: {} + monint: {} + cpucount: {} + disk: {} panels: row_overview: gridPos: From e1f0c8e87cc32ee1410c2420b7a19c59349471ff Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 23 Jul 2021 15:43:31 -0400 Subject: [PATCH 202/266] add "list" bast to tempating defs for overview --- salt/grafana/defaults.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index b574c155c..0902a1542 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -28,6 +28,7 @@ grafana: overview: title: 'Security Onion Grid Overview' templating: + list: servername: {} role: allValue: false From 08e9a58f2e5a9be5fdd185d3e1093916fcc127bf Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 23 Jul 2021 16:09:25 -0400 Subject: [PATCH 203/266] simply to one servername.json --- salt/grafana/defaults.yaml | 108 ++++++++++-------- salt/grafana/templates/servername.json | 6 +- salt/grafana/templates/servername_all.json | 29 ----- salt/grafana/templates/servername_eval.json | 29 ----- .../templates/servername_heavynode.json | 24 ---- .../grafana/templates/servername_manager.json | 24 ---- .../templates/servername_managersearch.json | 24 ---- .../templates/servername_searchnode.json | 24 ---- salt/grafana/templates/servername_sensor.json | 24 ---- .../templates/servername_standalone.json | 24 ---- 10 files changed, 66 insertions(+), 250 deletions(-) delete mode 100644 salt/grafana/templates/servername_all.json delete mode 100644 salt/grafana/templates/servername_eval.json delete mode 100644 salt/grafana/templates/servername_heavynode.json delete mode 100644 salt/grafana/templates/servername_manager.json delete mode 100644 salt/grafana/templates/servername_managersearch.json delete mode 100644 salt/grafana/templates/servername_searchnode.json delete mode 100644 salt/grafana/templates/servername_sensor.json delete mode 100644 salt/grafana/templates/servername_standalone.json diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 0902a1542..68dd78f10 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -31,9 +31,9 @@ grafana: list: servername: {} role: - allValue: false - multi: false - hide: 2 + allValue: true + multi: true + hide: 0 containers: {} manint: {} monint: {} @@ -657,13 +657,16 @@ grafana: manager: templating: list: - - servername_manager - - role - - containers - - manint - - monint - - cpucount - - disk + servername: {} + role: + allValue: false + multi: false + hide: 2 + containers: {} + manint: {} + monint: {} + cpucount: {} + disk: {} panels: row_overview: gridPos: @@ -987,13 +990,16 @@ grafana: managersearch: templating: list: - - servername_managersearch - - role - - containers - - manint - - monint - - cpucount - - disk + servername: {} + role: + allValue: false + multi: false + hide: 2 + containers: {} + manint: {} + monint: {} + cpucount: {} + disk: {} panels: row_overview: gridPos: @@ -1317,13 +1323,16 @@ grafana: sensor: templating: list: - - servername_sensor - - role - - containers - - manint - - monint - - cpucount - - disk + servername: {} + role: + allValue: true + multi: true + hide: 0 + containers: {} + manint: {} + monint: {} + cpucount: {} + disk: {} panels: row_overview: gridPos: @@ -1669,13 +1678,16 @@ grafana: searchnode: templating: list: - - servername_searchnode - - role - - containers - - manint - - monint - - cpucount - - disk + servername: {} + role: + allValue: true + multi: true + hide: 0 + containers: {} + manint: {} + monint: {} + cpucount: {} + disk: {} panels: row_overview: gridPos: @@ -1955,13 +1967,16 @@ grafana: heavynode: templating: list: - - servername_heavynode - - role - - containers - - manint - - monint - - cpucount - - disk + servername: {} + role: + allValue: true + multi: true + hide: 0 + containers: {} + manint: {} + monint: {} + cpucount: {} + disk: {} panels: row_overview: gridPos: @@ -2346,13 +2361,16 @@ grafana: eval: templating: list: - - servername_eval - - role - - containers - - manint - - monint - - cpucount - - disk + servername: {} + role: + allValue: false + multi: false + hide: 2 + containers: {} + manint: {} + monint: {} + cpucount: {} + disk: {} panels: row_overview: gridPos: diff --git a/salt/grafana/templates/servername.json b/salt/grafana/templates/servername.json index a3cd08cb9..267884edf 100644 --- a/salt/grafana/templates/servername.json +++ b/salt/grafana/templates/servername.json @@ -1,7 +1,7 @@ {% if DASHBOARD == 'overview' %} - {% set query = "show tag values with key=\"host\" WHERE (\"role\" =~ /^$role$/)" %} + {% set query = "show tag values with key=\\\"host\\\" WHERE (\\\"role\\\" =~ /^$role$/)" %} {% else %} - {% set query = "show tag values with key=\"host\" WHERE (\"role\" = '\' ~ DASHBOARD ~ \'')" %} + {% set query = "show tag values with key=\\\"host\\\" WHERE (\\\"role\\\" = DASHBOARD ')" %} {% endif %} { "allValue": null, @@ -12,7 +12,7 @@ "value": [] }, "datasource": "InfluxDB", - "definition": "{{ query }}", + "definition": "{{ query }}", "description": "", "error": null, "hide": 0, diff --git a/salt/grafana/templates/servername_all.json b/salt/grafana/templates/servername_all.json deleted file mode 100644 index 70c8c6210..000000000 --- a/salt/grafana/templates/servername_all.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "allValue": null, - "current": { - "selected": true, - "tags": [], - "text": [], - "value": [] - }, - "datasource": "InfluxDB", - "definition": "show tag values with key=\"host\" WHERE (\"role\" =~ /^$role$/)", - "description": "", - "error": null, - "hide": 0, - "includeAll": true, - "label": "Node", - "multi": true, - "name": "servername", - "options": [], - "query": "show tag values with key=\"host\" WHERE (\"role\" =~ /^$role$/)", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } diff --git a/salt/grafana/templates/servername_eval.json b/salt/grafana/templates/servername_eval.json deleted file mode 100644 index cca6fef48..000000000 --- a/salt/grafana/templates/servername_eval.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "allValue": null, - "current": { - "selected": true, - "tags": [], - "text": [], - "value": [] - }, - "datasource": "InfluxDB", - "definition": "show tag values with key=\"host\" WHERE (\"role\" = 'eval')", - "description": "", - "error": null, - "hide": 0, - "includeAll": true, - "label": "Node", - "multi": true, - "name": "servername", - "options": [], - "query": "show tag values with key=\"host\" WHERE (\"role\" = 'eval')", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } diff --git a/salt/grafana/templates/servername_heavynode.json b/salt/grafana/templates/servername_heavynode.json deleted file mode 100644 index 2d1486038..000000000 --- a/salt/grafana/templates/servername_heavynode.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "allValue": null, - "current": {}, - "datasource": "InfluxDB", - "definition": "show tag values with key=\"host\" where \"role\" = 'heavynode'", - "description": "", - "error": null, - "hide": 0, - "includeAll": false, - "label": "Node", - "multi": false, - "name": "servername", - "options": [], - "query": "show tag values with key=\"host\" where \"role\" = 'heavynode'", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } diff --git a/salt/grafana/templates/servername_manager.json b/salt/grafana/templates/servername_manager.json deleted file mode 100644 index 8f688093d..000000000 --- a/salt/grafana/templates/servername_manager.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "allValue": null, - "current": {}, - "datasource": "InfluxDB", - "definition": "show tag values with key=\"host\" where \"role\" = 'manager'", - "description": "", - "error": null, - "hide": 0, - "includeAll": false, - "label": "Node", - "multi": false, - "name": "servername", - "options": [], - "query": "show tag values with key=\"host\" where \"role\" = 'manager'", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } diff --git a/salt/grafana/templates/servername_managersearch.json b/salt/grafana/templates/servername_managersearch.json deleted file mode 100644 index 6024c69f5..000000000 --- a/salt/grafana/templates/servername_managersearch.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "allValue": null, - "current": {}, - "datasource": "InfluxDB", - "definition": "show tag values with key=\"host\" where \"role\" = 'managersearch'", - "description": "", - "error": null, - "hide": 0, - "includeAll": false, - "label": "Node", - "multi": false, - "name": "servername", - "options": [], - "query": "show tag values with key=\"host\" where \"role\" = 'managersearch'", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } diff --git a/salt/grafana/templates/servername_searchnode.json b/salt/grafana/templates/servername_searchnode.json deleted file mode 100644 index 4660e1b50..000000000 --- a/salt/grafana/templates/servername_searchnode.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "allValue": null, - "current": {}, - "datasource": "InfluxDB", - "definition": "show tag values with key=\"host\" where \"role\" = 'searchnode'", - "description": "", - "error": null, - "hide": 0, - "includeAll": false, - "label": "Node", - "multi": false, - "name": "servername", - "options": [], - "query": "show tag values with key=\"host\" where \"role\" = 'searchnode'", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } diff --git a/salt/grafana/templates/servername_sensor.json b/salt/grafana/templates/servername_sensor.json deleted file mode 100644 index e740ba96d..000000000 --- a/salt/grafana/templates/servername_sensor.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "allValue": null, - "current": {}, - "datasource": "InfluxDB", - "definition": "show tag values with key=\"host\" where \"role\" = 'sensor'", - "description": "", - "error": null, - "hide": 0, - "includeAll": false, - "label": "Node", - "multi": false, - "name": "servername", - "options": [], - "query": "show tag values with key=\"host\" where \"role\" = 'sensor'", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } diff --git a/salt/grafana/templates/servername_standalone.json b/salt/grafana/templates/servername_standalone.json deleted file mode 100644 index 58fc08818..000000000 --- a/salt/grafana/templates/servername_standalone.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "allValue": null, - "current": {}, - "datasource": "InfluxDB", - "definition": "show tag values with key=\"host\" where \"role\" = 'standalone'", - "description": "", - "error": null, - "hide": 0, - "includeAll": false, - "label": "Node", - "multi": false, - "name": "servername", - "options": [], - "query": "show tag values with key=\"host\" where \"role\" = 'standalone'", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } From 5a06f0dce9f70c077fd8dc98e9f77e42880b1ad3 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 23 Jul 2021 16:34:58 -0400 Subject: [PATCH 204/266] role template var now selects default role --- salt/grafana/defaults.yaml | 2 ++ salt/grafana/templates/role.json | 10 +++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 68dd78f10..11c36a2bb 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -34,6 +34,8 @@ grafana: allValue: true multi: true hide: 0 + text: All + value: "$__all" containers: {} manint: {} monint: {} diff --git a/salt/grafana/templates/role.json b/salt/grafana/templates/role.json index f398f679b..de51ff5d2 100644 --- a/salt/grafana/templates/role.json +++ b/salt/grafana/templates/role.json @@ -3,17 +3,17 @@ "current": { "selected": true, "tags": [], - "text": [], - "value": [] + "text": [{{ TEMPLATES.role.get('text', DASHBOARD)| json }}], + "value": [{{ TEMPLATES.role.get('value', DASHBOARD)| json }}] }, "datasource": "InfluxDB", "definition": "show tag values with key=\"role\"", "description": null, "error": null, - "hide": 0, - "includeAll": true, + "hide": {{ TEMPLATES.role.get('hide', 0)| json }}, + "includeAll": {{ TEMPLATES.role.get('includeAll', true)| json }}, "label": "Role", - "multi": true, + "multi": {{ TEMPLATES.role.get('multi', true)| json }}, "name": "role", "options": [], "query": "show tag values with key=\"role\"", From e9d90644fd84578da8226b458067e396a764693e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 23 Jul 2021 16:52:07 -0400 Subject: [PATCH 205/266] fix query and allow for setting text and value of servername template var --- salt/grafana/defaults.yaml | 4 +++- salt/grafana/templates/servername.json | 6 +++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 11c36a2bb..597cead4f 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -29,7 +29,9 @@ grafana: title: 'Security Onion Grid Overview' templating: list: - servername: {} + servername: + text: All + value: "$__all" role: allValue: true multi: true diff --git a/salt/grafana/templates/servername.json b/salt/grafana/templates/servername.json index 267884edf..1235747a3 100644 --- a/salt/grafana/templates/servername.json +++ b/salt/grafana/templates/servername.json @@ -1,15 +1,15 @@ {% if DASHBOARD == 'overview' %} {% set query = "show tag values with key=\\\"host\\\" WHERE (\\\"role\\\" =~ /^$role$/)" %} {% else %} - {% set query = "show tag values with key=\\\"host\\\" WHERE (\\\"role\\\" = DASHBOARD ')" %} +{% set query = "show tag values with key=\\\"host\\\" WHERE (\\\"role\\\" = '" ~ DASHBOARD ~ "' )" %} {% endif %} { "allValue": null, "current": { "selected": true, "tags": [], - "text": [], - "value": [] + "text": [{{ TEMPLATES.servername.get('text', '')| json }}], + "value": [{{ TEMPLATES.servername.get('value', '')| json }}] }, "datasource": "InfluxDB", "definition": "{{ query }}", From e4f46c6e149c73bc3a06bb640959fcdbe2a5707f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 26 Jul 2021 09:36:05 -0400 Subject: [PATCH 206/266] hide role template var from all dash except overview --- salt/grafana/defaults.yaml | 18 +++++++++--------- salt/grafana/templates/servername.json | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 597cead4f..00589a8b2 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -1329,9 +1329,9 @@ grafana: list: servername: {} role: - allValue: true - multi: true - hide: 0 + allValue: false + multi: false + hide: 2 containers: {} manint: {} monint: {} @@ -1684,9 +1684,9 @@ grafana: list: servername: {} role: - allValue: true - multi: true - hide: 0 + allValue: false + multi: false + hide: 2 containers: {} manint: {} monint: {} @@ -1973,9 +1973,9 @@ grafana: list: servername: {} role: - allValue: true - multi: true - hide: 0 + allValue: false + multi: false + hide: 2 containers: {} manint: {} monint: {} diff --git a/salt/grafana/templates/servername.json b/salt/grafana/templates/servername.json index 1235747a3..aaa90acfc 100644 --- a/salt/grafana/templates/servername.json +++ b/salt/grafana/templates/servername.json @@ -12,7 +12,7 @@ "value": [{{ TEMPLATES.servername.get('value', '')| json }}] }, "datasource": "InfluxDB", - "definition": "{{ query }}", + "definition": "{{ query }}", "description": "", "error": null, "hide": 0, From 2e277bf4879f1ee384c0d313ba1dba30f7a2dcf9 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 26 Jul 2021 10:08:59 -0400 Subject: [PATCH 207/266] change container to abesent of pcap is disabled --- salt/pcap/init.sls | 7 +++++-- salt/pcap/map.jinja | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls index 6679215e4..a64b9d90a 100644 --- a/salt/pcap/init.sls +++ b/salt/pcap/init.sls @@ -111,6 +111,7 @@ stenolog: so-steno: docker_container.{{ STENOOPTIONS.status }}: + {% if STENOOPTIONS.status == 'running' %} - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-steno:{{ VERSION }} - start: {{ STENOOPTIONS.start }} - network_mode: host @@ -126,6 +127,9 @@ so-steno: - /opt/so/log/stenographer:/var/log/stenographer:rw - watch: - file: /opt/so/conf/steno/config + {% else %} {# if stenographer isn't enabled, then stop and remove the container #} + - force: True + {% endif %} append_so-steno_so-status.conf: file.append: @@ -133,7 +137,6 @@ append_so-steno_so-status.conf: - text: so-steno - unless: grep -q so-steno /opt/so/conf/so-status/so-status.conf - {% if not STENOOPTIONS.start %} so-steno_so-status.disabled: file.comment: @@ -152,4 +155,4 @@ delete_so-steno_so-status.disabled: test.fail_without_changes: - name: {{sls}}_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} diff --git a/salt/pcap/map.jinja b/salt/pcap/map.jinja index b3c746bcc..ad23f763b 100644 --- a/salt/pcap/map.jinja +++ b/salt/pcap/map.jinja @@ -9,7 +9,7 @@ {% endif %} {% if ENABLED is sameas false %} - {% do STENOOPTIONS.update({'status': 'stopped'}) %} + {% do STENOOPTIONS.update({'status': 'absent'}) %} {% else %} {% do STENOOPTIONS.update({'status': 'running'}) %} -{% endif %} \ No newline at end of file +{% endif %} From 7aa5e857edb896d994df809728382f1841104f77 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 26 Jul 2021 10:46:52 -0400 Subject: [PATCH 208/266] update hotfix file --- HOTFIX | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/HOTFIX b/HOTFIX index d3f5a12fa..b1fe67394 100644 --- a/HOTFIX +++ b/HOTFIX @@ -1 +1 @@ - +STENODOCKER From 26741bdb53da194ae9264f889133f1fee4390c4a Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 26 Jul 2021 10:55:30 -0400 Subject: [PATCH 209/266] Add wss: to CSP for browsers that enforce wss distinctly from other protocols --- salt/nginx/etc/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index 4fa5c8435..7ee97b16f 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -149,7 +149,7 @@ http { root /opt/socore/html; index index.html; - add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; frame-ancestors 'self'"; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: wss:; frame-ancestors 'self'"; add_header X-Frame-Options SAMEORIGIN; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options nosniff; From 64945cec16b6610db863e55c031bf686ef4466d5 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 26 Jul 2021 14:24:10 -0400 Subject: [PATCH 210/266] [wip] Initial work to enable/disable "learn" modules --- salt/common/tools/sbin/so-learn | 229 +++++++++++++++++++ salt/common/tools/sbin/so-rule | 4 +- salt/{logscan => learn}/files/logscan.conf | 0 salt/learn/init.sls | 19 ++ salt/{logscan/init.sls => learn/logscan.sls} | 12 - salt/top.sls | 6 +- setup/so-setup | 6 + 7 files changed, 260 insertions(+), 16 deletions(-) create mode 100644 salt/common/tools/sbin/so-learn rename salt/{logscan => learn}/files/logscan.conf (100%) create mode 100644 salt/learn/init.sls rename salt/{logscan/init.sls => learn/logscan.sls} (84%) diff --git a/salt/common/tools/sbin/so-learn b/salt/common/tools/sbin/so-learn new file mode 100644 index 000000000..8b5c2473f --- /dev/null +++ b/salt/common/tools/sbin/so-learn @@ -0,0 +1,229 @@ +#!/usr/bin/env python3 + +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +import signal +import sys +import os +import re +import subprocess +import argparse +import textwrap +from typing import List + +import yaml + +minion_pillar_dir = '/opt/so/saltstack/local/pillar/minions' +salt_proc = subprocess.CompletedProcess = None + +# Temp store of modules, will likely be broken out into salt +learn_modules = [ + { 'name': 'logscan', 'enabled': False, 'description': 'Scan log files against pre-trained models to alert on anomalies.' } +] + + +def sigint_handler(*_): + print('Exiting gracefully on Ctrl-C') + if salt_proc is not None: salt_proc.send_signal(signal.SIGINT) + sys.exit(0) + + +def find_minion_pillar() -> str: + regex = '^.*_(manager|managersearch|standalone|import|eval)\.sls$' + + result = [] + for root, _, files in os.walk(minion_pillar_dir): + for f_minion_id in files: + if re.search(regex, f_minion_id): + result.append(os.path.join(root, f_minion_id)) + + if len(result) == 0: + print('Could not find manager-type pillar (eval, standalone, manager, managersearch, import). Are you running this script on the manager?', file=sys.stderr) + sys.exit(3) + elif len(result) > 1: + res_str = ', '.join(f'\"{result}\"') + print('(This should not happen, the system is in an error state if you see this message.)\n', file=sys.stderr) + print('More than one manager-type pillar exists, minion id\'s listed below:', file=sys.stderr) + print(f' {res_str}', file=sys.stderr) + sys.exit(3) + else: + return result[0] + + +def read_pillar(pillar: str): + try: + with open(pillar, 'r') as f: + loaded_yaml = yaml.safe_load(f.read()) + if loaded_yaml is None: + print(f'Could not parse {pillar}', file=sys.stderr) + sys.exit(3) + return loaded_yaml + except: + print(f'Could not open {pillar}', file=sys.stderr) + sys.exit(3) + + +def write_pillar(pillar: str, content: dict): + try: + with open(pillar, 'w') as f: + return yaml.dump(content, f, default_flow_style=False) + except: + print(f'Could not open {pillar}', file=sys.stderr) + sys.exit(3) + + +def create_pillar_if_not_exist(pillar:str, content: dict): + if content.get('learn', {}).get('modules') is None: + content['learn']['modules'] = learn_modules + write_pillar(pillar, content) + + +def apply(module_list: List): + return_code = 0 + for module in module_list: + salt_cmd = ['salt-call', 'state.apply', '-l', 'quiet', f'learn.{module}', 'queue=True'] + print(f'Applying salt state for {module} module...') + cmd = subprocess.run(salt_cmd, stdout=subprocess.DEVNULL) + if cmd.returncode != 0: + print(f'[ERROR] Failed to apply salt state for {module}') + return_code = cmd.returncode + return return_code + + +def check_apply(args: dict): + if args.apply: + print('Configuration updated. Applying changes:') + return apply(args.modules) + else: + if not hasattr(args, 'yes'): + message = 'Configuration updated. Would you like to apply your changes now? (y/N) ' + answer = input(message) + while answer.lower() not in [ 'y', 'n', '' ]: + answer = input(message) + if answer.lower() in [ 'n', '' ]: + return 0 + else: + print('Applying changes:') + return apply(args.modules) + else: + return 0 + + +def enable_disable_modules(args, enable: bool): + pillar_modules = args.pillar_dict.get('learn', {}).get('modules') + + if 'all' in args.modules: + for module in pillar_modules: + module['enabled'] = enable + args.pillar_dict.update() + write_pillar(args.pillar, args.pillar_dict) + else: + write_needed = False + for module in args.modules: + if module in pillar_modules: + pillar_modules[module]['enabled'] = enable + write_needed = enable + if write_needed: + args.pillar_dict.update() + write_pillar(args.pillarm, args.pillar_dict) + + check_apply(args) + + +def enable_modules(args): + enable_disable_modules(args, enable=True) + + +def disable_modules(args): + enable_disable_modules(args, enable=False) + + +def list_modules(*_): + print('Available ML modules:') + for module in learn_modules: + + print(f' - { module["name"] } : {module["description"]}') + + +def main(): + beta_str = 'BETA - SUBJECT TO CHANGE\n' + + apply_help='After ACTION the chosen modules, apply any necessary salt states.' + enable_apply_help = apply_help.replace('ACTION', 'enabling') + disable_apply_help = apply_help.replace('ACTION', 'disabling') + + yes_help = 'Accept apply prompt.' + + signal.signal(signal.SIGINT, sigint_handler) + + if os.geteuid() != 0: + print('You must run this script as root', file=sys.stderr) + sys.exit(1) + + main_parser = argparse.ArgumentParser(formatter_class=argparse.RawDescriptionHelpFormatter) + + subcommand_desc = textwrap.dedent( + """\ + enable Enable one or more ML modules. + disable Disable one or more ML modules. + list List all available ML modules. + """ + ) + + subparsers = main_parser.add_subparsers(title='commands', description=subcommand_desc, metavar='', dest='command') + + module_help_str = 'One or more ML modules, which can be listed using \'so-learn list\'. Use the keyword \'all\' to apply the action to all available modules.' + + enable = subparsers.add_parser('enable') + enable.set_defaults(func=enable_modules) + enable.add_argument('modules', metavar='ML_MODULES', nargs='+', help=module_help_str) + enable.add_argument('--apply', action='store_const', const=True, required=False, help=enable_apply_help) + enable.add_argument('--yes', '-y', action='store_const', const=True, required=False, help=yes_help) + + + disable = subparsers.add_parser('disable') + disable.set_defaults(func=disable_modules) + disable.add_argument('modules', metavar='ML_MODULES', nargs='+', help=module_help_str) + disable.add_argument('--apply', action='store_const', const=True, required=False, help=disable_apply_help) + disable.add_argument('--yes', '-y', action='store_const', const=True, required=False, help=yes_help) + + + + list = subparsers.add_parser('list') + list.set_defaults(func=list_modules) + + args = main_parser.parse_args(sys.argv[1:]) + + # args.pillar = find_minion_pillar() + + # args.pillar_dict = read_pillar(args.pillar) + + # create_pillar_if_not_exist(args.pillar, args.pillar_dict) + + if hasattr(args, 'func'): + exit_code = args.func(args) + else: + if args.command is None: + print(beta_str) + main_parser.print_help() + sys.exit(0) + + sys.exit(exit_code) + + +if __name__ == '__main__': + main() diff --git a/salt/common/tools/sbin/so-rule b/salt/common/tools/sbin/so-rule index 07d6cd2cc..bbb916807 100755 --- a/salt/common/tools/sbin/so-rule +++ b/salt/common/tools/sbin/so-rule @@ -349,9 +349,7 @@ def sigint_handler(*_): def main(): signal.signal(signal.SIGINT, sigint_handler) - if os.geteuid() != 0: - print_err('You must run this script as root') - sys.exit(1) + apply_help='After updating rule configuration, apply the idstools state.' diff --git a/salt/logscan/files/logscan.conf b/salt/learn/files/logscan.conf similarity index 100% rename from salt/logscan/files/logscan.conf rename to salt/learn/files/logscan.conf diff --git a/salt/learn/init.sls b/salt/learn/init.sls new file mode 100644 index 000000000..581f3f073 --- /dev/null +++ b/salt/learn/init.sls @@ -0,0 +1,19 @@ +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls in allowed_states %} + +{% set module_list = salt['pillar.get']('learn:modules', [] ) %} + +{% if len(module_list) != 0 %}} +include: +{% for module in module_list %} + - .{{ module }} +{% endfor %} +{% endif %} + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} diff --git a/salt/logscan/init.sls b/salt/learn/logscan.sls similarity index 84% rename from salt/logscan/init.sls rename to salt/learn/logscan.sls index 51badbcdd..43318d81a 100644 --- a/salt/logscan/init.sls +++ b/salt/learn/logscan.sls @@ -1,6 +1,3 @@ -{% from 'allowed_states.map.jinja' import allowed_states %} -{% if sls in allowed_states %} - {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %} {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} @@ -46,12 +43,3 @@ so-logscan: - /opt/so/log/logscan:/logscan/output:rw - /opt/so/log:/logscan/logs:ro - cpu_period: {{ logscan_cpu_period }} - - -{% else %} - -{{sls}}_state_not_allowed: - test.fail_without_changes: - - name: {{sls}}_state_not_allowed - -{% endif %} diff --git a/salt/top.sls b/salt/top.sls index 24be8283c..32069ab66 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -156,6 +156,7 @@ base: {%- endif %} - docker_clean - pipeline.load + - learn '*_manager and G@saltversion:{{saltversion}}': - match: compound @@ -218,6 +219,7 @@ base: {%- endif %} - docker_clean - pipeline.load + - learn '*_standalone and G@saltversion:{{saltversion}}': - match: compound @@ -292,6 +294,7 @@ base: {%- endif %} - docker_clean - pipeline.load + - learn '*_searchnode and G@saltversion:{{saltversion}}': - match: compound @@ -366,7 +369,6 @@ base: {%- if FILEBEAT %} - filebeat {%- endif %} - - utility - schedule {%- if FLEETMANAGER or FLEETNODE %} @@ -388,6 +390,7 @@ base: {%- endif %} - docker_clean - pipeline.load + - learn '*_heavynode and G@saltversion:{{saltversion}}': - match: compound @@ -478,3 +481,4 @@ base: - schedule - docker_clean - pipeline.load + - learn diff --git a/setup/so-setup b/setup/so-setup index 68490657f..bfca9b2bd 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -962,6 +962,12 @@ else set_progress_str 99 'Waiting for TheHive to start up' check_hive_init >> $setup_log 2>&1 fi + + if [[ -n $LEARN_LOGSCAN_ENABLE ]]; then + set_progress_str 99 'Enabling logscan' + so-learn enable logscan --apply -y >> $setup_log 2>&1 + fi + } | whiptail_gauge_post_setup "Running post-installation steps..." whiptail_setup_complete From 3a022e7a83df0bac87c7b8911ac9aeabb7624637 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 26 Jul 2021 15:50:15 -0400 Subject: [PATCH 211/266] Add Azure automations --- setup/automation/distributed-azure-manager | 76 +++++++++++++++++++++ setup/automation/distributed-azure-search | 78 ++++++++++++++++++++++ setup/automation/distributed-azure-sensor | 78 ++++++++++++++++++++++ setup/automation/eval-azure | 76 +++++++++++++++++++++ setup/automation/import-azure | 76 +++++++++++++++++++++ setup/automation/standalone-azure | 76 +++++++++++++++++++++ 6 files changed, 460 insertions(+) create mode 100644 setup/automation/distributed-azure-manager create mode 100644 setup/automation/distributed-azure-search create mode 100644 setup/automation/distributed-azure-sensor create mode 100644 setup/automation/eval-azure create mode 100644 setup/automation/import-azure create mode 100644 setup/automation/standalone-azure diff --git a/setup/automation/distributed-azure-manager b/setup/automation/distributed-azure-manager new file mode 100644 index 000000000..b9e26beac --- /dev/null +++ b/setup/automation/distributed-azure-manager @@ -0,0 +1,76 @@ +#!/bin/bash + +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +TESTING=true + +address_type=DHCP +ADMINUSER=onionuser +ADMINPASS1=onionuser +ADMINPASS2=onionuser +ALLOW_CIDR=0.0.0.0/0 +ALLOW_ROLE=a +BASICZEEK=2 +BASICSURI=2 +# BLOGS= +#BNICS=eth1 +ZEEKVERSION=ZEEK +# CURCLOSEDAYS= +# EVALADVANCED=BASIC +GRAFANA=1 +# HELIXAPIKEY= +HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 +HNSENSOR=inherit +HOSTNAME=distributed-manager +install_type=MANAGER +# LSINPUTBATCHCOUNT= +# LSINPUTTHREADS= +# LSPIPELINEBATCH= +# LSPIPELINEWORKERS= +MANAGERADV=BASIC +# MDNS= +# MGATEWAY= +# MIP= +# MMASK= +MNIC=eth0 +# MSEARCH= +# MSRV= +# MTU= +NIDS=Suricata +# NODE_ES_HEAP_SIZE= +# NODE_LS_HEAP_SIZE= +NODESETUP=NODEBASIC +NSMSETUP=BASIC +NODEUPDATES=MANAGER +# OINKCODE= +OSQUERY=1 +# PATCHSCHEDULEDAYS= +# PATCHSCHEDULEHOURS= +PATCHSCHEDULENAME=auto +PLAYBOOK=1 +REDIRECTHOST=$(cat /root/public_ip) +REDIRECTINFO=OTHER +RULESETUP=ETOPEN +# SHARDCOUNT= +# SKIP_REBOOT=0 +SOREMOTEPASS1=onionuser +SOREMOTEPASS2=onionuser +STRELKA=1 +THEHIVE=1 +WAZUH=1 +WEBUSER=onionuser@somewhere.invalid +WEBPASSWD1=0n10nus3r +WEBPASSWD2=0n10nus3r diff --git a/setup/automation/distributed-azure-search b/setup/automation/distributed-azure-search new file mode 100644 index 000000000..7e7a82291 --- /dev/null +++ b/setup/automation/distributed-azure-search @@ -0,0 +1,78 @@ +#!/bin/bash + +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +TESTING=true + +address_type=DHCP +ADMINUSER=onionuser +ADMINPASS1=onionuser +ADMINPASS2=onionuser +#ALLOW_CIDR=0.0.0.0/0 +#ALLOW_ROLE=a +#BASICZEEK=7 +#BASICSURI=7 +# BLOGS= +#BNICS=ens6 +#ZEEKVERSION=ZEEK +# CURCLOSEDAYS= +# EVALADVANCED=BASIC +#GRAFANA=1 +# HELIXAPIKEY= +HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 +HNSENSOR=inherit +HOSTNAME=distributed-search +install_type=SEARCHNODE +# LSINPUTBATCHCOUNT= +# LSINPUTTHREADS= +# LSPIPELINEBATCH= +# LSPIPELINEWORKERS= +#MANAGERADV=BASIC +MANAGERUPDATES=1 +# MDNS= +# MGATEWAY= +# MIP= +# MMASK= +MNIC=eth0 +# MSEARCH= +MSRV=distributed-manager +MSRVIP=10.99.1.20 +# MTU= +#NIDS=Suricata +# NODE_ES_HEAP_SIZE= +# NODE_LS_HEAP_SIZE= +NODESETUP=NODEBASIC +NSMSETUP=BASIC +NODEUPDATES=MANAGER +# OINKCODE= +#OSQUERY=1 +# PATCHSCHEDULEDAYS= +# PATCHSCHEDULEHOURS= +PATCHSCHEDULENAME=auto +#PLAYBOOK=1 +# REDIRECTHOST= +#REDIRECTINFO=HOSTNAME +#RULESETUP=ETOPEN +# SHARDCOUNT= +# SKIP_REBOOT=0 +SOREMOTEPASS1=onionuser +SOREMOTEPASS2=onionuser +#STRELKA=1 +#THEHIVE=1 +#WAZUH=1 +# WEBUSER=onionuser@somewhere.invalid +# WEBPASSWD1=0n10nus3r +# WEBPASSWD2=0n10nus3r \ No newline at end of file diff --git a/setup/automation/distributed-azure-sensor b/setup/automation/distributed-azure-sensor new file mode 100644 index 000000000..fc12774b3 --- /dev/null +++ b/setup/automation/distributed-azure-sensor @@ -0,0 +1,78 @@ +#!/bin/bash + +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +TESTING=true + +address_type=DHCP +ADMINUSER=onionuser +ADMINPASS1=onionuser +ADMINPASS2=onionuser +#ALLOW_CIDR=0.0.0.0/0 +#ALLOW_ROLE=a +BASICZEEK=2 +BASICSURI=2 +# BLOGS= +BNICS=eth1 +ZEEKVERSION=ZEEK +# CURCLOSEDAYS= +# EVALADVANCED=BASIC +#GRAFANA=1 +# HELIXAPIKEY= +HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 +HNSENSOR=inherit +HOSTNAME=distributed-sensor +install_type=SENSOR +# LSINPUTBATCHCOUNT= +# LSINPUTTHREADS= +# LSPIPELINEBATCH= +# LSPIPELINEWORKERS= +#MANAGERADV=BASIC +MANAGERUPDATES=1 +# MDNS= +# MGATEWAY= +# MIP= +# MMASK= +MNIC=eth0 +# MSEARCH= +MSRV=distributed-manager +MSRVIP=10.99.1.20 +# MTU= +#NIDS=Suricata +# NODE_ES_HEAP_SIZE= +# NODE_LS_HEAP_SIZE= +#NODESETUP=NODEBASIC +NSMSETUP=BASIC +NODEUPDATES=MANAGER +# OINKCODE= +#OSQUERY=1 +# PATCHSCHEDULEDAYS= +# PATCHSCHEDULEHOURS= +PATCHSCHEDULENAME=auto +#PLAYBOOK=1 +# REDIRECTHOST= +#REDIRECTINFO=HOSTNAME +#RULESETUP=ETOPEN +# SHARDCOUNT= +# SKIP_REBOOT=0 +SOREMOTEPASS1=onionuser +SOREMOTEPASS2=onionuser +#STRELKA=1 +#THEHIVE=1 +#WAZUH=1 +# WEBUSER=onionuser@somewhere.invalid +# WEBPASSWD1=0n10nus3r +# WEBPASSWD2=0n10nus3r \ No newline at end of file diff --git a/setup/automation/eval-azure b/setup/automation/eval-azure new file mode 100644 index 000000000..2e9a69784 --- /dev/null +++ b/setup/automation/eval-azure @@ -0,0 +1,76 @@ +#!/bin/bash + +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +TESTING=true + +address_type=DHCP +ADMINUSER=onionuser +ADMINPASS1=onionuser +ADMINPASS2=onionuser +ALLOW_CIDR=0.0.0.0/0 +ALLOW_ROLE=a +BASICZEEK=2 +BASICSURI=2 +# BLOGS= +BNICS=eth1 +ZEEKVERSION=ZEEK +# CURCLOSEDAYS= +# EVALADVANCED=BASIC +GRAFANA=1 +# HELIXAPIKEY= +HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 +HNSENSOR=inherit +HOSTNAME=eval-aws +install_type=EVAL +# LSINPUTBATCHCOUNT= +# LSINPUTTHREADS= +# LSPIPELINEBATCH= +# LSPIPELINEWORKERS= +MANAGERADV=BASIC +# MDNS= +# MGATEWAY= +# MIP= +# MMASK= +MNIC=eth0 +# MSEARCH= +# MSRV= +# MTU= +NIDS=Suricata +# NODE_ES_HEAP_SIZE= +# NODE_LS_HEAP_SIZE= +NODESETUP=NODEBASIC +NSMSETUP=BASIC +NODEUPDATES=MANAGER +# OINKCODE= +OSQUERY=1 +# PATCHSCHEDULEDAYS= +# PATCHSCHEDULEHOURS= +PATCHSCHEDULENAME=auto +PLAYBOOK=1 +REDIRECTHOST=$(cat /root/public_ip) +REDIRECTINFO=OTHER +RULESETUP=ETOPEN +# SHARDCOUNT= +# SKIP_REBOOT= +SOREMOTEPASS1=onionuser +SOREMOTEPASS2=onionuser +STRELKA=1 +THEHIVE=1 +WAZUH=1 +WEBUSER=onionuser@somewhere.invalid +WEBPASSWD1=0n10nus3r +WEBPASSWD2=0n10nus3r diff --git a/setup/automation/import-azure b/setup/automation/import-azure new file mode 100644 index 000000000..27fea980e --- /dev/null +++ b/setup/automation/import-azure @@ -0,0 +1,76 @@ +#!/bin/bash + +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +TESTING=true + +address_type=DHCP +ADMINUSER=onionuser +ADMINPASS1=onionuser +ADMINPASS2=onionuser +ALLOW_CIDR=0.0.0.0/0 +ALLOW_ROLE=a +BASICZEEK=2 +BASICSURI=2 +# BLOGS= +#BNICS=eth1 +ZEEKVERSION=ZEEK +# CURCLOSEDAYS= +# EVALADVANCED=BASIC +# GRAFANA=1 +# HELIXAPIKEY= +HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 +HNSENSOR=inherit +HOSTNAME=import +install_type=IMPORT +# LSINPUTBATCHCOUNT= +# LSINPUTTHREADS= +# LSPIPELINEBATCH= +# LSPIPELINEWORKERS= +MANAGERADV=BASIC +# MDNS= +# MGATEWAY= +# MIP= +# MMASK= +MNIC=eth0 +# MSEARCH= +# MSRV= +# MTU= +NIDS=Suricata +# NODE_ES_HEAP_SIZE= +# NODE_LS_HEAP_SIZE= +NODESETUP=NODEBASIC +NSMSETUP=BASIC +NODEUPDATES=MANAGER +# OINKCODE= +# OSQUERY=1 +# PATCHSCHEDULEDAYS= +# PATCHSCHEDULEHOURS= +PATCHSCHEDULENAME=auto +# PLAYBOOK=1 +REDIRECTHOST=$(cat /root/public_ip) +REDIRECTINFO=OTHER +RULESETUP=ETOPEN +# SHARDCOUNT= +# SKIP_REBOOT= +# SOREMOTEPASS1=onionuser +# SOREMOTEPASS2=onionuser +STRELKA=1 +# THEHIVE=1 +# WAZUH=1 +WEBUSER=onionuser@somewhere.invalid +WEBPASSWD1=0n10nus3r +WEBPASSWD2=0n10nus3r diff --git a/setup/automation/standalone-azure b/setup/automation/standalone-azure new file mode 100644 index 000000000..28bb2ae87 --- /dev/null +++ b/setup/automation/standalone-azure @@ -0,0 +1,76 @@ +#!/bin/bash + +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +TESTING=true + +address_type=DHCP +ADMINUSER=onionuser +ADMINPASS1=onionuser +ADMINPASS2=onionuser +ALLOW_CIDR=0.0.0.0/0 +ALLOW_ROLE=a +BASICZEEK=2 +BASICSURI=2 +# BLOGS= +BNICS=eth1 +ZEEKVERSION=ZEEK +# CURCLOSEDAYS= +# EVALADVANCED=BASIC +GRAFANA=1 +# HELIXAPIKEY= +HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 +HNSENSOR=inherit +HOSTNAME=standalone-aws +install_type=STANDALONE +# LSINPUTBATCHCOUNT= +# LSINPUTTHREADS= +# LSPIPELINEBATCH= +# LSPIPELINEWORKERS= +MANAGERADV=BASIC +# MDNS= +# MGATEWAY= +# MIP= +# MMASK= +MNIC=eth0 +# MSEARCH= +# MSRV= +# MTU= +NIDS=Suricata +# NODE_ES_HEAP_SIZE= +# NODE_LS_HEAP_SIZE= +NODESETUP=NODEBASIC +NSMSETUP=BASIC +NODEUPDATES=MANAGER +# OINKCODE= +OSQUERY=1 +# PATCHSCHEDULEDAYS= +# PATCHSCHEDULEHOURS= +PATCHSCHEDULENAME=auto +PLAYBOOK=1 +REDIRECTHOST=$(cat /root/public_ip) +REDIRECTINFO=OTHER +RULESETUP=ETOPEN +# SHARDCOUNT= +# SKIP_REBOOT= +SOREMOTEPASS1=onionuser +SOREMOTEPASS2=onionuser +STRELKA=1 +THEHIVE=1 +WAZUH=1 +WEBUSER=onionuser@somewhere.invalid +WEBPASSWD1=0n10nus3r +WEBPASSWD2=0n10nus3r From 850315dc2015407664d51e70ad9e50728c3386c5 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 27 Jul 2021 08:47:44 -0400 Subject: [PATCH 212/266] remove role conditional from all panel queiries --- .../panels/cpu_usage_current_graph.json.jinja | 6 ------ .../panels/cpu_usage_tasks_blocked_graph.json.jinja | 2 +- .../panels/cpu_usage_tasks_paging_graph.json.jinja | 2 +- .../panels/cpu_usage_tasks_running_graph.json.jinja | 2 +- .../panels/cpu_usage_tasks_sleeping_graph.json.jinja | 2 +- .../panels/cpu_usage_tasks_stopped_graph.json.jinja | 2 +- .../panels/cpu_usage_tasks_unknown_graph.json.jinja | 2 +- .../panels/cpu_usage_tasks_zombies_graph.json.jinja | 2 +- .../panels/disk_usage_nsm_percent_graph.json.jinja | 6 ------ .../panels/disk_usage_root_percent_graph.json.jinja | 6 ------ salt/grafana/panels/io_wait_graph.json.jinja | 6 ------ salt/grafana/panels/io_wait_stat.json.jinja | 2 +- ...nagement_interface_drops_inbound_graph.json.jinja | 2 +- ...agement_interface_drops_outbound_graph.json.jinja | 2 +- ...gement_interface_traffic_inbound_graph.json.jinja | 6 ------ ...ement_interface_traffic_outbound_graph.json.jinja | 6 ------ .../panels/memory_usage_percent_graph.json.jinja | 6 ------ .../monitor_interface_drops_inbound_graph.json.jinja | 2 +- ...onitor_interface_traffic_inbound_graph.json.jinja | 6 ------ .../panels/stenographer_packet_loss_graph.json.jinja | 12 ------------ .../panels/suricata_packet_loss_graph.json.jinja | 12 ------------ .../panels/swap_usage_percent_graph.json.jinja | 6 ------ salt/grafana/panels/system_uptime_graph.json.jinja | 6 ------ .../uptime_docker_combined_current_graph.json.jinja | 8 +------- .../grafana/panels/zeek_packet_loss_graph.json.jinja | 12 ------------ 25 files changed, 12 insertions(+), 114 deletions(-) diff --git a/salt/grafana/panels/cpu_usage_current_graph.json.jinja b/salt/grafana/panels/cpu_usage_current_graph.json.jinja index 555d23221..ff7517029 100644 --- a/salt/grafana/panels/cpu_usage_current_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_current_graph.json.jinja @@ -108,12 +108,6 @@ "key": "cpu", "operator": "=", "value": "cpu-total" - }, - { - "condition": "AND", - "key": "role", - "operator": "=~", - "value": "/^$role$/" } ] } diff --git a/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja index 6e6d92331..7285d6430 100644 --- a/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja @@ -44,7 +44,7 @@ } ] ], - "query": "SELECT mean(blocked) as blocked FROM \"processes\" WHERE (host =~ /$servername$/ AND role =~ /$role$/) AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "query": "SELECT mean(blocked) as blocked FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", "rawQuery": true, "alias": "$tag_host $tag_role" } diff --git a/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja index 392063f07..2af6c1bec 100644 --- a/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja @@ -44,7 +44,7 @@ } ] ], - "query": "SELECT mean(paging) as paging FROM \"processes\" WHERE (host =~ /$servername$/ AND role =~ /$role$/) AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "query": "SELECT mean(paging) as paging FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", "rawQuery": true, "alias": "$tag_host $tag_role" } diff --git a/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja index c6b9d4b58..c1148391f 100644 --- a/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja @@ -44,7 +44,7 @@ } ] ], - "query": "SELECT mean(running) as running FROM \"processes\" WHERE (host =~ /$servername$/ AND role =~ /$role$/) AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "query": "SELECT mean(running) as running FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", "rawQuery": true, "alias": "$tag_host $tag_role" } diff --git a/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja index bd58ca9ea..e23f5e0df 100644 --- a/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja @@ -44,7 +44,7 @@ } ] ], - "query": "SELECT mean(sleeping) as sleeping FROM \"processes\" WHERE (host =~ /$servername$/ AND role =~ /$role$/) AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "query": "SELECT mean(sleeping) as sleeping FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", "rawQuery": true, "alias": "$tag_host $tag_role" } diff --git a/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja index cc801ce9e..bbff2cd0f 100644 --- a/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja @@ -44,7 +44,7 @@ } ] ], - "query": "SELECT mean(stopped) as stopped FROM \"processes\" WHERE (host =~ /$servername$/ AND role =~ /$role$/) AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "query": "SELECT mean(stopped) as stopped FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", "rawQuery": true, "alias": "$tag_host $tag_role" } diff --git a/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja index f6e2062ca..1c194bcbc 100644 --- a/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja @@ -44,7 +44,7 @@ } ] ], - "query": "SELECT mean(unknown) as unknown FROM \"processes\" WHERE (host =~ /$servername$/ AND role =~ /$role$/) AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "query": "SELECT mean(unknown) as unknown FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", "rawQuery": true, "alias": "$tag_host $tag_role" } diff --git a/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja index 712ea7c6b..2d3f90018 100644 --- a/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja +++ b/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja @@ -44,7 +44,7 @@ } ] ], - "query": "SELECT mean(zombies) as zombies FROM \"processes\" WHERE (host =~ /$servername$/ AND role =~ /$role$/) AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", + "query": "SELECT mean(zombies) as zombies FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", "rawQuery": true, "alias": "$tag_host $tag_role" } diff --git a/salt/grafana/panels/disk_usage_nsm_percent_graph.json.jinja b/salt/grafana/panels/disk_usage_nsm_percent_graph.json.jinja index ff492bf52..19e5e0777 100644 --- a/salt/grafana/panels/disk_usage_nsm_percent_graph.json.jinja +++ b/salt/grafana/panels/disk_usage_nsm_percent_graph.json.jinja @@ -96,12 +96,6 @@ "operator": "=~", "value": "/^$servername$/" }, - { - "condition": "AND", - "key": "role", - "operator": "=~", - "value": "/^$role$/" - }, { "condition": "AND", "key": "path", diff --git a/salt/grafana/panels/disk_usage_root_percent_graph.json.jinja b/salt/grafana/panels/disk_usage_root_percent_graph.json.jinja index 3aaa18f4d..25315a94c 100644 --- a/salt/grafana/panels/disk_usage_root_percent_graph.json.jinja +++ b/salt/grafana/panels/disk_usage_root_percent_graph.json.jinja @@ -96,12 +96,6 @@ "operator": "=~", "value": "/^$servername$/" }, - { - "condition": "AND", - "key": "role", - "operator": "=~", - "value": "/^$role$/" - }, { "condition": "AND", "key": "path", diff --git a/salt/grafana/panels/io_wait_graph.json.jinja b/salt/grafana/panels/io_wait_graph.json.jinja index 73057830e..3a01467b0 100644 --- a/salt/grafana/panels/io_wait_graph.json.jinja +++ b/salt/grafana/panels/io_wait_graph.json.jinja @@ -26,12 +26,6 @@ "key": "cpu", "operator": "=", "value": "cpu-total" - }, - { - "condition": "AND", - "key": "role", - "operator": "=~", - "value": "/^$role$/" } ], "groupBy": [ diff --git a/salt/grafana/panels/io_wait_stat.json.jinja b/salt/grafana/panels/io_wait_stat.json.jinja index 840d282cc..470d0008f 100644 --- a/salt/grafana/panels/io_wait_stat.json.jinja +++ b/salt/grafana/panels/io_wait_stat.json.jinja @@ -65,7 +65,7 @@ ], "measurement": "cpu", "policy": "default", - "query": "SELECT non_negative_derivative(mean(\"usage_iowait\"), 1s) FROM \"cpu\" WHERE (host =~ /$servername$/ AND role =~ /$role$/ AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT non_negative_derivative(mean(\"usage_iowait\"), 1s) FROM \"cpu\" WHERE (host =~ /$servername$/ AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", diff --git a/salt/grafana/panels/management_interface_drops_inbound_graph.json.jinja b/salt/grafana/panels/management_interface_drops_inbound_graph.json.jinja index 3ec958adc..f8aae9330 100644 --- a/salt/grafana/panels/management_interface_drops_inbound_graph.json.jinja +++ b/salt/grafana/panels/management_interface_drops_inbound_graph.json.jinja @@ -65,7 +65,7 @@ ], "orderByTime": "ASC", "policy": "default", - "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND role =~ /$role/ AND $timeFilter GROUP BY time($__interval), host,role fill(none)", + "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), host,role fill(none)", "queryType": "randomWalk", "rawQuery": true, "refId": "A", diff --git a/salt/grafana/panels/management_interface_drops_outbound_graph.json.jinja b/salt/grafana/panels/management_interface_drops_outbound_graph.json.jinja index 3e59e1136..8c65a251a 100644 --- a/salt/grafana/panels/management_interface_drops_outbound_graph.json.jinja +++ b/salt/grafana/panels/management_interface_drops_outbound_graph.json.jinja @@ -66,7 +66,7 @@ "hide": false, "orderByTime": "ASC", "policy": "default", - "query": "SELECT non_negative_derivative(mean(drop_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND role =~ /$role/ AND $timeFilter GROUP BY time($__interval), host,role fill(none)", + "query": "SELECT non_negative_derivative(mean(drop_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), host,role fill(none)", "rawQuery": true, "refId": "B", "resultFormat": "time_series", diff --git a/salt/grafana/panels/management_interface_traffic_inbound_graph.json.jinja b/salt/grafana/panels/management_interface_traffic_inbound_graph.json.jinja index 863644e58..0f34d8ee3 100644 --- a/salt/grafana/panels/management_interface_traffic_inbound_graph.json.jinja +++ b/salt/grafana/panels/management_interface_traffic_inbound_graph.json.jinja @@ -122,12 +122,6 @@ "key": "interface", "operator": "=~", "value": "/^$manint$/" - }, - { - "condition": "AND", - "key": "role", - "operator": "=~", - "value": "/^$role$/" } ] } diff --git a/salt/grafana/panels/management_interface_traffic_outbound_graph.json.jinja b/salt/grafana/panels/management_interface_traffic_outbound_graph.json.jinja index 87ad16750..05f3cdb75 100644 --- a/salt/grafana/panels/management_interface_traffic_outbound_graph.json.jinja +++ b/salt/grafana/panels/management_interface_traffic_outbound_graph.json.jinja @@ -120,12 +120,6 @@ "key": "interface", "operator": "=~", "value": "/^$manint$/" - }, - { - "condition": "AND", - "key": "role", - "operator": "=~", - "value": "/^$role$/" } ] } diff --git a/salt/grafana/panels/memory_usage_percent_graph.json.jinja b/salt/grafana/panels/memory_usage_percent_graph.json.jinja index dddfd73d6..9060a41f6 100644 --- a/salt/grafana/panels/memory_usage_percent_graph.json.jinja +++ b/salt/grafana/panels/memory_usage_percent_graph.json.jinja @@ -20,12 +20,6 @@ "key": "host", "operator": "=~", "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "role", - "operator": "=~", - "value": "/^$role$/" } ], "groupBy": [ diff --git a/salt/grafana/panels/monitor_interface_drops_inbound_graph.json.jinja b/salt/grafana/panels/monitor_interface_drops_inbound_graph.json.jinja index 42b274bbb..c784e8efc 100644 --- a/salt/grafana/panels/monitor_interface_drops_inbound_graph.json.jinja +++ b/salt/grafana/panels/monitor_interface_drops_inbound_graph.json.jinja @@ -63,7 +63,7 @@ ], "orderByTime": "ASC", "policy": "default", - "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND role =~ /$role/ AND $timeFilter GROUP BY time($__interval), host,role fill(none)", + "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), host,role fill(none)", "queryType": "randomWalk", "rawQuery": true, "refId": "A", diff --git a/salt/grafana/panels/monitor_interface_traffic_inbound_graph.json.jinja b/salt/grafana/panels/monitor_interface_traffic_inbound_graph.json.jinja index 6ef26c5ee..f5fad1509 100644 --- a/salt/grafana/panels/monitor_interface_traffic_inbound_graph.json.jinja +++ b/salt/grafana/panels/monitor_interface_traffic_inbound_graph.json.jinja @@ -122,12 +122,6 @@ "key": "interface", "operator": "=~", "value": "/^$monint$/" - }, - { - "condition": "AND", - "key": "role", - "operator": "=~", - "value": "/^$role$/" } ] } diff --git a/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja b/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja index 351b2505f..5bd3f5a07 100644 --- a/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja +++ b/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja @@ -106,12 +106,6 @@ "key": "host", "operator": "=~", "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "role", - "operator": "=~", - "value": "/^$role$/" } ] }, @@ -169,12 +163,6 @@ "key": "host", "operator": "=~", "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "role", - "operator": "=~", - "value": "/^$role$/" } ] } diff --git a/salt/grafana/panels/suricata_packet_loss_graph.json.jinja b/salt/grafana/panels/suricata_packet_loss_graph.json.jinja index e9ec68e31..39b53d166 100644 --- a/salt/grafana/panels/suricata_packet_loss_graph.json.jinja +++ b/salt/grafana/panels/suricata_packet_loss_graph.json.jinja @@ -112,12 +112,6 @@ "key": "host", "operator": "=~", "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "role", - "operator": "=~", - "value": "/^$role$/" } ] }, @@ -181,12 +175,6 @@ "key": "host", "operator": "=~", "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "role", - "operator": "=~", - "value": "/^$role$/" } ] } diff --git a/salt/grafana/panels/swap_usage_percent_graph.json.jinja b/salt/grafana/panels/swap_usage_percent_graph.json.jinja index ffd45e6fa..b40412994 100644 --- a/salt/grafana/panels/swap_usage_percent_graph.json.jinja +++ b/salt/grafana/panels/swap_usage_percent_graph.json.jinja @@ -20,12 +20,6 @@ "key": "host", "operator": "=~", "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "role", - "operator": "=~", - "value": "/^$role$/" } ], "groupBy": [ diff --git a/salt/grafana/panels/system_uptime_graph.json.jinja b/salt/grafana/panels/system_uptime_graph.json.jinja index 74073651c..bf26b520f 100644 --- a/salt/grafana/panels/system_uptime_graph.json.jinja +++ b/salt/grafana/panels/system_uptime_graph.json.jinja @@ -20,12 +20,6 @@ "key": "host", "operator": "=~", "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "role", - "operator": "=~", - "value": "/^$role$/" } ], "groupBy": [ diff --git a/salt/grafana/panels/uptime_docker_combined_current_graph.json.jinja b/salt/grafana/panels/uptime_docker_combined_current_graph.json.jinja index 2422cbbcc..ad4ff2805 100644 --- a/salt/grafana/panels/uptime_docker_combined_current_graph.json.jinja +++ b/salt/grafana/panels/uptime_docker_combined_current_graph.json.jinja @@ -76,7 +76,7 @@ "measurement": "docker_container_status", "orderByTime": "ASC", "policy": "default", - "query": "SELECT last(\"uptime_ns\") FROM \"docker_container_status\" WHERE (\"host\" =~ /^$servername$/ AND \"container_name\" =~ /^$containers$/ AND \"role\" =~ /^$role$/) AND $timeFilter GROUP BY time($__interval), \"container_name\", \"host\", \"role\" fill(null)", + "query": "SELECT last(\"uptime_ns\") FROM \"docker_container_status\" WHERE (\"host\" =~ /^$servername$/ AND \"container_name\" =~ /^$containers$/) AND $timeFilter GROUP BY time($__interval), \"container_name\", \"host\", \"role\" fill(null)", "queryType": "randomWalk", "rawQuery": false, "refId": "A", @@ -106,12 +106,6 @@ "key": "container_name", "operator": "=~", "value": "/^$containers$/" - }, - { - "condition": "AND", - "key": "role", - "operator": "=~", - "value": "/^$role$/" } ], "slimit": "", diff --git a/salt/grafana/panels/zeek_packet_loss_graph.json.jinja b/salt/grafana/panels/zeek_packet_loss_graph.json.jinja index 89d1d57f1..7656cb575 100644 --- a/salt/grafana/panels/zeek_packet_loss_graph.json.jinja +++ b/salt/grafana/panels/zeek_packet_loss_graph.json.jinja @@ -112,12 +112,6 @@ "key": "host", "operator": "=~", "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "role", - "operator": "=~", - "value": "/^$role$/" } ] }, @@ -181,12 +175,6 @@ "key": "host", "operator": "=~", "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "role", - "operator": "=~", - "value": "/^$role$/" } ] } From a66765e99b8a170749fbcad37c3df7b9a45d80ef Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 27 Jul 2021 10:23:35 -0400 Subject: [PATCH 213/266] remove old dashboards, set default refresh to 5m --- .../dashboards/common_template.json.jinja | 1 + salt/grafana/dashboards/eval/eval.json | 6305 ---------- salt/grafana/dashboards/manager/manager.json | 6722 ---------- .../managersearch/managersearch.json | 7535 ------------ .../dashboards/search_nodes/searchnode.json | 5466 -------- .../dashboards/sensor_nodes/sensor.json | 6341 ---------- .../dashboards/standalone/standalone.json | 10257 ---------------- 7 files changed, 1 insertion(+), 42626 deletions(-) delete mode 100644 salt/grafana/dashboards/eval/eval.json delete mode 100644 salt/grafana/dashboards/manager/manager.json delete mode 100644 salt/grafana/dashboards/managersearch/managersearch.json delete mode 100644 salt/grafana/dashboards/search_nodes/searchnode.json delete mode 100644 salt/grafana/dashboards/sensor_nodes/sensor.json delete mode 100644 salt/grafana/dashboards/standalone/standalone.json diff --git a/salt/grafana/dashboards/common_template.json.jinja b/salt/grafana/dashboards/common_template.json.jinja index d8a7ff422..23060a2fb 100644 --- a/salt/grafana/dashboards/common_template.json.jinja +++ b/salt/grafana/dashboards/common_template.json.jinja @@ -25,6 +25,7 @@ {{ panel | json }} {% if not loop.last %},{% endif %} {% endfor -%} ], + "refresh": "5m", "schemaVersion": 27, "style": "dark", "tags": [], diff --git a/salt/grafana/dashboards/eval/eval.json b/salt/grafana/dashboards/eval/eval.json deleted file mode 100644 index aa1588a07..000000000 --- a/salt/grafana/dashboards/eval/eval.json +++ /dev/null @@ -1,6305 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "This Dashboard provides a general overview of Evaluation Mode", - "editable": true, - "gnetId": 2381, - "graphTooltip": 0, - "id": 6, - "links": [], - "panels": [ - { - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "decimals": 2, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgb(255, 255, 255)", - "value": null - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 0 - }, - "id": 39, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "uptime" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "title": "{{ SERVERNAME }} - System Uptime", - "type": "stat" - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [], - "unit": "percent" - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": "Usage", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 71, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": true, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "zeekcaptureloss", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "loss" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "zeekcaptureloss", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_loss" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek Capture Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 0 - }, - "hiddenSeries": false, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "zeekdrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "zeekdrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek Packet Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 21, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "suridrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "suridrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Suricata Packet Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 0 - }, - "hiddenSeries": false, - "id": 19, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "stenodrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "stenodrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - PCAP Packet Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 5 - }, - "hiddenSeries": false, - "id": 75, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 5 - }, - "hiddenSeries": false, - "id": 77, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "queryType": "randomWalk", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 5 - }, - "hiddenSeries": false, - "id": 35, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 5 - }, - "hiddenSeries": false, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 5 - }, - "hiddenSeries": false, - "id": 27, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Suri CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 5 - }, - "hiddenSeries": false, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Steno CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Interrupt": "#70DBED", - "Nice": "#629E51", - "SoftIRQ": "#EA6460", - "System": "#BF1B00", - "User": "#1F78C1", - "Wait": "#F2C96D", - "cpu.mean": "#629E51" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 4, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 10, - "w": 8, - "x": 0, - "y": 10 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashes": true, - "fill": 0, - "linewidth": 4, - "spaceLength": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "System Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "System Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "I", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "J", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "K", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "L", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU Usage", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": "Percent(%)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 10 - }, - "hiddenSeries": false, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "ES Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "decbytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 10 - }, - "hiddenSeries": false, - "id": 23, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 10 - }, - "hiddenSeries": false, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Suri Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 10 - }, - "hiddenSeries": false, - "id": 25, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Steno Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 15 - }, - "id": 33, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "docs_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": "", - "title": "{{ SERVERNAME }} - ES Documents", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 15 - }, - "hiddenSeries": false, - "id": 34, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "store_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Store Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 15 - }, - "id": 37, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "healthcheck", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "zeek_restart" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Zeek Restarts via Healthcheck", - "type": "stat" - }, - { - "cacheTimeout": null, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "decimals": 2, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 1209600, - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(245, 54, 54, 0.9)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 259200 - }, - { - "color": "rgba(50, 172, 45, 0.97)", - "value": 432000 - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 15 - }, - "id": 22, - "links": [], - "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true, - "text": {} - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "pcapage", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "seconds" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "title": "{{ SERVERNAME }} - PCAP Retention", - "type": "gauge" - }, - { - "aliasColors": { - "#cpu": "green", - "1 Minute Average": "#EAB839", - "15 Minute Average": "#BF1B00", - "5 Minute Average": "#E0752D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 20 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "#cpu Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "#cpu Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Load Average", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Buffered": "#6ED0E0", - "Cached": "#F9934E", - "Free": "#629E51", - "Used": "#58140C" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "decimals": null, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 6, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 20 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Used", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Buffered", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "buffered" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Cached", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "cached" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Free", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "free" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Memory", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "Bytes", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 20 - }, - "hiddenSeries": false, - "id": 10, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MONINT }}" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MONINT }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Monitor Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Blocked": "#BF1B00", - "Running": "#7EB26D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 7, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 27 - }, - "hiddenSeries": false, - "id": 14, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Blocked", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "blocked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Running", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "running" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Sleep", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "sleeping" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Processes", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 27 - }, - "hiddenSeries": false, - "id": 13, - "legend": { - "avg": false, - "current": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Read", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "read_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Write", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "write_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk I/O", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 27 - }, - "hiddenSeries": false, - "id": 18, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Outbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Outbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Management Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 34 - }, - "hiddenSeries": false, - "id": 15, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Threads Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Threads Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Total Threads", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "30s", - "schemaVersion": 27, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Evaluation Mode - {{ SERVERNAME }} Overview", - "uid": "{{ UID }}", - "version": 10 -} diff --git a/salt/grafana/dashboards/manager/manager.json b/salt/grafana/dashboards/manager/manager.json deleted file mode 100644 index 7585706c3..000000000 --- a/salt/grafana/dashboards/manager/manager.json +++ /dev/null @@ -1,6722 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "This Dashboard provides a general overview of the Manager", - "editable": true, - "gnetId": 2381, - "graphTooltip": 0, - "id": 6, - "iteration": 1625019296449, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "unit": "percent" - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "decimals": 2, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgb(255, 255, 255)", - "value": null - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 0 - }, - "id": 38, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "uptime" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "title": "{{ SERVERNAME }} - System Uptime", - "type": "stat" - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 0 - }, - "hiddenSeries": false, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-kibana" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-kibana" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Kibana CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Queue Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "redisqueue", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "unparsed" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Queue Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "redisqueue", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_unparsed" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Redis Queue", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 0 - }, - "hiddenSeries": false, - "id": 36, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Redis Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 5 - }, - "hiddenSeries": false, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 5 - }, - "hiddenSeries": false, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 5 - }, - "hiddenSeries": false, - "id": 31, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - InfluxDB CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 5 - }, - "hiddenSeries": false, - "id": 27, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Logstash CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 5 - }, - "hiddenSeries": false, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Redis CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 5 - }, - "hiddenSeries": false, - "id": 40, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "influxsize", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "kbytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Size Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "influxsize", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_kbytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - InfluxDB Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "deckbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Interrupt": "#70DBED", - "Nice": "#629E51", - "SoftIRQ": "#EA6460", - "System": "#BF1B00", - "User": "#1F78C1", - "Wait": "#F2C96D", - "cpu.mean": "#629E51" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 4, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 10 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "System Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "System Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "I", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "J", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "K", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "L", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU Usage", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": "Percent(%)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 10 - }, - "hiddenSeries": false, - "id": 10, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Outbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Outbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Management Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 10 - }, - "hiddenSeries": false, - "id": 3, - "interval": "", - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Total Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Total Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_total" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Memory(Used)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "decbytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "1 Minute Average": "#EAB839", - "15 Minute Average": "#BF1B00", - "5 Minute Average": "#E0752D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 17 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - }, - { - "alias": "#cpu Current", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "#cpu Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "#cpu Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Load Average", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 17 - }, - "hiddenSeries": false, - "id": 32, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Outbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Outbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Logstash Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Buffered": "#6ED0E0", - "Cached": "#F9934E", - "Free": "#629E51", - "Used": "#58140C" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "decimals": null, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 6, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 17 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Used", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Buffered", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "buffered" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Cached", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "cached" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Free", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "free" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Used Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Buffered Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_buffered" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Cached Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_cached" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Free Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_free" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Memory", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "Bytes", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Blocked": "#BF1B00", - "Running": "#7EB26D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 7, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 24 - }, - "hiddenSeries": false, - "id": 14, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Blocked Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "blocked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Running Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "running" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Sleep Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "sleeping" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Blocked Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_blocked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Running Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_running" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Sleep Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_sleeping" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Processes", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 24 - }, - "hiddenSeries": false, - "id": 33, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Outbound", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Outbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - InfluxDB Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 24 - }, - "hiddenSeries": false, - "id": 13, - "legend": { - "avg": false, - "current": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Read Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "read_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Write Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "write_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Read Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_read_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Write Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_write_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk I/O", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 31 - }, - "hiddenSeries": false, - "id": 15, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Threads Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Threads Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Total Threads", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 31 - }, - "hiddenSeries": false, - "id": 34, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - }, - { - "alias": "Outbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - }, - { - "alias": "Outbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Proxy Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "30s", - "schemaVersion": 27, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "auto": true, - "auto_count": 30, - "auto_min": "10s", - "current": { - "selected": false, - "text": "10s", - "value": "10s" - }, - "description": null, - "error": null, - "hide": 0, - "label": null, - "name": "Interval", - "options": [ - { - "selected": false, - "text": "auto", - "value": "$__auto_interval_Interval" - }, - { - "selected": true, - "text": "10s", - "value": "10s" - }, - { - "selected": false, - "text": "1m", - "value": "1m" - }, - { - "selected": false, - "text": "10m", - "value": "10m" - }, - { - "selected": false, - "text": "30m", - "value": "30m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - }, - { - "selected": false, - "text": "6h", - "value": "6h" - }, - { - "selected": false, - "text": "12h", - "value": "12h" - }, - { - "selected": false, - "text": "1d", - "value": "1d" - }, - { - "selected": false, - "text": "7d", - "value": "7d" - }, - { - "selected": false, - "text": "14d", - "value": "14d" - }, - { - "selected": false, - "text": "30d", - "value": "30d" - } - ], - "query": "10s, 1m,10m,30m,1h,6h,12h,1d,7d,14d,30d", - "refresh": 3, - "skipUrlSync": false, - "type": "interval" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Manager Node - {{ SERVERNAME }} Overview", - "uid": "{{ UID }}", - "version": 19 -} diff --git a/salt/grafana/dashboards/managersearch/managersearch.json b/salt/grafana/dashboards/managersearch/managersearch.json deleted file mode 100644 index eae0cda10..000000000 --- a/salt/grafana/dashboards/managersearch/managersearch.json +++ /dev/null @@ -1,7535 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "This Dashboard provides a general overview of a ManagerSearch Node", - "editable": true, - "gnetId": 2381, - "graphTooltip": 0, - "id": 6, - "iteration": 1625012701746, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "unit": "percent" - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "decimals": 2, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgb(255, 255, 255)", - "value": null - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 0 - }, - "id": 39, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "uptime" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "title": "{{ SERVERNAME }} - System Uptime", - "type": "stat" - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 33, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 0 - }, - "hiddenSeries": false, - "id": 43, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "container_name", - "operator": "=", - "value": "so-kibana" - }, - { - "condition": "AND", - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "container_name", - "operator": "=", - "value": "so-kibana" - }, - { - "condition": "AND", - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Kibana CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 49, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Queue Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "redisqueue", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "unparsed" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Queue Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "redisqueue", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_unparsed" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Redis Queue", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 0 - }, - "hiddenSeries": false, - "id": 55, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Redis Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 5 - }, - "hiddenSeries": false, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 5 - }, - "hiddenSeries": false, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 5 - }, - "hiddenSeries": false, - "id": 41, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - InfluxDB CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 5 - }, - "hiddenSeries": false, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Logstash CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 5 - }, - "hiddenSeries": false, - "id": 53, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Redis CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 5 - }, - "hiddenSeries": false, - "id": 57, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "influxsize", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "kbytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Size Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "influxsize", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_kbytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - InfluxDB Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "deckbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Interrupt": "#70DBED", - "Nice": "#629E51", - "SoftIRQ": "#EA6460", - "System": "#BF1B00", - "User": "#1F78C1", - "Wait": "#F2C96D", - "cpu.mean": "#629E51" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 4, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 10 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "System Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "System Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "I", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "J", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "K", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "L", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU Usage", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": "Percent(%)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 10 - }, - "hiddenSeries": false, - "id": 10, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashes": true, - "fill": 0, - "linewidth": 4, - "spaceLength": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Outbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Outbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Management Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 10 - }, - "hiddenSeries": false, - "id": 25, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Count Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "docs_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Count Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_docs_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Documents Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 10 - }, - "hiddenSeries": false, - "id": 37, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "fielddata_memory_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Size Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_fielddata_memory_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Fielddata Cache Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "1 Minute Average": "#EAB839", - "15 Minute Average": "#BF1B00", - "5 Minute Average": "#E0752D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 15 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "#cpu Current", - "fill": 0 - }, - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "#cpu Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "#cpu Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Load Average", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 15 - }, - "hiddenSeries": false, - "id": 29, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Outbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Outbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Logstash Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 15 - }, - "hiddenSeries": false, - "id": 36, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Count Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "threads_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Count Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_threads_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Thread Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 15 - }, - "hiddenSeries": false, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "store_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Size Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_store_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Store Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "decbytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Blocked": "#BF1B00", - "Running": "#7EB26D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 7, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 20 - }, - "hiddenSeries": false, - "id": 14, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Blocked", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "blocked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Running", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "running" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Sleep", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "sleeping" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Processes", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 20 - }, - "hiddenSeries": false, - "id": 45, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(\"rx_bytes\"), 1s) *8 FROM \"docker_container_net\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"container_name\" = 'so-influxdb') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - " *8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Outbound Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Inbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT non_negative_derivative(mean(\"rx_bytes\"), 1s) *8 FROM \"docker_container_net\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"container_name\" = 'so-influxdb') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - " *8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Outbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - InfluxDB Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 20 - }, - "hiddenSeries": false, - "id": 31, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mem_heap_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_mem_heap_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Heap Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 25 - }, - "hiddenSeries": false, - "id": 15, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Threads Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Threads Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Total Threads", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 25 - }, - "hiddenSeries": false, - "id": 47, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - }, - { - "alias": "Outbound", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - }, - { - "alias": "Inbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - }, - { - "alias": "Outbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Proxy Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 25 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Total Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Used Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Total Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_total" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Used Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Memory(Used)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 30 - }, - "hiddenSeries": false, - "id": 13, - "legend": { - "avg": false, - "current": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Read", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "read_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Write", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "write_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk I/O", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 30 - }, - "hiddenSeries": false, - "id": 34, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Wait Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Wait Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - IO Wait", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "s", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Buffered": "#6ED0E0", - "Cached": "#F9934E", - "Free": "#629E51", - "Used": "#58140C" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "decimals": null, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 6, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 30 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Used", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Buffered", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "buffered" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Cached", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "cached" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Free", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "free" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Memory", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "Bytes", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "description": "", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 35 - }, - "hiddenSeries": false, - "id": 76, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": false - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "EPS Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "consumptioneps", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "eps" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "EPS Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "consumptioneps", - "orderByTime": "ASC", - "policy": "so_long_term", - "queryType": "randomWalk", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_eps" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Estimated EPS", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "EPS", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "30s", - "schemaVersion": 27, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "auto": true, - "auto_count": 30, - "auto_min": "10s", - "current": { - "selected": false, - "text": "10s", - "value": "10s" - }, - "description": null, - "error": null, - "hide": 0, - "label": null, - "name": "Interval", - "options": [ - { - "selected": false, - "text": "auto", - "value": "$__auto_interval_Interval" - }, - { - "selected": true, - "text": "10s", - "value": "10s" - }, - { - "selected": false, - "text": "1m", - "value": "1m" - }, - { - "selected": false, - "text": "10m", - "value": "10m" - }, - { - "selected": false, - "text": "30m", - "value": "30m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - }, - { - "selected": false, - "text": "6h", - "value": "6h" - }, - { - "selected": false, - "text": "12h", - "value": "12h" - }, - { - "selected": false, - "text": "1d", - "value": "1d" - }, - { - "selected": false, - "text": "7d", - "value": "7d" - }, - { - "selected": false, - "text": "14d", - "value": "14d" - }, - { - "selected": false, - "text": "30d", - "value": "30d" - } - ], - "query": "10s, 1m,10m,30m,1h,6h,12h,1d,7d,14d,30d", - "refresh": 2, - "skipUrlSync": false, - "type": "interval" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "ManagerSearch Node - {{ SERVERNAME }} Overview", - "uid": "{{ UID }}", - "version": 11 -} diff --git a/salt/grafana/dashboards/search_nodes/searchnode.json b/salt/grafana/dashboards/search_nodes/searchnode.json deleted file mode 100644 index dd2430b00..000000000 --- a/salt/grafana/dashboards/search_nodes/searchnode.json +++ /dev/null @@ -1,5466 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "This Dashboard provides a general overview of a Search Node", - "editable": true, - "gnetId": 2381, - "graphTooltip": 0, - "id": 6, - "iteration": 1625015408259, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "unit": "percent" - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "decimals": 2, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgb(255, 255, 255)", - "value": null - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 0 - }, - "id": 39, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "uptime" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "title": "{{ SERVERNAME }} - System Uptime", - "type": "stat" - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Logstash CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 0 - }, - "hiddenSeries": false, - "id": 33, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 25, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Count Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "docs_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Count Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_docs_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Documents Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 0 - }, - "hiddenSeries": false, - "id": 37, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "fielddata_memory_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Size Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_fielddata_memory_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Fielddata Cache Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 5 - }, - "hiddenSeries": false, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 5 - }, - "hiddenSeries": false, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 5 - }, - "hiddenSeries": false, - "id": 31, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mem_heap_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_mem_heap_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Heap Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 5 - }, - "hiddenSeries": false, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "store_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Size Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_store_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Store Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "decbytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 5 - }, - "hiddenSeries": false, - "id": 36, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Count Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "threads_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Count Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_threads_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Thread Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 5 - }, - "hiddenSeries": false, - "id": 34, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Wait Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Wait Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - IO Wait", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "s", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Interrupt": "#70DBED", - "Nice": "#629E51", - "SoftIRQ": "#EA6460", - "System": "#BF1B00", - "User": "#1F78C1", - "Wait": "#F2C96D", - "cpu.mean": "#629E51" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 4, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 10 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "System Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "System Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "I", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "J", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "K", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "L", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU Usage", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": "Percent(%)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 10 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Total Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Used Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Total Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_total" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Used Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Memory(Used)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 10 - }, - "hiddenSeries": false, - "id": 13, - "legend": { - "avg": false, - "current": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Read", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "read_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Write", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "write_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk I/O", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "1 Minute Average": "#EAB839", - "15 Minute Average": "#BF1B00", - "5 Minute Average": "#E0752D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 16 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "#cpu Current", - "fill": 0 - }, - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "#cpu Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "#cpu Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Load Average", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Buffered": "#6ED0E0", - "Cached": "#F9934E", - "Free": "#629E51", - "Used": "#58140C" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "decimals": null, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 6, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 16 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Used", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Buffered", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "buffered" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Cached", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "cached" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Free", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "free" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Memory", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "Bytes", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 16 - }, - "hiddenSeries": false, - "id": 10, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Outbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Outbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Management Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Blocked": "#BF1B00", - "Running": "#7EB26D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 7, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 24 - }, - "hiddenSeries": false, - "id": 14, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Blocked", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "blocked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Running", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "running" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Sleep", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "sleeping" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Processes", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 24 - }, - "hiddenSeries": false, - "id": 15, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Threads Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Threads Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Total Threads", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 24 - }, - "hiddenSeries": false, - "id": 29, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Outbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Outbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Logstash Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "30s", - "schemaVersion": 27, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "auto": true, - "auto_count": 30, - "auto_min": "10s", - "current": { - "selected": false, - "text": "10s", - "value": "10s" - }, - "description": null, - "error": null, - "hide": 0, - "label": null, - "name": "Interval", - "options": [ - { - "selected": false, - "text": "auto", - "value": "$__auto_interval_Interval" - }, - { - "selected": true, - "text": "10s", - "value": "10s" - }, - { - "selected": false, - "text": "1m", - "value": "1m" - }, - { - "selected": false, - "text": "10m", - "value": "10m" - }, - { - "selected": false, - "text": "30m", - "value": "30m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - }, - { - "selected": false, - "text": "6h", - "value": "6h" - }, - { - "selected": false, - "text": "12h", - "value": "12h" - }, - { - "selected": false, - "text": "1d", - "value": "1d" - }, - { - "selected": false, - "text": "7d", - "value": "7d" - }, - { - "selected": false, - "text": "14d", - "value": "14d" - }, - { - "selected": false, - "text": "30d", - "value": "30d" - } - ], - "query": "10s, 1m,10m,30m,1h,6h,12h,1d,7d,14d,30d", - "refresh": 2, - "skipUrlSync": false, - "type": "interval" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Search Node - {{ SERVERNAME }} Overview", - "uid": "{{ UID }}", - "version": 13 -} diff --git a/salt/grafana/dashboards/sensor_nodes/sensor.json b/salt/grafana/dashboards/sensor_nodes/sensor.json deleted file mode 100644 index 2bdb0ff12..000000000 --- a/salt/grafana/dashboards/sensor_nodes/sensor.json +++ /dev/null @@ -1,6341 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "This Dashboard provides a general overview of Sensors", - "editable": true, - "gnetId": 2381, - "graphTooltip": 0, - "id": 6, - "iteration": 1625017205779, - "links": [], - "panels": [ - { - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "decimals": 2, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgb(255, 255, 255)", - "value": null - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 0 - }, - "id": 39, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "uptime" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "title": "{{ SERVERNAME }} - System Uptime", - "type": "stat" - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "unit": "percent" - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 41, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": true, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "zeekcaptureloss", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "loss" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "zeekcaptureloss", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_loss" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek Capture Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 0 - }, - "hiddenSeries": false, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "zeekdrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "zeekdrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek Packet Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 21, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "suridrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "suridrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Suricata Packet Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 0 - }, - "hiddenSeries": false, - "id": 19, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "stenodrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "stenodrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - PCAP Packet Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 5 - }, - "hiddenSeries": false, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 5 - }, - "hiddenSeries": false, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "unit": "s" - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 5 - }, - "hiddenSeries": false, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Oldest Pcap Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "pcapage", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "seconds" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Oldest Pcap Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "pcapage", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_seconds" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - PCAP Retention", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "s", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 5 - }, - "hiddenSeries": false, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 5 - }, - "hiddenSeries": false, - "id": 27, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Suri CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 5 - }, - "hiddenSeries": false, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Steno CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Interrupt": "#70DBED", - "Nice": "#629E51", - "SoftIRQ": "#EA6460", - "System": "#BF1B00", - "User": "#1F78C1", - "Wait": "#F2C96D", - "cpu.mean": "#629E51" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 4, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 10, - "w": 8, - "x": 0, - "y": 10 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "System Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "System Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "I", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "J", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "K", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "L", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU Usage", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": "Percent(%)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 10 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "active" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_active" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Memory(Used)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 10 - }, - "hiddenSeries": false, - "id": 23, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 10 - }, - "hiddenSeries": false, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Suri Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 10 - }, - "hiddenSeries": false, - "id": 25, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Steno Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 15 - }, - "hiddenSeries": false, - "id": 15, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Threads Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Threads Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Total Threads", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 15 - }, - "id": 37, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "healthcheck", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "zeek_restart" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Zeek Restarts via Healthcheck", - "type": "stat" - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 15 - }, - "hiddenSeries": false, - "id": 10, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "InBound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "OutBound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "InBound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "OutBound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Management Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Buffered": "#6ED0E0", - "Cached": "#F9934E", - "Free": "#629E51", - "Used": "#58140C" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "decimals": null, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 6, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 20 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Used", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Buffered", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "buffered" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Cached", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "cached" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Free", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "free" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Memory", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "Bytes", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 20 - }, - "hiddenSeries": false, - "id": 13, - "legend": { - "avg": false, - "current": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Read", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "read_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Write", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "write_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk I/O", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 20 - }, - "hiddenSeries": false, - "id": 18, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "InBound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MONINT }}" - } - ] - }, - { - "alias": "InBound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MONINT }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Monitor Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "1 Minute Average": "#EAB839", - "15 Minute Average": "#BF1B00", - "5 Minute Average": "#E0752D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 27 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "#cpu Current", - "fill": 0 - }, - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "#cpu Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "#cpu Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Load Average", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Blocked": "#BF1B00", - "Running": "#7EB26D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 7, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 27 - }, - "hiddenSeries": false, - "id": 14, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Blocked", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "blocked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Running", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "running" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Sleep", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "sleeping" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Processes", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "#1F78C1" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 27 - }, - "hiddenSeries": false, - "id": 29, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "InBound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-filebeat" - } - ] - }, - { - "alias": "OutBound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-filebeat" - } - ] - }, - { - "alias": "InBound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-filebeat" - } - ] - }, - { - "alias": "OutBound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-filebeat" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Filebeat Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "30s", - "schemaVersion": 27, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "auto": true, - "auto_count": 30, - "auto_min": "10s", - "current": { - "selected": false, - "text": "10s", - "value": "10s" - }, - "description": null, - "error": null, - "hide": 0, - "label": null, - "name": "Interval", - "options": [ - { - "selected": false, - "text": "auto", - "value": "$__auto_interval_Interval" - }, - { - "selected": true, - "text": "10s", - "value": "10s" - }, - { - "selected": false, - "text": "1m", - "value": "1m" - }, - { - "selected": false, - "text": "10m", - "value": "10m" - }, - { - "selected": false, - "text": "30m", - "value": "30m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - }, - { - "selected": false, - "text": "6h", - "value": "6h" - }, - { - "selected": false, - "text": "12h", - "value": "12h" - }, - { - "selected": false, - "text": "1d", - "value": "1d" - }, - { - "selected": false, - "text": "7d", - "value": "7d" - }, - { - "selected": false, - "text": "14d", - "value": "14d" - }, - { - "selected": false, - "text": "30d", - "value": "30d" - } - ], - "query": "10s, 1m,10m,30m,1h,6h,12h,1d,7d,14d,30d", - "refresh": 3, - "skipUrlSync": false, - "type": "interval" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Sensor Node - {{ SERVERNAME }} Overview", - "uid": "{{ UID }}", - "version": 15 -} diff --git a/salt/grafana/dashboards/standalone/standalone.json b/salt/grafana/dashboards/standalone/standalone.json deleted file mode 100644 index 5f70b922d..000000000 --- a/salt/grafana/dashboards/standalone/standalone.json +++ /dev/null @@ -1,10257 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "This Dashboard provides a general overview of Standalone Mode", - "editable": true, - "gnetId": 2381, - "graphTooltip": 0, - "id": 6, - "iteration": 1625018989654, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "unit": "percent" - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "decimals": 2, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgb(255, 255, 255)", - "value": null - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 0 - }, - "id": 39, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "uptime" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "title": "{{ SERVERNAME }} - System Uptime", - "type": "stat" - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 35, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-elasticsearch" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 0 - }, - "hiddenSeries": false, - "id": 43, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "container_name", - "operator": "=", - "value": "so-kibana" - }, - { - "condition": "AND", - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "container_name", - "operator": "=", - "value": "so-kibana" - }, - { - "condition": "AND", - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Kibana CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 21, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "suridrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "suridrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Suricata Packet Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 0 - }, - "hiddenSeries": false, - "id": 19, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "stenodrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "stenodrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - PCAP Packet Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 0, - "y": 5 - }, - "hiddenSeries": false, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 4, - "y": 5 - }, - "hiddenSeries": false, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "disk", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 5 - }, - "hiddenSeries": false, - "id": 41, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - InfluxDB CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 5 - }, - "hiddenSeries": false, - "id": 45, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Logstash CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 5 - }, - "hiddenSeries": false, - "id": 27, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Suri CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 5 - }, - "hiddenSeries": false, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Steno CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Interrupt": "#70DBED", - "Nice": "#629E51", - "SoftIRQ": "#EA6460", - "System": "#BF1B00", - "User": "#1F78C1", - "Wait": "#F2C96D", - "cpu.mean": "#629E51" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 4, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 10 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "System Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"usage_system\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"usage_user\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"usage_nice\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"usage_irq\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": true, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"usage_iowait\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": true, - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"usage_softirq\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": true, - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "System Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"usage_system\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_system" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "User Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"usage_user\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_user" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Nice Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"usage_nice\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "I", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_nice" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Interrupt Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"usage_irq\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "J", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_irq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "Wait Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"usage_iowait\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "K", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - }, - { - "alias": "SoftIRQ Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"usage_softirq\") FROM \"cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "L", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_softirq" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - CPU Usage", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": "Percent(%)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "super-light-blue" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 10 - }, - "hiddenSeries": false, - "id": 18, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Outbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - }, - { - "alias": "Outbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MANINT }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Management Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 10 - }, - "hiddenSeries": false, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-suricata" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Suri Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 10 - }, - "hiddenSeries": false, - "id": 25, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-steno" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Steno Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "#cpu": "green", - "1 Minute Average": "#EAB839", - "15 Minute Average": "#BF1B00", - "5 Minute Average": "#E0752D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 15 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - }, - { - "alias": "#cpu Current", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "#cpu Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "#cpu Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "1 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load1" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "5 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load5" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "15 Minute Average Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_load15" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Load Average", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "InBound": "#629E51", - "OutBound": "#5195CE", - "net.non_negative_derivative": "light-orange" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 15 - }, - "hiddenSeries": false, - "id": 10, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MONINT }}" - } - ] - }, - { - "alias": "Inbound Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = '{{ MANINT }}' AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=", - "value": "{{ MONINT }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Monitor Traffic", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 15 - }, - "id": 37, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "healthcheck", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "zeek_restart" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Zeek Restarts via Healthcheck", - "type": "stat" - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "unit": "s" - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 15 - }, - "hiddenSeries": false, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Oldest Pcap Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "pcapage", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "seconds" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Oldest Pcap Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "pcapage", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_seconds" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - PCAP Retention", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "s", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Blocked": "#BF1B00", - "Running": "#7EB26D" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 7, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 20 - }, - "hiddenSeries": false, - "id": 14, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Blocked Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "blocked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Running Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "running" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Sleep Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "sleeping" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Blocked Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_blocked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Running Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_running" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Sleep Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_sleeping" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Processes", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 20 - }, - "hiddenSeries": false, - "id": 47, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Outbound Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Inbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - }, - { - "alias": "Outbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-logstash" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Logstash Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 20 - }, - "hiddenSeries": false, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - " /{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 20 - }, - "hiddenSeries": false, - "id": 23, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - }, - { - "alias": "Usage Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-zeek" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 25 - }, - "hiddenSeries": false, - "id": 15, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Threads Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Threads Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_total_threads" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Total Threads", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "description": "", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 25 - }, - "hiddenSeries": false, - "id": 49, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Outbound Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Inbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - }, - { - "alias": "Outbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-influxdb" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - InfluxDB Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 25 - }, - "hiddenSeries": false, - "id": 71, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": true, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "zeekcaptureloss", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "loss" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "zeekcaptureloss", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_loss" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek Capture Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 25 - }, - "hiddenSeries": false, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Loss Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "zeekdrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Loss Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "zeekdrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Zeek Packet Loss", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 30 - }, - "hiddenSeries": false, - "id": 53, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Wait Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Wait Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - IO Wait", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 30 - }, - "hiddenSeries": false, - "id": 51, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Inbound Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - }, - { - "alias": "Outbound Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - }, - { - "alias": "Inbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - }, - { - "alias": "Outbound Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-aptcacherng" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Proxy Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": "Bits/Sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 30 - }, - "hiddenSeries": false, - "id": 69, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "influxsize", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "kbytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Size Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "influxsize", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_kbytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - InfluxDB Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "deckbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "description": "", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 30 - }, - "hiddenSeries": false, - "id": 55, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Queue Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "redisqueue", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "unparsed" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Queue Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "redisqueue", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_unparsed" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Redis Queue", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 35 - }, - "hiddenSeries": false, - "id": 13, - "legend": { - "avg": false, - "current": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Read Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "read_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Write Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "write_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Read Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_read_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Write Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "diskio", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_write_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Disk I/O", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "description": "", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 35 - }, - "hiddenSeries": false, - "id": 76, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": false - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "EPS Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "consumptioneps", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "eps" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "EPS Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "consumptioneps", - "orderByTime": "ASC", - "policy": "so_long_term", - "queryType": "randomWalk", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_eps" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Estimated EPS", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "EPS", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 35 - }, - "hiddenSeries": false, - "id": 61, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Redis Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 35 - }, - "hiddenSeries": false, - "id": 59, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Usage Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"usage_percent\") /{{ CPUS }} FROM \"docker_container_cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "/{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - }, - { - "alias": "Usage Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"usage_percent\") /{{ CPUS }} FROM \"docker_container_cpu\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"container_name\" = 'so-redis') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "/{{ CPUS }}" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=", - "value": "so-redis" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Redis CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Buffered": "#6ED0E0", - "Cached": "#F9934E", - "Free": "#629E51", - "Used": "#58140C" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "decimals": null, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 6, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 40 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "alias": "Used Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"used\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Buffered Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"buffered\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "buffered" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Cached Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"cached\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "cached" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Free Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"free\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "free" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Used Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"used\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "E", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Buffered Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"buffered\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_buffered" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Cached Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"cached\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_cached" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Free Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "query": "SELECT mean(\"free\") FROM \"mem\" WHERE (\"host\" = '{{ SERVERNAME }}') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_free" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Memory", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "Bytes", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "InfluxDB", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 4, - "x": 8, - "y": 40 - }, - "id": 33, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "docs_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": "", - "title": "{{ SERVERNAME }} - ES Documents", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 12, - "y": 40 - }, - "hiddenSeries": false, - "id": 34, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "store_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Size Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_store_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Store Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 16, - "y": 40 - }, - "hiddenSeries": false, - "id": 65, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Count Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "threads_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Count Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_threads_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Thread Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 4, - "x": 20, - "y": 40 - }, - "hiddenSeries": false, - "id": 63, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "fielddata_memory_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Size Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_fielddata_memory_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - ES Fielddata Cache Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 45 - }, - "hiddenSeries": false, - "id": 67, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Total Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "total" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Used Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Total Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_total" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - }, - { - "alias": "Used Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_used" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Memory(Used)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "30s", - "schemaVersion": 27, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "auto": true, - "auto_count": 30, - "auto_min": "10s", - "current": { - "selected": false, - "text": "10s", - "value": "10s" - }, - "description": null, - "error": null, - "hide": 0, - "label": null, - "name": "Interval", - "options": [ - { - "selected": false, - "text": "auto", - "value": "$__auto_interval_Interval" - }, - { - "selected": true, - "text": "10s", - "value": "10s" - }, - { - "selected": false, - "text": "1m", - "value": "1m" - }, - { - "selected": false, - "text": "10m", - "value": "10m" - }, - { - "selected": false, - "text": "30m", - "value": "30m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - }, - { - "selected": false, - "text": "6h", - "value": "6h" - }, - { - "selected": false, - "text": "12h", - "value": "12h" - }, - { - "selected": false, - "text": "1d", - "value": "1d" - }, - { - "selected": false, - "text": "7d", - "value": "7d" - }, - { - "selected": false, - "text": "14d", - "value": "14d" - }, - { - "selected": false, - "text": "30d", - "value": "30d" - } - ], - "query": "10s, 1m,10m,30m,1h,6h,12h,1d,7d,14d,30d", - "refresh": 3, - "skipUrlSync": false, - "type": "interval" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Standalone Mode - {{ SERVERNAME }} Overview", - "uid": "{{ UID }}", - "version": 17 -} From f359dd0cd4d24d36e6e73b1b110f04f1207b2073 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Jul 2021 11:09:25 -0400 Subject: [PATCH 214/266] Steno ISO Details --- VERIFY_ISO.md | 22 +++++++++--------- sigs/securityonion-2.3.61-STENODOCKER.iso.sig | Bin 0 -> 543 bytes 2 files changed, 11 insertions(+), 11 deletions(-) create mode 100644 sigs/securityonion-2.3.61-STENODOCKER.iso.sig diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index f71c088cf..ac6101ad1 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,18 +1,18 @@ -### 2.3.61 ISO image built on 2021/07/22 +### 2.3.61-STENODOCKER ISO image built on 2021/07/26 ### Download and Verify -2.3.61 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.61.iso +2.3.61-STENODOCKER ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.61-STENODOCKER.iso -MD5: 538F29F3AB57087FC879108FFC81447C -SHA1: C2239206572CBEB697CFA2A4850A16A54BF5FB0D -SHA256: F5035361B63D1EE8D87CE7B0D8333E521A44453274785B62630CAC76C1BEA929 +MD5: 10815F1F816E75BF15F331B39CB5EBEC +SHA1: 2D4F4ACA6FBA35563D76C1296A6A774FF73D67FD +SHA256: D9C927C07A2B29C0BD93B1349EB750D4E3CF7F553A14D3EF90593BA660936821 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.61.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.61-STENODOCKER.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.61.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.61-STENODOCKER.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.61.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.61-STENODOCKER.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.61.iso.sig securityonion-2.3.61.iso +gpg --verify securityonion-2.3.61-STENODOCKER.iso.sig securityonion-2.3.61-STENODOCKER.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Thu 22 Jul 2021 10:28:58 AM EDT using RSA key ID FE507013 +gpg: Signature made Mon 26 Jul 2021 04:34:58 PM EDT using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/sigs/securityonion-2.3.61-STENODOCKER.iso.sig b/sigs/securityonion-2.3.61-STENODOCKER.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..aad56a116bacc05e2f3e827b1a3a4552617b59be GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;9I9C82(2@re`V7LBIa1;Ja5CDb*OA52SHJr&V3ysp(JvMaW0`XS2SS9Zv4+><`?ag#M(!na*P|!Q{=$5F;o0 z2DxmH{iT_8CEtKs&2aJIbdDhN7t_HML&(AJJxjwiAs>A`o%iBd0MbvTeDBjQFgX}` zhU2HD3`dd(KRzNTAKD5bjQbGUY27qY{wU8!NQ-P>CjIjC+4EF9p?@L;>tr)7nzkP- zgG2g-<`}JuaLJuT|OE20GrBYP3S-LsF1a3cirRb*R^aMpk=E+pGfnn4U5YZ z%J%6)v>@MNm-|q?&x7Q;37Jbhh%>`W{>vVw#&VV!Ye|$($Wo6SwHExGT&E-&zZ+EC z*Q_k)URQiP6C6c~Us@E_#k6uq3Pw&8Za2d|Wawf*%*a)>7AAq!nJ(kq7l7@R!lwt^ zT+?~13_k=nGdnE8 Date: Tue, 27 Jul 2021 14:42:11 -0400 Subject: [PATCH 215/266] clear out hotfix from merge --- HOTFIX | 1 - 1 file changed, 1 deletion(-) diff --git a/HOTFIX b/HOTFIX index b1fe67394..e69de29bb 100644 --- a/HOTFIX +++ b/HOTFIX @@ -1 +0,0 @@ -STENODOCKER From 8ffeae38bc6b8a325066935c8b74278124ad8afb Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 27 Jul 2021 16:16:48 -0400 Subject: [PATCH 216/266] https://github.com/Security-Onion-Solutions/securityonion/issues/4024 --- salt/zeek/policy/custom/README | 1 + 1 file changed, 1 insertion(+) create mode 100644 salt/zeek/policy/custom/README diff --git a/salt/zeek/policy/custom/README b/salt/zeek/policy/custom/README new file mode 100644 index 000000000..77ac7ad30 --- /dev/null +++ b/salt/zeek/policy/custom/README @@ -0,0 +1 @@ +# Place custom policies in /opt/so/saltstack/local/salt/zeek/policy/custom/ From d78a37f9e3f8bc8b2d4bb139962b70a958ef3461 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 28 Jul 2021 09:12:31 -0400 Subject: [PATCH 217/266] allow for control of kibana discover sampleSize - https://github.com/Security-Onion-Solutions/securityonion/issues/3933 --- salt/kibana/defaults.yaml | 5 +++++ salt/kibana/files/saved_objects.ndjson | 2 +- salt/kibana/init.sls | 5 +++++ 3 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 salt/kibana/defaults.yaml diff --git a/salt/kibana/defaults.yaml b/salt/kibana/defaults.yaml new file mode 100644 index 000000000..59020e125 --- /dev/null +++ b/salt/kibana/defaults.yaml @@ -0,0 +1,5 @@ +kibana: + enabled: True + dashboard: + discover: + sampleSize: 100 diff --git a/salt/kibana/files/saved_objects.ndjson b/salt/kibana/files/saved_objects.ndjson index 56fd82222..445a4bb35 100644 --- a/salt/kibana/files/saved_objects.ndjson +++ b/salt/kibana/files/saved_objects.ndjson @@ -460,7 +460,7 @@ {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\",\"time_zone\":\"America/New_York\"}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":96,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":28,\"x\":8,\"y\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":28,\"x\":28,\"y\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":72,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":48,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":24,\"x\":16,\"y\":72,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":120,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"columns\":[\"event_type\",\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"z16.04 - Sysmon - Logs","version":1},"id":"6d189680-6d62-11e7-8ddb-e71eb260f4a3","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"8cfdeff0-6d6b-11e7-ad64-15aa071374a6","name":"panel_1","type":"visualization"},{"id":"0eb1fd80-6d70-11e7-b09b-f57b22df6524","name":"panel_2","type":"visualization"},{"id":"3072c750-6d71-11e7-b09b-f57b22df6524","name":"panel_3","type":"visualization"},{"id":"7bc74b40-6d71-11e7-b09b-f57b22df6524","name":"panel_4","type":"visualization"},{"id":"13ed0810-6d72-11e7-b09b-f57b22df6524","name":"panel_5","type":"visualization"},{"id":"3b6c92c0-6d72-11e7-b09b-f57b22df6524","name":"panel_6","type":"visualization"},{"id":"e09f6010-6d72-11e7-b09b-f57b22df6524","name":"panel_7","type":"visualization"},{"id":"29611940-6d75-11e7-b09b-f57b22df6524","name":"panel_8","type":"visualization"},{"id":"6b70b840-6d75-11e7-b09b-f57b22df6524","name":"panel_9","type":"visualization"},{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"panel_10","type":"search"},{"id":"AWDHHk1sxQT5EBNmq43Y","name":"panel_11","type":"visualization"}],"type":"dashboard","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQyLDRd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SMB - Action (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMB - Action (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"action.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"6f883480-3aad-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQzLDRd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.certificate.subject.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.certificate.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"},"id":"6fccb600-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ0LDRd"} -{"attributes":{"buildNum":39457,"defaultIndex":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute":"/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize":100,"theme:darkMode":true,"timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion":"7.13.4","id":"7.13.4","migrationVersion":{"config":"7.12.0"},"references":[],"type":"config","updated_at":"2021-04-29T21:42:52.430Z","version":"WzY3NTUsM10="} +{"attributes":{"buildNum":39457,"defaultIndex":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute":"/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize":{{DASHBOARD.discover.sampleSize}},"theme:darkMode":true,"timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion":"7.13.4","id":"7.13.4","migrationVersion":{"config":"7.12.0"},"references":[],"type":"config","updated_at":"2021-04-29T21:42:52.430Z","version":"WzY3NTUsM10="} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - File - MIME Flavors","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Strelka - File - MIME Flavors\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.flavors.mime.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"70243970-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ2LDRd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Modbus - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG_9KpxQT5EBNmq4Oo","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ3LDRd"} {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"z16.04 - Bro - Modbus","version":1},"id":"70c005f0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"0d168a30-363f-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"20eabd60-380b-11e7-a1cc-ebc6a7e70e84","name":"panel_2","type":"visualization"},{"id":"3c65f500-380b-11e7-a1cc-ebc6a7e70e84","name":"panel_3","type":"visualization"},{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"panel_4","type":"search"},{"id":"178209e0-6e1b-11e7-b553-7f80727663c1","name":"panel_5","type":"visualization"},{"id":"AWDG_9KpxQT5EBNmq4Oo","name":"panel_6","type":"visualization"},{"id":"453f8b90-4a58-11e8-9b0a-f1d33346f773","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ4LDRd"} diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls index 40ed8babc..cd32c75fe 100644 --- a/salt/kibana/init.sls +++ b/salt/kibana/init.sls @@ -6,6 +6,9 @@ {% set MANAGER = salt['grains.get']('master') %} {% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %} +{% import_yaml 'kibana/defaults.yaml' as default_settings %} +{% set KIBANA_SETTINGS = salt['pillar.get']('kibana', default=default_settings, merge=True) %} + # Add ES Group kibanasearchgroup: group.present: @@ -97,6 +100,8 @@ kibanadashtemplate: - source: salt://kibana/files/saved_objects.ndjson - user: 932 - group: 939 + - defaults: + - DASHBOARD: {{ KIBANA_SETTINGS.kibana.dashboard }} so-kibana-config-load: cmd.run: From fee89665fde18471eb936a4d85e48f38a863076b Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 28 Jul 2021 09:18:15 -0400 Subject: [PATCH 218/266] dict not list for defaults --- salt/kibana/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls index cd32c75fe..78599ec44 100644 --- a/salt/kibana/init.sls +++ b/salt/kibana/init.sls @@ -101,7 +101,7 @@ kibanadashtemplate: - user: 932 - group: 939 - defaults: - - DASHBOARD: {{ KIBANA_SETTINGS.kibana.dashboard }} + DASHBOARD: {{ KIBANA_SETTINGS.kibana.dashboard }} so-kibana-config-load: cmd.run: From b36d46b7f2bf61470350f1e07a92cbf1c9d5bf77 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 28 Jul 2021 09:27:44 -0400 Subject: [PATCH 219/266] change to jinja tem,plate --- .../files/{saved_objects.ndjson => saved_objects.ndjson.jinja} | 0 salt/kibana/init.sls | 3 ++- 2 files changed, 2 insertions(+), 1 deletion(-) rename salt/kibana/files/{saved_objects.ndjson => saved_objects.ndjson.jinja} (100%) diff --git a/salt/kibana/files/saved_objects.ndjson b/salt/kibana/files/saved_objects.ndjson.jinja similarity index 100% rename from salt/kibana/files/saved_objects.ndjson rename to salt/kibana/files/saved_objects.ndjson.jinja diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls index 78599ec44..fe10364cc 100644 --- a/salt/kibana/init.sls +++ b/salt/kibana/init.sls @@ -97,9 +97,10 @@ append_so-kibana_so-status.conf: kibanadashtemplate: file.managed: - name: /opt/so/conf/kibana/saved_objects.ndjson.template - - source: salt://kibana/files/saved_objects.ndjson + - source: salt://kibana/files/saved_objects.ndjson.jinja - user: 932 - group: 939 + - template: jinja - defaults: DASHBOARD: {{ KIBANA_SETTINGS.kibana.dashboard }} From 9a429230fee819f2efd10d74a84e1371bed1c032 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 28 Jul 2021 09:39:35 -0400 Subject: [PATCH 220/266] wrap with raw due to {{value}} --- salt/kibana/files/saved_objects.ndjson.jinja | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/salt/kibana/files/saved_objects.ndjson.jinja b/salt/kibana/files/saved_objects.ndjson.jinja index 445a4bb35..33d46d27a 100644 --- a/salt/kibana/files/saved_objects.ndjson.jinja +++ b/salt/kibana/files/saved_objects.ndjson.jinja @@ -1,3 +1,4 @@ +{% raw -%} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Security Onion - Network Data","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Network Data\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645) \\n \\n**Datasets** \\n[Connections](/kibana/app/dashboards#/view/0cc628b0-6e9f-11ea-9266-1fd14ca6af34) | [DCE/RPC](/kibana/app/dashboards#/view/9e882df0-72c5-11ea-8dd2-9d8795a1200b) |\\n[DHCP](/kibana/app/dashboards#/view/80625c10-96dd-11ea-814e-bb515e873c2c) \\n[DNP3](/kibana/app/dashboards#/view/b1f52180-755a-11ea-9565-7315f4ee5cac) | [DNS](/kibana/app/dashboards#/view/55ac6bf0-6ec4-11ea-9266-1fd14ca6af34) |\\n[FTP](/kibana/app/dashboards#/view/739bfad0-755a-11ea-9565-7315f4ee5cac) |\\n[HTTP](/kibana/app/dashboards#/view/44e9c820-6eb1-11ea-9266-1fd14ca6af34) | [Intel](/kibana/app/dashboards#/view/85b529a0-0e5a-11eb-a255-e1e8e85e3571) | [IRC](/kibana/app/dashboards#/view/38523560-75ba-11ea-9565-7315f4ee5cac) |\\n[Kerberos](/kibana/app/dashboards#/view/b207ab90-75bc-11ea-9565-7315f4ee5cac) \\n[Modbus](/kibana/app/dashboards#/view/886a7b90-75bd-11ea-9565-7315f4ee5cac) | \\n[MySQL](/kibana/app/dashboards#/view/c3ced6d0-75be-11ea-9565-7315f4ee5cac) | \\n[NTLM](/kibana/app/dashboards#/view/558292e0-75c1-11ea-9565-7315f4ee5cac) | \\n[PE](/kibana/app/dashboards#/view/94b55b90-c761-11ea-bebb-37c5ab5894ea) |\\n[RADIUS](/kibana/app/dashboards#/view/b9769e60-75c4-11ea-9565-7315f4ee5cac) | [RDP](/kibana/app/dashboards#/view/5b743150-75c5-11ea-9565-7315f4ee5cac) | \\n[RFB](/kibana/app/dashboards#/view/c8b3c360-75c6-11ea-9565-7315f4ee5cac) | [SIP](/kibana/app/dashboards#/view/dd98e260-75c6-11ea-9565-7315f4ee5cac) \\n[SMB](/kibana/app/dashboards#/view/f24d7b80-75c6-11ea-9565-7315f4ee5cac) | [SMTP](/kibana/app/dashboards#/view/00304500-75e7-11ea-9565-7315f4ee5cac) | [SNMP](/kibana/app/dashboards#/view/96522610-75e8-11ea-9565-7315f4ee5cac) | \\n[SSH](/kibana/app/dashboards#/view/9dfd77e0-75eb-11ea-9565-7315f4ee5cac) | [SSL](/kibana/app/dashboards#/view/efae8de0-75eb-11ea-9565-7315f4ee5cac) | [Syslog](/kibana/app/dashboards#/view/66499a20-75ed-11ea-9565-7315f4ee5cac) | [Tunnels](/kibana/app/dashboards#/view/c962dd60-75ed-11ea-9565-7315f4ee5cac) | [X.509](/kibana/app/dashboards#/view/2e0865f0-75ee-11ea-9565-7315f4ee5cac) \\n\"}}"},"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.11.0"},"references":[],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzY5Njg2LDRd"} {"attributes":{"fieldFormatMap":"{\"network.community_id\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:network.community_id,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(network.community_id:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"source.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip:'{{ value }}')),(term:(destination.ip:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"destination.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip:'{{ value }}')),(term:(destination.ip:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"source.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.port:'{{ value }}')),(term:(destination.port:'{{ value }}')))),meta:(alias:'source.port:%20!'{{ value }}!'%20OR%20destination.port:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.port%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.port%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"destination.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.port:'{{ value }}')),(term:(destination.port:'{{ value }}')))),meta:(alias:'source.port:%20!'{{ value }}!'%20OR%20destination.port:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.port%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.port%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.fuid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.fuid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.fuid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.fuid.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.fuid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.fuid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.uid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.uid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.uid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.uid.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.uid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.uid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"_id\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://PLACEHOLDER/securityonion/joblookup?esid={{ value }}\",\"labelTemplate\":\"{{ value }}\"}},\"client.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"server.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"Push to TheHive\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"\",\"labelTemplate\":\"Click to create a case in TheHive\"}},\"event.dataset\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.dataset.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.dataset.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.dataset.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.dataset.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.dataset.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.module\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.module.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"agent.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:agent.name.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(agent.name.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"agent.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:agent.name.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(agent.name.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"rule.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.name:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:''),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"rule.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.name:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:''),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"osquery.result.live_query\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://PLACEHOLDER/fleet/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"Live Query\"}},\"osquery.result.live_query.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://PLACEHOLDER/fleet/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"Live Query\"}},\"connection.state_description\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.state_description,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(connection.state_description:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.state_description.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.state_description,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(connection.state_description:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.category.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.category,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.category:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.category\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.category,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.category:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.uuid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.uuid,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.uuid:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.history\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.history,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(connection.history:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.history.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.history,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(connection.history:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.message_types\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.message_types,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dhcp.message_types:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.message_types.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.message_types,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dhcp.message_types:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.requested_address\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.requested_address,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.requested_address:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.requested_address.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.requested_address,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.requested_address:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.assigned_ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.assigned_ip,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.assigned_ip:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.assigned_ip.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.assigned_ip,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.assigned_ip:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.mac\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:host.mac,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(host.mac:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.mac.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:host.mac,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(host.mac:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.lease_time\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.lease_time,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.lease_time:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.query.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.query.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.query.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.query.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.query.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.query.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.answers\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.answers,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.answers:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.answers.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.answers,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.answers:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.response.code_name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.response.code_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dns.response.code_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.response.code_name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.response.code_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dns.response.code_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.mime_type\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.mime_type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.mime_type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.mime_type.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.mime_type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.mime_type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.argument\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.argument,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ftp.argument:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.argument.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.argument,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ftp.argument:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.user\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.user,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.user:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.user.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.user,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.user:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.password\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.password,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.password:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.password.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.password,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.password:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.useragent\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.useragent,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(http.useragent:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.useragent.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.useragent,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(http.useragent:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.method\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.method,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.method:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.method.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.method,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.method:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.virtual_host\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.virtual_host,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.virtual_host:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.virtual_host.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.virtual_host,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.virtual_host:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.uri.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.uri.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.uri.keyword:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.uri\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.uri.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.uri.keyword:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.note.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.note,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.note:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.message.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.message,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.message:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.note\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.note,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.note:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.message\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.message,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.message:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.server_name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.server_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ssl.server_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.server_name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.server_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ssl.server_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.subject\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.subject.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.subject,negate:!f,params:(query:'O%3DDefault%20Company%20Ltd,L%3DDefault%20City,C%3DXX'),type:phrase),query:(match_phrase:(ssl.certificate.subject:'O%3DDefault%20Company%20Ltd,L%3DDefault%20City,C%3DXX')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.issuer\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.issuer.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.facility\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.facility,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.facility:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.facility.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.facility,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.facility:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.severity\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.severity,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.severity:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.severity.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.severity,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.severity:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.subject\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.subject.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.issuer\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.issuer.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.san_dns\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.san_dns,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.san_dns:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.san_dns.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.san_dns,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.san_dns:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.key.type\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.key.type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(x509.certificate.key.type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:edit)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.key.type.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.key.type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(x509.certificate.key.type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:edit)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.ephemeral_id\"}}},{\"name\":\"agent.ephemeral_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.ephemeral_id\"}}},{\"name\":\"agent.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.hostname\"}}},{\"name\":\"agent.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.hostname\"}}},{\"name\":\"agent.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.id\"}}},{\"name\":\"agent.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.id\"}}},{\"name\":\"agent.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.name\"}}},{\"name\":\"agent.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.name\"}}},{\"name\":\"agent.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.type\"}}},{\"name\":\"agent.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.type\"}}},{\"name\":\"agent.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.version\"}}},{\"name\":\"agent.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.version\"}}},{\"name\":\"client.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.address\"}}},{\"name\":\"client.address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"client.address\"}}},{\"name\":\"client.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.id.product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.id.product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.id.product\"}}},{\"name\":\"client.id.product.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"client.id.product\"}}},{\"name\":\"client.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.ip_bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.name\"}}},{\"name\":\"client.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"client.name\"}}},{\"name\":\"client.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.port\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.user_agent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.user_agent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.user_agent\"}}},{\"name\":\"client.user_agent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"client.user_agent\"}}},{\"name\":\"connection.bytes.missed\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.history\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.history.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.history\"}}},{\"name\":\"connection.history.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"connection.history\"}}},{\"name\":\"connection.local.originator\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.local.responder\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.state\"}}},{\"name\":\"connection.state.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"connection.state\"}}},{\"name\":\"connection.state_description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.state_description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.state_description\"}}},{\"name\":\"connection.state_description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"connection.state_description\"}}},{\"name\":\"data.euid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.euid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.euid\"}}},{\"name\":\"data.euid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.euid\"}}},{\"name\":\"data.file\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.file.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.file\"}}},{\"name\":\"data.file.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.file\"}}},{\"name\":\"data.hardware.cpu_cores\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_cores.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_cores\"}}},{\"name\":\"data.hardware.cpu_cores.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_cores\"}}},{\"name\":\"data.hardware.cpu_mhz\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_mhz.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_mhz\"}}},{\"name\":\"data.hardware.cpu_mhz.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_mhz\"}}},{\"name\":\"data.hardware.cpu_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_name\"}}},{\"name\":\"data.hardware.cpu_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_name\"}}},{\"name\":\"data.hardware.ram_free\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_free.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_free\"}}},{\"name\":\"data.hardware.ram_free.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_free\"}}},{\"name\":\"data.hardware.ram_total\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_total.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_total\"}}},{\"name\":\"data.hardware.ram_total.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_total\"}}},{\"name\":\"data.hardware.ram_usage\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_usage.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_usage\"}}},{\"name\":\"data.hardware.ram_usage.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_usage\"}}},{\"name\":\"data.hardware.serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.serial\"}}},{\"name\":\"data.hardware.serial.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.serial\"}}},{\"name\":\"data.hotfix\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hotfix.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hotfix\"}}},{\"name\":\"data.hotfix.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hotfix\"}}},{\"name\":\"data.logname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.logname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.logname\"}}},{\"name\":\"data.logname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.logname\"}}},{\"name\":\"data.netinfo.iface.adapter\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.adapter.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.adapter\"}}},{\"name\":\"data.netinfo.iface.adapter.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.adapter\"}}},{\"name\":\"data.netinfo.iface.ipv4.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.address\"}}},{\"name\":\"data.netinfo.iface.ipv4.address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.address\"}}},{\"name\":\"data.netinfo.iface.ipv4.broadcast\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.broadcast.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.broadcast\"}}},{\"name\":\"data.netinfo.iface.ipv4.broadcast.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.broadcast\"}}},{\"name\":\"data.netinfo.iface.ipv4.dhcp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.dhcp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.dhcp\"}}},{\"name\":\"data.netinfo.iface.ipv4.dhcp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.dhcp\"}}},{\"name\":\"data.netinfo.iface.ipv4.gateway\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.gateway.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.gateway\"}}},{\"name\":\"data.netinfo.iface.ipv4.gateway.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.gateway\"}}},{\"name\":\"data.netinfo.iface.ipv4.metric\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.metric.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.metric\"}}},{\"name\":\"data.netinfo.iface.ipv4.metric.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.metric\"}}},{\"name\":\"data.netinfo.iface.ipv4.netmask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.netmask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.netmask\"}}},{\"name\":\"data.netinfo.iface.ipv4.netmask.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.netmask\"}}},{\"name\":\"data.netinfo.iface.ipv6.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.address\"}}},{\"name\":\"data.netinfo.iface.ipv6.address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.address\"}}},{\"name\":\"data.netinfo.iface.ipv6.dhcp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.dhcp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.dhcp\"}}},{\"name\":\"data.netinfo.iface.ipv6.dhcp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.dhcp\"}}},{\"name\":\"data.netinfo.iface.ipv6.gateway\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.gateway.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.gateway\"}}},{\"name\":\"data.netinfo.iface.ipv6.gateway.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.gateway\"}}},{\"name\":\"data.netinfo.iface.ipv6.metric\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.metric.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.metric\"}}},{\"name\":\"data.netinfo.iface.ipv6.metric.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.metric\"}}},{\"name\":\"data.netinfo.iface.ipv6.netmask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.netmask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.netmask\"}}},{\"name\":\"data.netinfo.iface.ipv6.netmask.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.netmask\"}}},{\"name\":\"data.netinfo.iface.mac\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mac.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.mac\"}}},{\"name\":\"data.netinfo.iface.mac.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.mac\"}}},{\"name\":\"data.netinfo.iface.mtu\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mtu.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.mtu\"}}},{\"name\":\"data.netinfo.iface.mtu.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.mtu\"}}},{\"name\":\"data.netinfo.iface.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.name\"}}},{\"name\":\"data.netinfo.iface.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.name\"}}},{\"name\":\"data.netinfo.iface.rx_bytes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_bytes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_bytes\"}}},{\"name\":\"data.netinfo.iface.rx_bytes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_bytes\"}}},{\"name\":\"data.netinfo.iface.rx_dropped\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_dropped.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_dropped\"}}},{\"name\":\"data.netinfo.iface.rx_dropped.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_dropped\"}}},{\"name\":\"data.netinfo.iface.rx_errors\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_errors.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_errors\"}}},{\"name\":\"data.netinfo.iface.rx_errors.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_errors\"}}},{\"name\":\"data.netinfo.iface.rx_packets\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_packets.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_packets\"}}},{\"name\":\"data.netinfo.iface.rx_packets.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_packets\"}}},{\"name\":\"data.netinfo.iface.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.state\"}}},{\"name\":\"data.netinfo.iface.state.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.state\"}}},{\"name\":\"data.netinfo.iface.tx_bytes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_bytes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_bytes\"}}},{\"name\":\"data.netinfo.iface.tx_bytes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_bytes\"}}},{\"name\":\"data.netinfo.iface.tx_dropped\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_dropped.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_dropped\"}}},{\"name\":\"data.netinfo.iface.tx_dropped.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_dropped\"}}},{\"name\":\"data.netinfo.iface.tx_errors\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_errors.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_errors\"}}},{\"name\":\"data.netinfo.iface.tx_errors.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_errors\"}}},{\"name\":\"data.netinfo.iface.tx_packets\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_packets.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_packets\"}}},{\"name\":\"data.netinfo.iface.tx_packets.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_packets\"}}},{\"name\":\"data.netinfo.iface.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.type\"}}},{\"name\":\"data.netinfo.iface.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.type\"}}},{\"name\":\"data.os.architecture\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.architecture.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.architecture\"}}},{\"name\":\"data.os.architecture.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.architecture\"}}},{\"name\":\"data.os.build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.build\"}}},{\"name\":\"data.os.build.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.build\"}}},{\"name\":\"data.os.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.hostname\"}}},{\"name\":\"data.os.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.hostname\"}}},{\"name\":\"data.os.major\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.major.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.major\"}}},{\"name\":\"data.os.major.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.major\"}}},{\"name\":\"data.os.minor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.minor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.minor\"}}},{\"name\":\"data.os.minor.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.minor\"}}},{\"name\":\"data.os.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.name\"}}},{\"name\":\"data.os.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.name\"}}},{\"name\":\"data.os.os_release\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.os_release.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.os_release\"}}},{\"name\":\"data.os.os_release.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.os_release\"}}},{\"name\":\"data.os.platform\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.platform.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.platform\"}}},{\"name\":\"data.os.platform.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.platform\"}}},{\"name\":\"data.os.release\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.release\"}}},{\"name\":\"data.os.release.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.release\"}}},{\"name\":\"data.os.release_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.release_version\"}}},{\"name\":\"data.os.release_version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.release_version\"}}},{\"name\":\"data.os.sysname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.sysname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.sysname\"}}},{\"name\":\"data.os.sysname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.sysname\"}}},{\"name\":\"data.os.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.version\"}}},{\"name\":\"data.os.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.version\"}}},{\"name\":\"data.port.inode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.inode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.inode\"}}},{\"name\":\"data.port.inode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.inode\"}}},{\"name\":\"data.port.local_ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.local_ip\"}}},{\"name\":\"data.port.local_ip.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.local_ip\"}}},{\"name\":\"data.port.local_port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.local_port\"}}},{\"name\":\"data.port.local_port.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.local_port\"}}},{\"name\":\"data.port.pid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.pid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.pid\"}}},{\"name\":\"data.port.pid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.pid\"}}},{\"name\":\"data.port.process\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.process.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.process\"}}},{\"name\":\"data.port.process.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.process\"}}},{\"name\":\"data.port.protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.protocol\"}}},{\"name\":\"data.port.protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.protocol\"}}},{\"name\":\"data.port.remote_ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.remote_ip\"}}},{\"name\":\"data.port.remote_ip.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.remote_ip\"}}},{\"name\":\"data.port.remote_port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.remote_port\"}}},{\"name\":\"data.port.remote_port.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.remote_port\"}}},{\"name\":\"data.port.rx_queue\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.rx_queue.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.rx_queue\"}}},{\"name\":\"data.port.rx_queue.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.rx_queue\"}}},{\"name\":\"data.port.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.state\"}}},{\"name\":\"data.port.state.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.state\"}}},{\"name\":\"data.port.tx_queue\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.tx_queue.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.tx_queue\"}}},{\"name\":\"data.port.tx_queue.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.tx_queue\"}}},{\"name\":\"data.pwd\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.pwd.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.pwd\"}}},{\"name\":\"data.pwd.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.pwd\"}}},{\"name\":\"data.srcuser\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.srcuser.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.srcuser\"}}},{\"name\":\"data.srcuser.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.srcuser\"}}},{\"name\":\"data.title\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.title.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.title\"}}},{\"name\":\"data.title.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.title\"}}},{\"name\":\"data.tty\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.tty.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.tty\"}}},{\"name\":\"data.tty.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.tty\"}}},{\"name\":\"data.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.type\"}}},{\"name\":\"data.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.type\"}}},{\"name\":\"data.uid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.uid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.uid\"}}},{\"name\":\"data.uid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.uid\"}}},{\"name\":\"dce_rpc.endpoint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.endpoint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.endpoint\"}}},{\"name\":\"dce_rpc.endpoint.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.endpoint\"}}},{\"name\":\"dce_rpc.named_pipe\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.named_pipe.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.named_pipe\"}}},{\"name\":\"dce_rpc.named_pipe.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.named_pipe\"}}},{\"name\":\"dce_rpc.operation\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.operation.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.operation\"}}},{\"name\":\"dce_rpc.operation.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.operation\"}}},{\"name\":\"destination.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.city_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.city_name\"}}},{\"name\":\"destination.geo.city_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.city_name\"}}},{\"name\":\"destination.geo.continent_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.continent_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.continent_name\"}}},{\"name\":\"destination.geo.continent_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.continent_name\"}}},{\"name\":\"destination.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.country_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_iso_code\"}}},{\"name\":\"destination.geo.country_iso_code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_iso_code\"}}},{\"name\":\"destination.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.country_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_name\"}}},{\"name\":\"destination.geo.country_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_name\"}}},{\"name\":\"destination.geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.location.lat\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.location.lon\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.region_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.region_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_iso_code\"}}},{\"name\":\"destination.geo.region_iso_code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_iso_code\"}}},{\"name\":\"destination.geo.region_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.region_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_name\"}}},{\"name\":\"destination.geo.region_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_name\"}}},{\"name\":\"destination.geo.timezone\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.timezone.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.timezone\"}}},{\"name\":\"destination.geo.timezone.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.timezone\"}}},{\"name\":\"destination.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.assigned_ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.assigned_ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.assigned_ip\"}}},{\"name\":\"dhcp.assigned_ip.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dhcp.assigned_ip\"}}},{\"name\":\"dhcp.lease_time\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.message_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.message_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.message_types\"}}},{\"name\":\"dhcp.message_types.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dhcp.message_types\"}}},{\"name\":\"dhcp.requested_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.requested_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.requested_address\"}}},{\"name\":\"dhcp.requested_address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dhcp.requested_address\"}}},{\"name\":\"dnp3.fc_reply\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dnp3.fc_reply.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_reply\"}}},{\"name\":\"dnp3.fc_reply.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_reply\"}}},{\"name\":\"dnp3.fc_request\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dnp3.fc_request.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_request\"}}},{\"name\":\"dnp3.fc_request.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_request\"}}},{\"name\":\"dnp3.iin\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.answers\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.answers.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.answers\"}}},{\"name\":\"dns.answers.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.answers\"}}},{\"name\":\"dns.authoritative\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.highest_registered_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.highest_registered_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.highest_registered_domain\"}}},{\"name\":\"dns.highest_registered_domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.highest_registered_domain\"}}},{\"name\":\"dns.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.parent_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.parent_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.parent_domain\"}}},{\"name\":\"dns.parent_domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.parent_domain\"}}},{\"name\":\"dns.parent_domain_length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.class\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.class_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.class_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.class_name\"}}},{\"name\":\"dns.query.class_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.query.class_name\"}}},{\"name\":\"dns.query.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.name\"}}},{\"name\":\"dns.query.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.query.name\"}}},{\"name\":\"dns.query.rejected\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.type\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.type_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.type_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.type_name\"}}},{\"name\":\"dns.query.type_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.query.type_name\"}}},{\"name\":\"dns.recursion.available\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.recursion.desired\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.reserved\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.response.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.response.code_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.response.code_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.response.code_name\"}}},{\"name\":\"dns.response.code_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.response.code_name\"}}},{\"name\":\"dns.subdomain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.subdomain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.subdomain\"}}},{\"name\":\"dns.subdomain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.subdomain\"}}},{\"name\":\"dns.subdomain_length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.top_level_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.top_level_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.top_level_domain\"}}},{\"name\":\"dns.top_level_domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.top_level_domain\"}}},{\"name\":\"dns.truncated\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.ttls\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ecs.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ecs.version\"}}},{\"name\":\"ecs.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ecs.version\"}}},{\"name\":\"error.reason\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.reason.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.reason\"}}},{\"name\":\"error.reason.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"error.reason\"}}},{\"name\":\"event.acknowledged\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.action\"}}},{\"name\":\"event.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.action\"}}},{\"name\":\"event.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.category\"}}},{\"name\":\"event.category.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.category\"}}},{\"name\":\"event.code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.code\"}}},{\"name\":\"event.code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.code\"}}},{\"name\":\"event.created\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.created.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.created\"}}},{\"name\":\"event.created.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.created\"}}},{\"name\":\"event.dataset\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.dataset.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.dataset\"}}},{\"name\":\"event.dataset.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.dataset\"}}},{\"name\":\"event.duration\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.escalated\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.kind.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.kind\"}}},{\"name\":\"event.kind.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.kind\"}}},{\"name\":\"event.module\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.module.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.module\"}}},{\"name\":\"event.module.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.module\"}}},{\"name\":\"event.provider\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.provider.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.provider\"}}},{\"name\":\"event.provider.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.provider\"}}},{\"name\":\"event.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.severity_label\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.severity_label.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.severity_label\"}}},{\"name\":\"event.severity_label.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.severity_label\"}}},{\"name\":\"event.timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.timestamp\"}}},{\"name\":\"event.timestamp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.timestamp\"}}},{\"name\":\"file.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.action\"}}},{\"name\":\"file.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.action\"}}},{\"name\":\"file.analyzer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.analyzer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.analyzer\"}}},{\"name\":\"file.analyzer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.analyzer\"}}},{\"name\":\"file.aslr\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.missing\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.overflow\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.seen\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_integrity\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.compile_timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.compile_timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.compile_timestamp\"}}},{\"name\":\"file.compile_timestamp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.compile_timestamp\"}}},{\"name\":\"file.debug_data\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.dep\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.description\"}}},{\"name\":\"file.description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.description\"}}},{\"name\":\"file.extracted.cutoff\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.extracted.filename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.extracted.filename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.extracted.filename\"}}},{\"name\":\"file.extracted.filename.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.extracted.filename\"}}},{\"name\":\"file.flavors.mime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.flavors.mime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.flavors.mime\"}}},{\"name\":\"file.flavors.mime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.flavors.mime\"}}},{\"name\":\"file.flavors.yara\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.flavors.yara.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.flavors.yara\"}}},{\"name\":\"file.flavors.yara.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.flavors.yara\"}}},{\"name\":\"file.is_64bit\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.is_exe\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.is_orig\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.local_orig\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.machine\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.machine.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.machine\"}}},{\"name\":\"file.machine.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.machine\"}}},{\"name\":\"file.mime_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.mime_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.mime_type\"}}},{\"name\":\"file.mime_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.mime_type\"}}},{\"name\":\"file.mimetype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.mimetype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.mimetype\"}}},{\"name\":\"file.mimetype.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.mimetype\"}}},{\"name\":\"file.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.name\"}}},{\"name\":\"file.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.name\"}}},{\"name\":\"file.orig_filenames\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.orig_filenames.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.orig_filenames\"}}},{\"name\":\"file.orig_filenames.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.orig_filenames\"}}},{\"name\":\"file.orig_mime_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.orig_mime_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.orig_mime_types\"}}},{\"name\":\"file.orig_mime_types.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.orig_mime_types\"}}},{\"name\":\"file.os\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.os.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.os\"}}},{\"name\":\"file.os.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.os\"}}},{\"name\":\"file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.path\"}}},{\"name\":\"file.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.path\"}}},{\"name\":\"file.resp_filenames\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.resp_filenames.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.resp_filenames\"}}},{\"name\":\"file.resp_filenames.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.resp_filenames\"}}},{\"name\":\"file.resp_mime_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.resp_mime_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.resp_mime_types\"}}},{\"name\":\"file.resp_mime_types.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.resp_mime_types\"}}},{\"name\":\"file.scanners\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.scanners.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.scanners\"}}},{\"name\":\"file.scanners.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.scanners\"}}},{\"name\":\"file.section_names\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.section_names.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.section_names\"}}},{\"name\":\"file.section_names.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.section_names\"}}},{\"name\":\"file.seh\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.source\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.source.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.source\"}}},{\"name\":\"file.source.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.source\"}}},{\"name\":\"file.subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.subsystem\"}}},{\"name\":\"file.subsystem.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.subsystem\"}}},{\"name\":\"file.table.cert\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.table.export\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.table.import\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.target.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.target\"}}},{\"name\":\"file.target.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.target\"}}},{\"name\":\"file.timed_out\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.times_accessed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_accessed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_accessed\"}}},{\"name\":\"file.times_accessed.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.times_accessed\"}}},{\"name\":\"file.times_changed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_changed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_changed\"}}},{\"name\":\"file.times_changed.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.times_changed\"}}},{\"name\":\"file.times_created\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_created.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_created\"}}},{\"name\":\"file.times_created.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.times_created\"}}},{\"name\":\"file.times_modified\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_modified.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_modified\"}}},{\"name\":\"file.times_modified.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.times_modified\"}}},{\"name\":\"file.tree.node\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.node.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.node\"}}},{\"name\":\"file.tree.node.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.tree.node\"}}},{\"name\":\"file.tree.parent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.parent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.parent\"}}},{\"name\":\"file.tree.parent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.tree.parent\"}}},{\"name\":\"file.tree.root\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.root.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.root\"}}},{\"name\":\"file.tree.root.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.tree.root\"}}},{\"name\":\"ftp.argument\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.argument.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.argument\"}}},{\"name\":\"ftp.argument.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ftp.argument\"}}},{\"name\":\"ftp.command\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.command.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.command\"}}},{\"name\":\"ftp.command.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ftp.command\"}}},{\"name\":\"ftp.data_channel_destination.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.data_channel_destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.data_channel_passive\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.data_channel_source.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.password\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.password.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.password\"}}},{\"name\":\"ftp.password.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ftp.password\"}}},{\"name\":\"ftp.user\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.user.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.user\"}}},{\"name\":\"ftp.user.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ftp.user\"}}},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hash.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hash.hassh\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.hassh.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.hassh\"}}},{\"name\":\"hash.hassh.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.hassh\"}}},{\"name\":\"hash.ja3\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ja3.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ja3\"}}},{\"name\":\"hash.ja3.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.ja3\"}}},{\"name\":\"hash.ja3s\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ja3s.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ja3s\"}}},{\"name\":\"hash.ja3s.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.ja3s\"}}},{\"name\":\"hash.md5\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.md5.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.md5\"}}},{\"name\":\"hash.md5.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.md5\"}}},{\"name\":\"hash.sha1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.sha1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.sha1\"}}},{\"name\":\"hash.sha1.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.sha1\"}}},{\"name\":\"hash.sha256\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.sha256.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.sha256\"}}},{\"name\":\"hash.sha256.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.sha256\"}}},{\"name\":\"hash.ssdeep\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ssdeep.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ssdeep\"}}},{\"name\":\"hash.ssdeep.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.ssdeep\"}}},{\"name\":\"host.architecture\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.architecture.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.architecture\"}}},{\"name\":\"host.architecture.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.architecture\"}}},{\"name\":\"host.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.domain\"}}},{\"name\":\"host.domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.domain\"}}},{\"name\":\"host.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.hostname\"}}},{\"name\":\"host.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.hostname\"}}},{\"name\":\"host.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.id\"}}},{\"name\":\"host.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.id\"}}},{\"name\":\"host.mac\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.mac.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.mac\"}}},{\"name\":\"host.mac.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.mac\"}}},{\"name\":\"host.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.name\"}}},{\"name\":\"host.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.name\"}}},{\"name\":\"host.os.build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.build\"}}},{\"name\":\"host.os.build.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.build\"}}},{\"name\":\"host.os.family\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.family.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.family\"}}},{\"name\":\"host.os.family.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.family\"}}},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.kernel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.kernel\"}}},{\"name\":\"host.os.kernel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.kernel\"}}},{\"name\":\"host.os.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.name\"}}},{\"name\":\"host.os.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.name\"}}},{\"name\":\"host.os.platform\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.platform.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.platform\"}}},{\"name\":\"host.os.platform.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.platform\"}}},{\"name\":\"host.os.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.version\"}}},{\"name\":\"host.os.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.version\"}}},{\"name\":\"host.syscheck.changed_attributes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.changed_attributes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.changed_attributes\"}}},{\"name\":\"host.syscheck.changed_attributes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.changed_attributes\"}}},{\"name\":\"host.syscheck.event\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.event.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.event\"}}},{\"name\":\"host.syscheck.event.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.event\"}}},{\"name\":\"host.syscheck.gid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.gid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gid_after\"}}},{\"name\":\"host.syscheck.gid_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gid_after\"}}},{\"name\":\"host.syscheck.gname_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.gname_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gname_after\"}}},{\"name\":\"host.syscheck.gname_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gname_after\"}}},{\"name\":\"host.syscheck.inode_after\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.syscheck.md5_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.md5_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_after\"}}},{\"name\":\"host.syscheck.md5_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_after\"}}},{\"name\":\"host.syscheck.md5_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.md5_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_before\"}}},{\"name\":\"host.syscheck.md5_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_before\"}}},{\"name\":\"host.syscheck.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mode\"}}},{\"name\":\"host.syscheck.mode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mode\"}}},{\"name\":\"host.syscheck.mtime_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.mtime_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_after\"}}},{\"name\":\"host.syscheck.mtime_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_after\"}}},{\"name\":\"host.syscheck.mtime_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.mtime_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_before\"}}},{\"name\":\"host.syscheck.mtime_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_before\"}}},{\"name\":\"host.syscheck.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.path\"}}},{\"name\":\"host.syscheck.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.path\"}}},{\"name\":\"host.syscheck.perm_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.perm_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.perm_after\"}}},{\"name\":\"host.syscheck.perm_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.perm_after\"}}},{\"name\":\"host.syscheck.sha1_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha1_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_after\"}}},{\"name\":\"host.syscheck.sha1_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_after\"}}},{\"name\":\"host.syscheck.sha1_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha1_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_before\"}}},{\"name\":\"host.syscheck.sha1_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_before\"}}},{\"name\":\"host.syscheck.sha256_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha256_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_after\"}}},{\"name\":\"host.syscheck.sha256_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_after\"}}},{\"name\":\"host.syscheck.sha256_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha256_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_before\"}}},{\"name\":\"host.syscheck.sha256_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_before\"}}},{\"name\":\"host.syscheck.size_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.size_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_after\"}}},{\"name\":\"host.syscheck.size_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_after\"}}},{\"name\":\"host.syscheck.size_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.size_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_before\"}}},{\"name\":\"host.syscheck.size_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_before\"}}},{\"name\":\"host.syscheck.uid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.uid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uid_after\"}}},{\"name\":\"host.syscheck.uid_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uid_after\"}}},{\"name\":\"host.syscheck.uname_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.uname_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uname_after\"}}},{\"name\":\"host.syscheck.uname_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uname_after\"}}},{\"name\":\"http.info_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.info_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.info_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.info_message\"}}},{\"name\":\"http.info_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.info_message\"}}},{\"name\":\"http.method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.method\"}}},{\"name\":\"http.method.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.method\"}}},{\"name\":\"http.proxied\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.proxied.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.proxied\"}}},{\"name\":\"http.proxied.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.proxied\"}}},{\"name\":\"http.referrer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.referrer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.referrer\"}}},{\"name\":\"http.referrer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.referrer\"}}},{\"name\":\"http.request.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.status_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.status_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.status_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.status_message\"}}},{\"name\":\"http.status_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.status_message\"}}},{\"name\":\"http.trans_depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.uri\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.uri.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.uri\"}}},{\"name\":\"http.uri.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.uri\"}}},{\"name\":\"http.useragent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.useragent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.useragent\"}}},{\"name\":\"http.useragent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.useragent\"}}},{\"name\":\"http.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.version\"}}},{\"name\":\"http.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.version\"}}},{\"name\":\"http.virtual_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.virtual_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.virtual_host\"}}},{\"name\":\"http.virtual_host.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.virtual_host\"}}},{\"name\":\"ingest.timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ingest.timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ingest.timestamp\"}}},{\"name\":\"ingest.timestamp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ingest.timestamp\"}}},{\"name\":\"intel.indicator\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.indicator.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.indicator\"}}},{\"name\":\"intel.indicator_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.indicator_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.indicator_type\"}}},{\"name\":\"intel.indicator_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.indicator_type\"}}},{\"name\":\"intel.matched\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.matched.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.matched\"}}},{\"name\":\"intel.matched.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.matched\"}}},{\"name\":\"intel.seen_node\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.seen_node.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.seen_node\"}}},{\"name\":\"intel.seen_node.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.seen_node\"}}},{\"name\":\"intel.seen_where\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.seen_where.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.seen_where\"}}},{\"name\":\"intel.seen_where.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.seen_where\"}}},{\"name\":\"intel.sources\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.sources.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.sources\"}}},{\"name\":\"intel.sources.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.sources\"}}},{\"name\":\"irc.command.info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.info\"}}},{\"name\":\"irc.command.info.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.command.info\"}}},{\"name\":\"irc.command.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.type\"}}},{\"name\":\"irc.command.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.command.type\"}}},{\"name\":\"irc.command.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.value\"}}},{\"name\":\"irc.command.value.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.command.value\"}}},{\"name\":\"irc.nickname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.nickname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.nickname\"}}},{\"name\":\"irc.nickname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.nickname\"}}},{\"name\":\"irc.username\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.username.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.username\"}}},{\"name\":\"irc.username.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.username\"}}},{\"name\":\"kerberos.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.client\"}}},{\"name\":\"kerberos.client.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.client\"}}},{\"name\":\"kerberos.client_certificate_subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.client_certificate_subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.client_certificate_subject\"}}},{\"name\":\"kerberos.client_certificate_subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.client_certificate_subject\"}}},{\"name\":\"kerberos.error_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.error_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.error_message\"}}},{\"name\":\"kerberos.error_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.error_message\"}}},{\"name\":\"kerberos.request_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.request_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.request_type\"}}},{\"name\":\"kerberos.request_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.request_type\"}}},{\"name\":\"kerberos.server_certificate_subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.server_certificate_subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.server_certificate_subject\"}}},{\"name\":\"kerberos.server_certificate_subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.server_certificate_subject\"}}},{\"name\":\"kerberos.service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.service.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.service\"}}},{\"name\":\"kerberos.service.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.service\"}}},{\"name\":\"kerberos.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.cipher\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.cipher.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.cipher\"}}},{\"name\":\"kerberos.ticket.cipher.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.cipher\"}}},{\"name\":\"kerberos.ticket.forwardable\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.renewable\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.valid.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.valid.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.from\"}}},{\"name\":\"kerberos.ticket.valid.from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.from\"}}},{\"name\":\"kerberos.ticket.valid.until\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.valid.until.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.until\"}}},{\"name\":\"kerberos.ticket.valid.until.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.until\"}}},{\"name\":\"log.file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.file.path\"}}},{\"name\":\"log.file.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.file.path\"}}},{\"name\":\"log.full\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.full.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.full\"}}},{\"name\":\"log.full.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.full\"}}},{\"name\":\"log.id.client_certificate_fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.client_certificate_fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.client_certificate_fuid\"}}},{\"name\":\"log.id.client_certificate_fuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.client_certificate_fuid\"}}},{\"name\":\"log.id.fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.fuid\"}}},{\"name\":\"log.id.fuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.fuid\"}}},{\"name\":\"log.id.fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.fuids\"}}},{\"name\":\"log.id.fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.fuids\"}}},{\"name\":\"log.id.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.id\"}}},{\"name\":\"log.id.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.id\"}}},{\"name\":\"log.id.orig_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.orig_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.orig_fuids\"}}},{\"name\":\"log.id.orig_fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.orig_fuids\"}}},{\"name\":\"log.id.resp_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.resp_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.resp_fuids\"}}},{\"name\":\"log.id.resp_fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.resp_fuids\"}}},{\"name\":\"log.id.server_certificate_fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.server_certificate_fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.server_certificate_fuid\"}}},{\"name\":\"log.id.server_certificate_fuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.server_certificate_fuid\"}}},{\"name\":\"log.id.tunnel_parents\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.tunnel_parents.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.tunnel_parents\"}}},{\"name\":\"log.id.tunnel_parents.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.tunnel_parents\"}}},{\"name\":\"log.id.uid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.uid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.uid\"}}},{\"name\":\"log.id.uid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.uid\"}}},{\"name\":\"log.id.uids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.uids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.uids\"}}},{\"name\":\"log.id.uids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.uids\"}}},{\"name\":\"log.level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.level\"}}},{\"name\":\"log.level.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.level\"}}},{\"name\":\"log.location\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.location.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.location\"}}},{\"name\":\"log.location.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.location\"}}},{\"name\":\"log.offset\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.previous_log\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.previous_log.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.previous_log\"}}},{\"name\":\"log.previous_log.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.previous_log\"}}},{\"name\":\"log.previous_output\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.previous_output.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.previous_output\"}}},{\"name\":\"log.previous_output.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.previous_output\"}}},{\"name\":\"manager.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"manager.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"manager.name\"}}},{\"name\":\"manager.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"manager.name\"}}},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"message\"}}},{\"name\":\"modbus.function\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"modbus.function.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"modbus.function\"}}},{\"name\":\"modbus.function.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"modbus.function\"}}},{\"name\":\"mysql.argument\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.argument.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.argument\"}}},{\"name\":\"mysql.argument.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"mysql.argument\"}}},{\"name\":\"mysql.command\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.command.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.command\"}}},{\"name\":\"mysql.command.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"mysql.command\"}}},{\"name\":\"mysql.response\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.response.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.response\"}}},{\"name\":\"mysql.response.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"mysql.response\"}}},{\"name\":\"mysql.rows\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.community_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.community_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.community_id\"}}},{\"name\":\"network.community_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"network.community_id\"}}},{\"name\":\"network.data.decoded\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.data.decoded.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.data.decoded\"}}},{\"name\":\"network.data.decoded.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"network.data.decoded\"}}},{\"name\":\"network.protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.protocol\"}}},{\"name\":\"network.protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"network.protocol\"}}},{\"name\":\"network.transport\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.transport.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.transport\"}}},{\"name\":\"network.transport.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"network.transport\"}}},{\"name\":\"notice.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.action\"}}},{\"name\":\"notice.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.action\"}}},{\"name\":\"notice.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.message\"}}},{\"name\":\"notice.message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.message\"}}},{\"name\":\"notice.note\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.note.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.note\"}}},{\"name\":\"notice.note.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.note\"}}},{\"name\":\"notice.p\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice.peer_description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.peer_description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.peer_description\"}}},{\"name\":\"notice.peer_description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.peer_description\"}}},{\"name\":\"notice.sub_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.sub_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.sub_message\"}}},{\"name\":\"notice.sub_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.sub_message\"}}},{\"name\":\"notice.suppress_for\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm.server.dns.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.dns.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.dns.name\"}}},{\"name\":\"ntlm.server.dns.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.dns.name\"}}},{\"name\":\"ntlm.server.nb.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.nb.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.nb.name\"}}},{\"name\":\"ntlm.server.nb.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.nb.name\"}}},{\"name\":\"ntlm.server.tree.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.tree.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.tree.name\"}}},{\"name\":\"ntlm.server.tree.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.tree.name\"}}},{\"name\":\"ntlm.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"observer.analyzer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"observer.analyzer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"observer.analyzer\"}}},{\"name\":\"observer.analyzer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"observer.analyzer\"}}},{\"name\":\"observer.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"observer.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"observer.name\"}}},{\"name\":\"observer.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"observer.name\"}}},{\"name\":\"osquery.result.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.action\"}}},{\"name\":\"osquery.result.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.action\"}}},{\"name\":\"osquery.result.calendarTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.calendarTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.calendarTime\"}}},{\"name\":\"osquery.result.calendarTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.calendarTime\"}}},{\"name\":\"osquery.result.codename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.codename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.codename\"}}},{\"name\":\"osquery.result.codename.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.codename\"}}},{\"name\":\"osquery.result.columns.command\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.command.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.command\"}}},{\"name\":\"osquery.result.columns.command.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.command\"}}},{\"name\":\"osquery.result.columns.day_of_month\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.day_of_month.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.day_of_month\"}}},{\"name\":\"osquery.result.columns.day_of_month.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.day_of_month\"}}},{\"name\":\"osquery.result.columns.day_of_week\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.day_of_week.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.day_of_week\"}}},{\"name\":\"osquery.result.columns.day_of_week.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.day_of_week\"}}},{\"name\":\"osquery.result.columns.days\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.days.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.days\"}}},{\"name\":\"osquery.result.columns.days.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.days\"}}},{\"name\":\"osquery.result.columns.event\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.event.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.event\"}}},{\"name\":\"osquery.result.columns.event.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.event\"}}},{\"name\":\"osquery.result.columns.hour\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.hour.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.hour\"}}},{\"name\":\"osquery.result.columns.hour.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.hour\"}}},{\"name\":\"osquery.result.columns.hours\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.hours.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.hours\"}}},{\"name\":\"osquery.result.columns.hours.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.hours\"}}},{\"name\":\"osquery.result.columns.minute\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.minute.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.minute\"}}},{\"name\":\"osquery.result.columns.minute.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.minute\"}}},{\"name\":\"osquery.result.columns.minutes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.minutes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.minutes\"}}},{\"name\":\"osquery.result.columns.minutes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.minutes\"}}},{\"name\":\"osquery.result.columns.month\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.month.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.month\"}}},{\"name\":\"osquery.result.columns.month.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.month\"}}},{\"name\":\"osquery.result.columns.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.path\"}}},{\"name\":\"osquery.result.columns.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.path\"}}},{\"name\":\"osquery.result.columns.seconds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.seconds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.seconds\"}}},{\"name\":\"osquery.result.columns.seconds.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.seconds\"}}},{\"name\":\"osquery.result.columns.total_seconds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.total_seconds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.total_seconds\"}}},{\"name\":\"osquery.result.columns.total_seconds.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.total_seconds\"}}},{\"name\":\"osquery.result.counter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.endpoint_ip1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.endpoint_ip1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip1\"}}},{\"name\":\"osquery.result.endpoint_ip1.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip1\"}}},{\"name\":\"osquery.result.endpoint_ip2\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.endpoint_ip2.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip2\"}}},{\"name\":\"osquery.result.endpoint_ip2.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip2\"}}},{\"name\":\"osquery.result.epoch\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.hardware_serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.hardware_serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hardware_serial\"}}},{\"name\":\"osquery.result.hardware_serial.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hardware_serial\"}}},{\"name\":\"osquery.result.hostIdentifier\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.hostIdentifier.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostIdentifier\"}}},{\"name\":\"osquery.result.hostIdentifier.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostIdentifier\"}}},{\"name\":\"osquery.result.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostname\"}}},{\"name\":\"osquery.result.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostname\"}}},{\"name\":\"osquery.result.live_query\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.live_query.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.live_query\"}}},{\"name\":\"osquery.result.live_query.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.live_query\"}}},{\"name\":\"osquery.result.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.name\"}}},{\"name\":\"osquery.result.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.name\"}}},{\"name\":\"osquery.result.numerics\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.unixTime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.args.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.args\"}}},{\"name\":\"process.args.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.args\"}}},{\"name\":\"process.cmd\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.cmd.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.cmd\"}}},{\"name\":\"process.cmd.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.cmd\"}}},{\"name\":\"process.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.command_line\"}}},{\"name\":\"process.command_line.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.command_line\"}}},{\"name\":\"process.egroup\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.egroup.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.egroup\"}}},{\"name\":\"process.egroup.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.egroup\"}}},{\"name\":\"process.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.entity_id\"}}},{\"name\":\"process.entity_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.entity_id\"}}},{\"name\":\"process.euser\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.euser.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.euser\"}}},{\"name\":\"process.euser.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.euser\"}}},{\"name\":\"process.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.executable\"}}},{\"name\":\"process.executable.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.executable\"}}},{\"name\":\"process.fgroup\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.fgroup.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.fgroup\"}}},{\"name\":\"process.fgroup.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.fgroup\"}}},{\"name\":\"process.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.name\"}}},{\"name\":\"process.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.name\"}}},{\"name\":\"process.nice\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.nice.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.nice\"}}},{\"name\":\"process.nice.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.nice\"}}},{\"name\":\"process.nlwp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.nlwp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.nlwp\"}}},{\"name\":\"process.nlwp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.nlwp\"}}},{\"name\":\"process.parent.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.command_line\"}}},{\"name\":\"process.parent.command_line.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.command_line\"}}},{\"name\":\"process.parent.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.entity_id\"}}},{\"name\":\"process.parent.entity_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.entity_id\"}}},{\"name\":\"process.parent.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.executable\"}}},{\"name\":\"process.parent.executable.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.executable\"}}},{\"name\":\"process.pe.company\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.company.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.company\"}}},{\"name\":\"process.pe.company.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.company\"}}},{\"name\":\"process.pe.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.description\"}}},{\"name\":\"process.pe.description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.description\"}}},{\"name\":\"process.pe.file_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.file_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.file_version\"}}},{\"name\":\"process.pe.file_version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.file_version\"}}},{\"name\":\"process.pe.original_file_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.original_file_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.original_file_name\"}}},{\"name\":\"process.pe.original_file_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.original_file_name\"}}},{\"name\":\"process.pe.product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.product\"}}},{\"name\":\"process.pe.product.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.product\"}}},{\"name\":\"process.pgrp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pgrp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pgrp\"}}},{\"name\":\"process.pgrp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pgrp\"}}},{\"name\":\"process.pid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pid\"}}},{\"name\":\"process.pid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pid\"}}},{\"name\":\"process.ppid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.ppid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.ppid\"}}},{\"name\":\"process.ppid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.ppid\"}}},{\"name\":\"process.priority\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.priority.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.priority\"}}},{\"name\":\"process.priority.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.priority\"}}},{\"name\":\"process.processor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.processor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.processor\"}}},{\"name\":\"process.processor.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.processor\"}}},{\"name\":\"process.resident\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.resident.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.resident\"}}},{\"name\":\"process.resident.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.resident\"}}},{\"name\":\"process.rgroup\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.rgroup.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.rgroup\"}}},{\"name\":\"process.rgroup.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.rgroup\"}}},{\"name\":\"process.ruser\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.ruser.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.ruser\"}}},{\"name\":\"process.ruser.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.ruser\"}}},{\"name\":\"process.session\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.session.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.session\"}}},{\"name\":\"process.session.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.session\"}}},{\"name\":\"process.sgroup\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.sgroup.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.sgroup\"}}},{\"name\":\"process.sgroup.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.sgroup\"}}},{\"name\":\"process.share\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.share.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.share\"}}},{\"name\":\"process.share.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.share\"}}},{\"name\":\"process.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.size\"}}},{\"name\":\"process.size.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.size\"}}},{\"name\":\"process.start_time\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.start_time.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.start_time\"}}},{\"name\":\"process.start_time.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.start_time\"}}},{\"name\":\"process.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.state\"}}},{\"name\":\"process.state.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.state\"}}},{\"name\":\"process.stime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.stime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.stime\"}}},{\"name\":\"process.stime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.stime\"}}},{\"name\":\"process.suser\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.suser.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.suser\"}}},{\"name\":\"process.suser.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.suser\"}}},{\"name\":\"process.tgid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.tgid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.tgid\"}}},{\"name\":\"process.tgid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.tgid\"}}},{\"name\":\"process.tty\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.tty.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.tty\"}}},{\"name\":\"process.tty.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.tty\"}}},{\"name\":\"process.utime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.utime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.utime\"}}},{\"name\":\"process.utime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.utime\"}}},{\"name\":\"process.vm_size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.vm_size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.vm_size\"}}},{\"name\":\"process.vm_size.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.vm_size\"}}},{\"name\":\"process.working_directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.working_directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.working_directory\"}}},{\"name\":\"process.working_directory.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.working_directory\"}}},{\"name\":\"radius.framed_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.framed_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.framed_address\"}}},{\"name\":\"radius.framed_address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"radius.framed_address\"}}},{\"name\":\"radius.reply_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.reply_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.reply_message\"}}},{\"name\":\"radius.reply_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"radius.reply_message\"}}},{\"name\":\"radius.result\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.result.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.result\"}}},{\"name\":\"radius.result.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"radius.result\"}}},{\"name\":\"rdp.certificate_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.certificate_permanent\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.certificate_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.certificate_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.certificate_type\"}}},{\"name\":\"rdp.certificate_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.certificate_type\"}}},{\"name\":\"rdp.client_build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.client_build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.client_build\"}}},{\"name\":\"rdp.client_build.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.client_build\"}}},{\"name\":\"rdp.cookie\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.cookie.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.cookie\"}}},{\"name\":\"rdp.cookie.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.cookie\"}}},{\"name\":\"rdp.desktop.height\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.desktop.width\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.encryption_level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.encryption_level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_level\"}}},{\"name\":\"rdp.encryption_level.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_level\"}}},{\"name\":\"rdp.encryption_method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.encryption_method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_method\"}}},{\"name\":\"rdp.encryption_method.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_method\"}}},{\"name\":\"rdp.keyboard_layout\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.keyboard_layout.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.keyboard_layout\"}}},{\"name\":\"rdp.keyboard_layout.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.keyboard_layout\"}}},{\"name\":\"rdp.requested_color_depth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.requested_color_depth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.requested_color_depth\"}}},{\"name\":\"rdp.requested_color_depth.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.requested_color_depth\"}}},{\"name\":\"rdp.result\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.result.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.result\"}}},{\"name\":\"rdp.result.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.result\"}}},{\"name\":\"rdp.security_protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.security_protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.security_protocol\"}}},{\"name\":\"rdp.security_protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.security_protocol\"}}},{\"name\":\"request.attributes.filename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.attributes.filename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.attributes.filename\"}}},{\"name\":\"request.attributes.filename.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"request.attributes.filename\"}}},{\"name\":\"request.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.client\"}}},{\"name\":\"request.client.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"request.client\"}}},{\"name\":\"request.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.id\"}}},{\"name\":\"request.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"request.id\"}}},{\"name\":\"request.source\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.source.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.source\"}}},{\"name\":\"request.source.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"request.source\"}}},{\"name\":\"request.time\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.action\"}}},{\"name\":\"rule.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.action\"}}},{\"name\":\"rule.author\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.author.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.author\"}}},{\"name\":\"rule.author.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.author\"}}},{\"name\":\"rule.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.category\"}}},{\"name\":\"rule.category.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.category\"}}},{\"name\":\"rule.date\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.date.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.date\"}}},{\"name\":\"rule.date.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.date\"}}},{\"name\":\"rule.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.description\"}}},{\"name\":\"rule.description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.description\"}}},{\"name\":\"rule.filetype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.filetype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.filetype\"}}},{\"name\":\"rule.filetype.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.filetype\"}}},{\"name\":\"rule.firedtimes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.gdpr\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.gdpr.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.gdpr\"}}},{\"name\":\"rule.gdpr.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.gdpr\"}}},{\"name\":\"rule.gid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.gpg13\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.gpg13.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.gpg13\"}}},{\"name\":\"rule.gpg13.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.gpg13\"}}},{\"name\":\"rule.groups\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.groups.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.groups\"}}},{\"name\":\"rule.groups.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.groups\"}}},{\"name\":\"rule.hash1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.hash1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.hash1\"}}},{\"name\":\"rule.hash1.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.hash1\"}}},{\"name\":\"rule.hipaa\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.hipaa.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.hipaa\"}}},{\"name\":\"rule.hipaa.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.hipaa\"}}},{\"name\":\"rule.info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.info\"}}},{\"name\":\"rule.info.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.info\"}}},{\"name\":\"rule.level\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.mail\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.maltype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.maltype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.maltype\"}}},{\"name\":\"rule.maltype.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.maltype\"}}},{\"name\":\"rule.metadata.affected_product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.affected_product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.affected_product\"}}},{\"name\":\"rule.metadata.affected_product.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.affected_product\"}}},{\"name\":\"rule.metadata.attack_target\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.attack_target.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.attack_target\"}}},{\"name\":\"rule.metadata.attack_target.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.attack_target\"}}},{\"name\":\"rule.metadata.created_at\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.created_at.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.created_at\"}}},{\"name\":\"rule.metadata.created_at.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.created_at\"}}},{\"name\":\"rule.metadata.deployment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.deployment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.deployment\"}}},{\"name\":\"rule.metadata.deployment.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.deployment\"}}},{\"name\":\"rule.metadata.former_category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.former_category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.former_category\"}}},{\"name\":\"rule.metadata.former_category.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.former_category\"}}},{\"name\":\"rule.metadata.malware_family\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.malware_family.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.malware_family\"}}},{\"name\":\"rule.metadata.malware_family.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.malware_family\"}}},{\"name\":\"rule.metadata.performance_impact\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.performance_impact.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.performance_impact\"}}},{\"name\":\"rule.metadata.performance_impact.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.performance_impact\"}}},{\"name\":\"rule.metadata.signature_severity\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.signature_severity.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.signature_severity\"}}},{\"name\":\"rule.metadata.signature_severity.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.signature_severity\"}}},{\"name\":\"rule.metadata.tag\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.tag.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.tag\"}}},{\"name\":\"rule.metadata.tag.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.tag\"}}},{\"name\":\"rule.metadata.updated_at\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.updated_at.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.updated_at\"}}},{\"name\":\"rule.metadata.updated_at.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.updated_at\"}}},{\"name\":\"rule.mitre.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.mitre.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.id\"}}},{\"name\":\"rule.mitre.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.id\"}}},{\"name\":\"rule.mitre.tactic\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.mitre.tactic.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.tactic\"}}},{\"name\":\"rule.mitre.tactic.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.tactic\"}}},{\"name\":\"rule.mitre.technique\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.mitre.technique.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.technique\"}}},{\"name\":\"rule.mitre.technique.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.technique\"}}},{\"name\":\"rule.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.name\"}}},{\"name\":\"rule.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.name\"}}},{\"name\":\"rule.nist_800_53\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.nist_800_53.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.nist_800_53\"}}},{\"name\":\"rule.nist_800_53.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.nist_800_53\"}}},{\"name\":\"rule.pci_dss\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.pci_dss.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.pci_dss\"}}},{\"name\":\"rule.pci_dss.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.pci_dss\"}}},{\"name\":\"rule.reference\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.reference.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.reference\"}}},{\"name\":\"rule.reference.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.reference\"}}},{\"name\":\"rule.rev\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.rule\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.rule.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.rule\"}}},{\"name\":\"rule.rule.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.rule\"}}},{\"name\":\"rule.ruleset\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.ruleset.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.ruleset\"}}},{\"name\":\"rule.ruleset.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.ruleset\"}}},{\"name\":\"rule.score\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.tsc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.tsc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.tsc\"}}},{\"name\":\"rule.tsc.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.tsc\"}}},{\"name\":\"rule.uuid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.entropy.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.entropy.entropy\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.exiftool.About\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.About.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.About\"}}},{\"name\":\"scan.exiftool.About.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.About\"}}},{\"name\":\"scan.exiftool.AppVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.AppVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.AppVersion\"}}},{\"name\":\"scan.exiftool.AppVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.AppVersion\"}}},{\"name\":\"scan.exiftool.Author\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Author.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Author\"}}},{\"name\":\"scan.exiftool.Author.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Author\"}}},{\"name\":\"scan.exiftool.BitDepth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.BitDepth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BitDepth\"}}},{\"name\":\"scan.exiftool.BitDepth.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BitDepth\"}}},{\"name\":\"scan.exiftool.BuildID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.BuildID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BuildID\"}}},{\"name\":\"scan.exiftool.BuildID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BuildID\"}}},{\"name\":\"scan.exiftool.CharCountWithSpaces\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CharCountWithSpaces.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharCountWithSpaces\"}}},{\"name\":\"scan.exiftool.CharCountWithSpaces.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharCountWithSpaces\"}}},{\"name\":\"scan.exiftool.CharacterSet\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CharacterSet.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharacterSet\"}}},{\"name\":\"scan.exiftool.CharacterSet.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharacterSet\"}}},{\"name\":\"scan.exiftool.Characters\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Characters.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Characters\"}}},{\"name\":\"scan.exiftool.Characters.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Characters\"}}},{\"name\":\"scan.exiftool.CodePage\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CodePage.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodePage\"}}},{\"name\":\"scan.exiftool.CodePage.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodePage\"}}},{\"name\":\"scan.exiftool.CodeSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CodeSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodeSize\"}}},{\"name\":\"scan.exiftool.CodeSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodeSize\"}}},{\"name\":\"scan.exiftool.ColorType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ColorType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ColorType\"}}},{\"name\":\"scan.exiftool.ColorType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ColorType\"}}},{\"name\":\"scan.exiftool.Comments\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Comments.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Comments\"}}},{\"name\":\"scan.exiftool.Comments.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Comments\"}}},{\"name\":\"scan.exiftool.CompObjUserType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompObjUserType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserType\"}}},{\"name\":\"scan.exiftool.CompObjUserType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserType\"}}},{\"name\":\"scan.exiftool.CompObjUserTypeLen\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompObjUserTypeLen.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserTypeLen\"}}},{\"name\":\"scan.exiftool.CompObjUserTypeLen.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserTypeLen\"}}},{\"name\":\"scan.exiftool.Company\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Company.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Company\"}}},{\"name\":\"scan.exiftool.Company.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Company\"}}},{\"name\":\"scan.exiftool.CompanyName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompanyName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompanyName\"}}},{\"name\":\"scan.exiftool.CompanyName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompanyName\"}}},{\"name\":\"scan.exiftool.Compression\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Compression.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Compression\"}}},{\"name\":\"scan.exiftool.Compression.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Compression\"}}},{\"name\":\"scan.exiftool.CreateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CreateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreateDate\"}}},{\"name\":\"scan.exiftool.CreateDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreateDate\"}}},{\"name\":\"scan.exiftool.Creator\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Creator.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Creator\"}}},{\"name\":\"scan.exiftool.Creator.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Creator\"}}},{\"name\":\"scan.exiftool.CreatorTool\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CreatorTool.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreatorTool\"}}},{\"name\":\"scan.exiftool.CreatorTool.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreatorTool\"}}},{\"name\":\"scan.exiftool.DerivedFromDocumentID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DerivedFromDocumentID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromDocumentID\"}}},{\"name\":\"scan.exiftool.DerivedFromDocumentID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromDocumentID\"}}},{\"name\":\"scan.exiftool.DerivedFromInstanceID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DerivedFromInstanceID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromInstanceID\"}}},{\"name\":\"scan.exiftool.DerivedFromInstanceID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromInstanceID\"}}},{\"name\":\"scan.exiftool.Directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Directory\"}}},{\"name\":\"scan.exiftool.Directory.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Directory\"}}},{\"name\":\"scan.exiftool.DocumentID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DocumentID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DocumentID\"}}},{\"name\":\"scan.exiftool.DocumentID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DocumentID\"}}},{\"name\":\"scan.exiftool.EntryPoint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.EntryPoint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.EntryPoint\"}}},{\"name\":\"scan.exiftool.EntryPoint.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.EntryPoint\"}}},{\"name\":\"scan.exiftool.Error\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Error.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Error\"}}},{\"name\":\"scan.exiftool.Error.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Error\"}}},{\"name\":\"scan.exiftool.ExifToolVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ExifToolVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ExifToolVersion\"}}},{\"name\":\"scan.exiftool.ExifToolVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ExifToolVersion\"}}},{\"name\":\"scan.exiftool.FileAccessDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileAccessDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileAccessDate\"}}},{\"name\":\"scan.exiftool.FileAccessDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileAccessDate\"}}},{\"name\":\"scan.exiftool.FileDescription\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileDescription.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileDescription\"}}},{\"name\":\"scan.exiftool.FileDescription.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileDescription\"}}},{\"name\":\"scan.exiftool.FileFlags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileFlags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlags\"}}},{\"name\":\"scan.exiftool.FileFlags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlags\"}}},{\"name\":\"scan.exiftool.FileFlagsMask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileFlagsMask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlagsMask\"}}},{\"name\":\"scan.exiftool.FileFlagsMask.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlagsMask\"}}},{\"name\":\"scan.exiftool.FileInodeChangeDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileInodeChangeDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileInodeChangeDate\"}}},{\"name\":\"scan.exiftool.FileInodeChangeDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileInodeChangeDate\"}}},{\"name\":\"scan.exiftool.FileModifyDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileModifyDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileModifyDate\"}}},{\"name\":\"scan.exiftool.FileModifyDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileModifyDate\"}}},{\"name\":\"scan.exiftool.FileName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileName\"}}},{\"name\":\"scan.exiftool.FileName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileName\"}}},{\"name\":\"scan.exiftool.FileOS\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileOS.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileOS\"}}},{\"name\":\"scan.exiftool.FileOS.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileOS\"}}},{\"name\":\"scan.exiftool.FilePermissions\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FilePermissions.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FilePermissions\"}}},{\"name\":\"scan.exiftool.FilePermissions.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FilePermissions\"}}},{\"name\":\"scan.exiftool.FileSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSize\"}}},{\"name\":\"scan.exiftool.FileSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSize\"}}},{\"name\":\"scan.exiftool.FileSubtype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileSubtype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSubtype\"}}},{\"name\":\"scan.exiftool.FileSubtype.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSubtype\"}}},{\"name\":\"scan.exiftool.FileType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileType\"}}},{\"name\":\"scan.exiftool.FileType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileType\"}}},{\"name\":\"scan.exiftool.FileTypeExtension\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileTypeExtension.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileTypeExtension\"}}},{\"name\":\"scan.exiftool.FileTypeExtension.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileTypeExtension\"}}},{\"name\":\"scan.exiftool.FileVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersion\"}}},{\"name\":\"scan.exiftool.FileVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersion\"}}},{\"name\":\"scan.exiftool.FileVersionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileVersionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersionNumber\"}}},{\"name\":\"scan.exiftool.FileVersionNumber.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersionNumber\"}}},{\"name\":\"scan.exiftool.Filter\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Filter.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Filter\"}}},{\"name\":\"scan.exiftool.Filter.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Filter\"}}},{\"name\":\"scan.exiftool.Format\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Format.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Format\"}}},{\"name\":\"scan.exiftool.Format.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Format\"}}},{\"name\":\"scan.exiftool.HasXFA\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HasXFA.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HasXFA\"}}},{\"name\":\"scan.exiftool.HasXFA.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HasXFA\"}}},{\"name\":\"scan.exiftool.HeadingPairs\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HeadingPairs.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HeadingPairs\"}}},{\"name\":\"scan.exiftool.HeadingPairs.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HeadingPairs\"}}},{\"name\":\"scan.exiftool.HyperlinksChanged\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HyperlinksChanged.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HyperlinksChanged\"}}},{\"name\":\"scan.exiftool.HyperlinksChanged.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HyperlinksChanged\"}}},{\"name\":\"scan.exiftool.ImageHeight\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageHeight.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageHeight\"}}},{\"name\":\"scan.exiftool.ImageHeight.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageHeight\"}}},{\"name\":\"scan.exiftool.ImageSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageSize\"}}},{\"name\":\"scan.exiftool.ImageSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageSize\"}}},{\"name\":\"scan.exiftool.ImageVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageVersion\"}}},{\"name\":\"scan.exiftool.ImageVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageVersion\"}}},{\"name\":\"scan.exiftool.ImageWidth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageWidth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageWidth\"}}},{\"name\":\"scan.exiftool.ImageWidth.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageWidth\"}}},{\"name\":\"scan.exiftool.InitializedDataSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InitializedDataSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InitializedDataSize\"}}},{\"name\":\"scan.exiftool.InitializedDataSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InitializedDataSize\"}}},{\"name\":\"scan.exiftool.InstanceID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InstanceID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InstanceID\"}}},{\"name\":\"scan.exiftool.InstanceID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InstanceID\"}}},{\"name\":\"scan.exiftool.Interlace\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Interlace.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Interlace\"}}},{\"name\":\"scan.exiftool.Interlace.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Interlace\"}}},{\"name\":\"scan.exiftool.InternalName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InternalName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InternalName\"}}},{\"name\":\"scan.exiftool.InternalName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InternalName\"}}},{\"name\":\"scan.exiftool.Keywords\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Keywords.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Keywords\"}}},{\"name\":\"scan.exiftool.Keywords.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Keywords\"}}},{\"name\":\"scan.exiftool.Language\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Language.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Language\"}}},{\"name\":\"scan.exiftool.Language.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Language\"}}},{\"name\":\"scan.exiftool.LanguageCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LanguageCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LanguageCode\"}}},{\"name\":\"scan.exiftool.LanguageCode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LanguageCode\"}}},{\"name\":\"scan.exiftool.LastModifiedBy\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LastModifiedBy.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LastModifiedBy\"}}},{\"name\":\"scan.exiftool.LastModifiedBy.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LastModifiedBy\"}}},{\"name\":\"scan.exiftool.LegalCopyright\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LegalCopyright.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalCopyright\"}}},{\"name\":\"scan.exiftool.LegalCopyright.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalCopyright\"}}},{\"name\":\"scan.exiftool.LegalTrademarks\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LegalTrademarks.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalTrademarks\"}}},{\"name\":\"scan.exiftool.LegalTrademarks.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalTrademarks\"}}},{\"name\":\"scan.exiftool.Linearized\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Linearized.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Linearized\"}}},{\"name\":\"scan.exiftool.Linearized.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Linearized\"}}},{\"name\":\"scan.exiftool.Lines\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Lines.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Lines\"}}},{\"name\":\"scan.exiftool.Lines.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Lines\"}}},{\"name\":\"scan.exiftool.LinkerVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LinkerVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinkerVersion\"}}},{\"name\":\"scan.exiftool.LinkerVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinkerVersion\"}}},{\"name\":\"scan.exiftool.LinksUpToDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LinksUpToDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinksUpToDate\"}}},{\"name\":\"scan.exiftool.LinksUpToDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinksUpToDate\"}}},{\"name\":\"scan.exiftool.MIMEType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.MIMEType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MIMEType\"}}},{\"name\":\"scan.exiftool.MIMEType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MIMEType\"}}},{\"name\":\"scan.exiftool.MachineType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.MachineType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MachineType\"}}},{\"name\":\"scan.exiftool.MachineType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MachineType\"}}},{\"name\":\"scan.exiftool.Megapixels\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Megapixels.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Megapixels\"}}},{\"name\":\"scan.exiftool.Megapixels.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Megapixels\"}}},{\"name\":\"scan.exiftool.ModifyDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ModifyDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ModifyDate\"}}},{\"name\":\"scan.exiftool.ModifyDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ModifyDate\"}}},{\"name\":\"scan.exiftool.OSVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.OSVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OSVersion\"}}},{\"name\":\"scan.exiftool.OSVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OSVersion\"}}},{\"name\":\"scan.exiftool.ObjectFileType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ObjectFileType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ObjectFileType\"}}},{\"name\":\"scan.exiftool.ObjectFileType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ObjectFileType\"}}},{\"name\":\"scan.exiftool.OriginalFileName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.OriginalFileName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OriginalFileName\"}}},{\"name\":\"scan.exiftool.OriginalFileName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OriginalFileName\"}}},{\"name\":\"scan.exiftool.PDFVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PDFVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PDFVersion\"}}},{\"name\":\"scan.exiftool.PDFVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PDFVersion\"}}},{\"name\":\"scan.exiftool.PEType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PEType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PEType\"}}},{\"name\":\"scan.exiftool.PEType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PEType\"}}},{\"name\":\"scan.exiftool.PTEX_Fullbanner\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PTEX_Fullbanner.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PTEX_Fullbanner\"}}},{\"name\":\"scan.exiftool.PTEX_Fullbanner.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PTEX_Fullbanner\"}}},{\"name\":\"scan.exiftool.PageCount\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PageCount.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PageCount\"}}},{\"name\":\"scan.exiftool.PageCount.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PageCount\"}}},{\"name\":\"scan.exiftool.Pages\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Pages.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Pages\"}}},{\"name\":\"scan.exiftool.Pages.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Pages\"}}},{\"name\":\"scan.exiftool.Paragraphs\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Paragraphs.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Paragraphs\"}}},{\"name\":\"scan.exiftool.Paragraphs.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Paragraphs\"}}},{\"name\":\"scan.exiftool.PrivateBuild\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PrivateBuild.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PrivateBuild\"}}},{\"name\":\"scan.exiftool.PrivateBuild.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PrivateBuild\"}}},{\"name\":\"scan.exiftool.Producer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Producer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Producer\"}}},{\"name\":\"scan.exiftool.Producer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Producer\"}}},{\"name\":\"scan.exiftool.ProductName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductName\"}}},{\"name\":\"scan.exiftool.ProductName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductName\"}}},{\"name\":\"scan.exiftool.ProductVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersion\"}}},{\"name\":\"scan.exiftool.ProductVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersion\"}}},{\"name\":\"scan.exiftool.ProductVersionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductVersionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersionNumber\"}}},{\"name\":\"scan.exiftool.ProductVersionNumber.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersionNumber\"}}},{\"name\":\"scan.exiftool.RevisionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.RevisionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.RevisionNumber\"}}},{\"name\":\"scan.exiftool.RevisionNumber.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.RevisionNumber\"}}},{\"name\":\"scan.exiftool.ScaleCrop\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ScaleCrop.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ScaleCrop\"}}},{\"name\":\"scan.exiftool.ScaleCrop.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ScaleCrop\"}}},{\"name\":\"scan.exiftool.Security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Security.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Security\"}}},{\"name\":\"scan.exiftool.Security.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Security\"}}},{\"name\":\"scan.exiftool.SharedDoc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SharedDoc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SharedDoc\"}}},{\"name\":\"scan.exiftool.SharedDoc.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SharedDoc\"}}},{\"name\":\"scan.exiftool.Software\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Software.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Software\"}}},{\"name\":\"scan.exiftool.Software.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Software\"}}},{\"name\":\"scan.exiftool.SourceFile\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SourceFile.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SourceFile\"}}},{\"name\":\"scan.exiftool.SourceFile.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SourceFile\"}}},{\"name\":\"scan.exiftool.SpecialBuild\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SpecialBuild.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SpecialBuild\"}}},{\"name\":\"scan.exiftool.SpecialBuild.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SpecialBuild\"}}},{\"name\":\"scan.exiftool.Subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subject\"}}},{\"name\":\"scan.exiftool.Subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subject\"}}},{\"name\":\"scan.exiftool.Subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subsystem\"}}},{\"name\":\"scan.exiftool.Subsystem.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subsystem\"}}},{\"name\":\"scan.exiftool.SubsystemVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SubsystemVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SubsystemVersion\"}}},{\"name\":\"scan.exiftool.SubsystemVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SubsystemVersion\"}}},{\"name\":\"scan.exiftool.SvnRevision\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SvnRevision.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SvnRevision\"}}},{\"name\":\"scan.exiftool.SvnRevision.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SvnRevision\"}}},{\"name\":\"scan.exiftool.Template\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Template.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Template\"}}},{\"name\":\"scan.exiftool.Template.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Template\"}}},{\"name\":\"scan.exiftool.TimeStamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TimeStamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TimeStamp\"}}},{\"name\":\"scan.exiftool.TimeStamp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TimeStamp\"}}},{\"name\":\"scan.exiftool.Title\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Title.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Title\"}}},{\"name\":\"scan.exiftool.Title.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Title\"}}},{\"name\":\"scan.exiftool.TitleOfParts\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TitleOfParts.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TitleOfParts\"}}},{\"name\":\"scan.exiftool.TitleOfParts.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TitleOfParts\"}}},{\"name\":\"scan.exiftool.TotalEditTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TotalEditTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TotalEditTime\"}}},{\"name\":\"scan.exiftool.TotalEditTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TotalEditTime\"}}},{\"name\":\"scan.exiftool.Trapped\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Trapped.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Trapped\"}}},{\"name\":\"scan.exiftool.Trapped.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Trapped\"}}},{\"name\":\"scan.exiftool.UninitializedDataSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.UninitializedDataSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.UninitializedDataSize\"}}},{\"name\":\"scan.exiftool.UninitializedDataSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.UninitializedDataSize\"}}},{\"name\":\"scan.exiftool.Warning\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Warning.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Warning\"}}},{\"name\":\"scan.exiftool.Warning.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Warning\"}}},{\"name\":\"scan.exiftool.Words\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Words.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Words\"}}},{\"name\":\"scan.exiftool.Words.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Words\"}}},{\"name\":\"scan.exiftool.XMPToolkit\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.XMPToolkit.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.XMPToolkit\"}}},{\"name\":\"scan.exiftool.XMPToolkit.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.XMPToolkit\"}}},{\"name\":\"scan.exiftool.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.header.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.header.header\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.header.header.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.header.header\"}}},{\"name\":\"scan.header.header.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.header.header\"}}},{\"name\":\"scan.ini.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ini.keys.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.name\"}}},{\"name\":\"scan.ini.keys.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.name\"}}},{\"name\":\"scan.ini.keys.section\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.section.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.section\"}}},{\"name\":\"scan.ini.keys.section.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.section\"}}},{\"name\":\"scan.ini.keys.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.value\"}}},{\"name\":\"scan.ini.keys.value.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.value\"}}},{\"name\":\"scan.ini.sections\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.sections.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.sections\"}}},{\"name\":\"scan.ini.sections.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ini.sections\"}}},{\"name\":\"scan.libarchive.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.libarchive.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.libarchive.total.files\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.mmbot.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.mmbot.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.mmbot.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.mmbot.flags\"}}},{\"name\":\"scan.mmbot.flags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.mmbot.flags\"}}},{\"name\":\"scan.ocr.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ole.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ole.flags\"}}},{\"name\":\"scan.ole.flags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ole.flags\"}}},{\"name\":\"scan.ole.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.total.streams\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.total.objects\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.debug.age\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.debug.guid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.guid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.guid\"}}},{\"name\":\"scan.pe.debug.guid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.guid\"}}},{\"name\":\"scan.pe.debug.pdb\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.pdb.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.pdb\"}}},{\"name\":\"scan.pe.debug.pdb.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.pdb\"}}},{\"name\":\"scan.pe.debug.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.type\"}}},{\"name\":\"scan.pe.debug.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.type\"}}},{\"name\":\"scan.pe.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.file_info.fixed.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.flags\"}}},{\"name\":\"scan.pe.file_info.fixed.flags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.flags\"}}},{\"name\":\"scan.pe.file_info.fixed.operating_systems\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.operating_systems.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.operating_systems\"}}},{\"name\":\"scan.pe.file_info.fixed.operating_systems.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.operating_systems\"}}},{\"name\":\"scan.pe.file_info.fixed.type.primary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.type.primary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.type.primary\"}}},{\"name\":\"scan.pe.file_info.fixed.type.primary.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.type.primary\"}}},{\"name\":\"scan.pe.file_info.string.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.string.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.name\"}}},{\"name\":\"scan.pe.file_info.string.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.name\"}}},{\"name\":\"scan.pe.file_info.string.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.string.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.value\"}}},{\"name\":\"scan.pe.file_info.string.value.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.value\"}}},{\"name\":\"scan.pe.file_info.var.character_set\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.var.character_set.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.character_set\"}}},{\"name\":\"scan.pe.file_info.var.character_set.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.character_set\"}}},{\"name\":\"scan.pe.file_info.var.language\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.var.language.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.language\"}}},{\"name\":\"scan.pe.file_info.var.language.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.language\"}}},{\"name\":\"scan.pe.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.flags\"}}},{\"name\":\"scan.pe.flags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.flags\"}}},{\"name\":\"scan.pe.header.address.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.data\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.entry_point\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.alignment.file\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.alignment.section\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.characteristics.dll\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.characteristics.dll.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.dll\"}}},{\"name\":\"scan.pe.header.characteristics.dll.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.dll\"}}},{\"name\":\"scan.pe.header.characteristics.image\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.characteristics.image.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.image\"}}},{\"name\":\"scan.pe.header.characteristics.image.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.image\"}}},{\"name\":\"scan.pe.header.checksum\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.machine.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.machine.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.machine.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.machine.type\"}}},{\"name\":\"scan.pe.header.machine.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.machine.type\"}}},{\"name\":\"scan.pe.header.magic.dos\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.magic.dos.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.dos\"}}},{\"name\":\"scan.pe.header.magic.dos.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.dos\"}}},{\"name\":\"scan.pe.header.magic.image\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.magic.image.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.image\"}}},{\"name\":\"scan.pe.header.magic.image.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.image\"}}},{\"name\":\"scan.pe.header.size.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.data.initialized\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.data.uninitialized\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.headers\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.heap.commit\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.heap.reserve\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.stack.commit\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.stack.reserve\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.subsystem\"}}},{\"name\":\"scan.pe.header.subsystem.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.subsystem\"}}},{\"name\":\"scan.pe.header.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.linker\",\"type\":\"number\",\"esTypes\":[\"float\",\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.operating_system\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.subsystem\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.imphash\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.imphash.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.imphash\"}}},{\"name\":\"scan.pe.imphash.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.imphash\"}}},{\"name\":\"scan.pe.resources.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.resources.language.primary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.language.primary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.primary\"}}},{\"name\":\"scan.pe.resources.language.primary.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.primary\"}}},{\"name\":\"scan.pe.resources.language.sub\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.language.sub.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.sub\"}}},{\"name\":\"scan.pe.resources.language.sub.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.sub\"}}},{\"name\":\"scan.pe.resources.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.name\"}}},{\"name\":\"scan.pe.resources.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.name\"}}},{\"name\":\"scan.pe.resources.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.type\"}}},{\"name\":\"scan.pe.resources.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.type\"}}},{\"name\":\"scan.pe.sections.address.physical\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.address.virtual\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.characteristics\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.sections.characteristics.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.characteristics\"}}},{\"name\":\"scan.pe.sections.characteristics.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.characteristics\"}}},{\"name\":\"scan.pe.sections.entropy\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.sections.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.name\"}}},{\"name\":\"scan.pe.sections.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.name\"}}},{\"name\":\"scan.pe.sections.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.symbols.exported\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.exported.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.exported\"}}},{\"name\":\"scan.pe.symbols.exported.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.exported\"}}},{\"name\":\"scan.pe.symbols.imported\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.imported.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.imported\"}}},{\"name\":\"scan.pe.symbols.imported.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.imported\"}}},{\"name\":\"scan.pe.symbols.libraries\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.libraries.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.libraries\"}}},{\"name\":\"scan.pe.symbols.libraries.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.libraries\"}}},{\"name\":\"scan.pe.symbols.table.address\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.symbols.table.library\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.library.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.library\"}}},{\"name\":\"scan.pe.symbols.table.library.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.library\"}}},{\"name\":\"scan.pe.symbols.table.symbol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.symbol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbol\"}}},{\"name\":\"scan.pe.symbols.table.symbol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbol\"}}},{\"name\":\"scan.pe.symbols.table.symbols\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.symbols.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbols\"}}},{\"name\":\"scan.pe.symbols.table.symbols.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbols\"}}},{\"name\":\"scan.pe.symbols.table.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.type\"}}},{\"name\":\"scan.pe.symbols.table.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.type\"}}},{\"name\":\"scan.pe.total.libraries\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.resources\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.sections\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.symbols\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.total.certificates\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.upx.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.url.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.url.urls\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.url.urls.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.url.urls\"}}},{\"name\":\"scan.url.urls.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.url.urls\"}}},{\"name\":\"scan.vb.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vb.functions\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.functions.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.functions\"}}},{\"name\":\"scan.vb.functions.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.functions\"}}},{\"name\":\"scan.vb.names\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.names.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.names\"}}},{\"name\":\"scan.vb.names.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.names\"}}},{\"name\":\"scan.vb.operators\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.operators.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.operators\"}}},{\"name\":\"scan.vb.operators.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.operators\"}}},{\"name\":\"scan.vb.strings\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.strings.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.strings\"}}},{\"name\":\"scan.vb.strings.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.strings\"}}},{\"name\":\"scan.vb.tokens\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.tokens.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.tokens\"}}},{\"name\":\"scan.vb.tokens.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.tokens\"}}},{\"name\":\"scan.vba.auto_exec\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.auto_exec.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.auto_exec\"}}},{\"name\":\"scan.vba.auto_exec.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vba.auto_exec\"}}},{\"name\":\"scan.vba.base64\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.base64.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.base64\"}}},{\"name\":\"scan.vba.base64.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vba.base64\"}}},{\"name\":\"scan.vba.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vba.ioc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.ioc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.ioc\"}}},{\"name\":\"scan.vba.ioc.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vba.ioc\"}}},{\"name\":\"scan.vba.suspicious\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.suspicious.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.suspicious\"}}},{\"name\":\"scan.vba.suspicious.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vba.suspicious\"}}},{\"name\":\"scan.vba.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vba.total.files\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.expired\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.fingerprint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.fingerprint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.fingerprint\"}}},{\"name\":\"scan.x509.fingerprint.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.x509.fingerprint\"}}},{\"name\":\"scan.x509.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.issuer\"}}},{\"name\":\"scan.x509.issuer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.x509.issuer\"}}},{\"name\":\"scan.x509.not_after\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.not_before\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.serial_number\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.serial_number.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.serial_number\"}}},{\"name\":\"scan.x509.serial_number.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.x509.serial_number\"}}},{\"name\":\"scan.x509.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.subject\"}}},{\"name\":\"scan.x509.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.x509.subject\"}}},{\"name\":\"scan.x509.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.namespaces\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.namespaces.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.namespaces\"}}},{\"name\":\"scan.xml.namespaces.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.xml.namespaces\"}}},{\"name\":\"scan.xml.tags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.tags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.tags\"}}},{\"name\":\"scan.xml.tags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.xml.tags\"}}},{\"name\":\"scan.xml.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.total.tags\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.version\"}}},{\"name\":\"scan.xml.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.xml.version\"}}},{\"name\":\"scan.yara.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.yara.matches\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.yara.matches.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.yara.matches\"}}},{\"name\":\"scan.yara.matches.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.yara.matches\"}}},{\"name\":\"server.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.address\"}}},{\"name\":\"server.address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"server.address\"}}},{\"name\":\"server.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.ip_bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.port\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.reply_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.reply_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.reply_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.reply_message\"}}},{\"name\":\"server.reply_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"server.reply_message\"}}},{\"name\":\"server.status_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.status_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.status_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.status_message\"}}},{\"name\":\"server.status_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"server.status_message\"}}},{\"name\":\"sip.call_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.call_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.call_id\"}}},{\"name\":\"sip.call_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.call_id\"}}},{\"name\":\"sip.content_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.content_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.content_type\"}}},{\"name\":\"sip.content_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.content_type\"}}},{\"name\":\"sip.date\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.date.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.date\"}}},{\"name\":\"sip.date.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.date\"}}},{\"name\":\"sip.method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.method\"}}},{\"name\":\"sip.method.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.method\"}}},{\"name\":\"sip.request.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.request.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.from\"}}},{\"name\":\"sip.request.from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.request.from\"}}},{\"name\":\"sip.request.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.path\"}}},{\"name\":\"sip.request.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.request.path\"}}},{\"name\":\"sip.request.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.to\"}}},{\"name\":\"sip.request.to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.request.to\"}}},{\"name\":\"sip.response.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.response.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.from\"}}},{\"name\":\"sip.response.from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.response.from\"}}},{\"name\":\"sip.response.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.path\"}}},{\"name\":\"sip.response.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.response.path\"}}},{\"name\":\"sip.response.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.to\"}}},{\"name\":\"sip.response.to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.response.to\"}}},{\"name\":\"sip.seq\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.seq.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.seq\"}}},{\"name\":\"sip.seq.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.seq\"}}},{\"name\":\"sip.transaction.depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.uri\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.uri.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.uri\"}}},{\"name\":\"sip.uri.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.uri\"}}},{\"name\":\"sip.warning\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.warning.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.warning\"}}},{\"name\":\"sip.warning.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.warning\"}}},{\"name\":\"smb.file_system\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.file_system.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.file_system\"}}},{\"name\":\"smb.file_system.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smb.file_system\"}}},{\"name\":\"smb.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.path\"}}},{\"name\":\"smb.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smb.path\"}}},{\"name\":\"smb.service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.service.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.service\"}}},{\"name\":\"smb.service.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smb.service\"}}},{\"name\":\"smb.share_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.share_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.share_type\"}}},{\"name\":\"smb.share_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smb.share_type\"}}},{\"name\":\"smtp.cc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.cc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.cc\"}}},{\"name\":\"smtp.cc.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.cc\"}}},{\"name\":\"smtp.first_received\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.first_received.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.first_received\"}}},{\"name\":\"smtp.first_received.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.first_received\"}}},{\"name\":\"smtp.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.from\"}}},{\"name\":\"smtp.from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.from\"}}},{\"name\":\"smtp.helo\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.helo.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.helo\"}}},{\"name\":\"smtp.helo.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.helo\"}}},{\"name\":\"smtp.in_reply_to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.in_reply_to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.in_reply_to\"}}},{\"name\":\"smtp.in_reply_to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.in_reply_to\"}}},{\"name\":\"smtp.is_webmail\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.last_reply\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.last_reply.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.last_reply\"}}},{\"name\":\"smtp.last_reply.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.last_reply\"}}},{\"name\":\"smtp.mail_date\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.mail_date.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_date\"}}},{\"name\":\"smtp.mail_date.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_date\"}}},{\"name\":\"smtp.mail_from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.mail_from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_from\"}}},{\"name\":\"smtp.mail_from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_from\"}}},{\"name\":\"smtp.message_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.message_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.message_id\"}}},{\"name\":\"smtp.message_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.message_id\"}}},{\"name\":\"smtp.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.path\"}}},{\"name\":\"smtp.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.path\"}}},{\"name\":\"smtp.recipient_to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.recipient_to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.recipient_to\"}}},{\"name\":\"smtp.recipient_to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.recipient_to\"}}},{\"name\":\"smtp.second_received\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.second_received.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.second_received\"}}},{\"name\":\"smtp.second_received.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.second_received\"}}},{\"name\":\"smtp.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.subject\"}}},{\"name\":\"smtp.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.subject\"}}},{\"name\":\"smtp.tls\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.to\"}}},{\"name\":\"smtp.to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.to\"}}},{\"name\":\"smtp.transaction_depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.useragent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.useragent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.useragent\"}}},{\"name\":\"smtp.useragent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.useragent\"}}},{\"name\":\"snmp.community\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.community.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.community\"}}},{\"name\":\"snmp.community.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"snmp.community\"}}},{\"name\":\"snmp.display_string\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.display_string.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.display_string\"}}},{\"name\":\"snmp.display_string.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"snmp.display_string\"}}},{\"name\":\"snmp.get.bulk_requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.get.requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.get.responses\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.set.requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.up_since\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.up_since.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.up_since\"}}},{\"name\":\"snmp.up_since.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"snmp.up_since\"}}},{\"name\":\"snmp.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.version\"}}},{\"name\":\"snmp.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"snmp.version\"}}},{\"name\":\"socks.bound.host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.bound.host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.bound.host\"}}},{\"name\":\"socks.bound.host.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"socks.bound.host\"}}},{\"name\":\"socks.bound.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"socks.request.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.request.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.request.name\"}}},{\"name\":\"socks.request.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"socks.request.name\"}}},{\"name\":\"socks.request.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"socks.status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.status\"}}},{\"name\":\"socks.status.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"socks.status\"}}},{\"name\":\"socks.user\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.user.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.user\"}}},{\"name\":\"socks.user.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"socks.user\"}}},{\"name\":\"socks.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.name\"}}},{\"name\":\"software.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"software.name\"}}},{\"name\":\"software.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.type\"}}},{\"name\":\"software.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"software.type\"}}},{\"name\":\"software.version.additional_info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.version.additional_info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.version.additional_info\"}}},{\"name\":\"software.version.additional_info.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"software.version.additional_info\"}}},{\"name\":\"software.version.major\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.minor\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.minor2\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.unparsed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.version.unparsed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.version.unparsed\"}}},{\"name\":\"software.version.unparsed.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"software.version.unparsed\"}}},{\"name\":\"source.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.city_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.city_name\"}}},{\"name\":\"source.geo.city_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.city_name\"}}},{\"name\":\"source.geo.continent_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.continent_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.continent_name\"}}},{\"name\":\"source.geo.continent_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.continent_name\"}}},{\"name\":\"source.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.country_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_iso_code\"}}},{\"name\":\"source.geo.country_iso_code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_iso_code\"}}},{\"name\":\"source.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.country_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_name\"}}},{\"name\":\"source.geo.country_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_name\"}}},{\"name\":\"source.geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location.lat\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location.lon\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.region_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_iso_code\"}}},{\"name\":\"source.geo.region_iso_code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_iso_code\"}}},{\"name\":\"source.geo.region_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.region_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_name\"}}},{\"name\":\"source.geo.region_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_name\"}}},{\"name\":\"source.geo.timezone\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.timezone.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.timezone\"}}},{\"name\":\"source.geo.timezone.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.timezone\"}}},{\"name\":\"source.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.hostname\"}}},{\"name\":\"source.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.hostname\"}}},{\"name\":\"source.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.authentication.attempts\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.authentication.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.cipher_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.cipher_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.cipher_algorithm\"}}},{\"name\":\"ssh.cipher_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.cipher_algorithm\"}}},{\"name\":\"ssh.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.client\"}}},{\"name\":\"ssh.client.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.client\"}}},{\"name\":\"ssh.client_host_key_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.client_host_key_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.client_host_key_algorithms\"}}},{\"name\":\"ssh.client_host_key_algorithms.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.client_host_key_algorithms\"}}},{\"name\":\"ssh.compression_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.compression_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.compression_algorithm\"}}},{\"name\":\"ssh.compression_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.compression_algorithm\"}}},{\"name\":\"ssh.direction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.direction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.direction\"}}},{\"name\":\"ssh.direction.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.direction\"}}},{\"name\":\"ssh.hassh_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_algorithms\"}}},{\"name\":\"ssh.hassh_algorithms.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_algorithms\"}}},{\"name\":\"ssh.hassh_server\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_server.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server\"}}},{\"name\":\"ssh.hassh_server.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server\"}}},{\"name\":\"ssh.hassh_server_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_server_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server_algorithms\"}}},{\"name\":\"ssh.hassh_server_algorithms.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server_algorithms\"}}},{\"name\":\"ssh.hassh_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_version\"}}},{\"name\":\"ssh.hassh_version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_version\"}}},{\"name\":\"ssh.host_key\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.host_key.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key\"}}},{\"name\":\"ssh.host_key.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key\"}}},{\"name\":\"ssh.host_key_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.host_key_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key_algorithm\"}}},{\"name\":\"ssh.host_key_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key_algorithm\"}}},{\"name\":\"ssh.kex_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.kex_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.kex_algorithm\"}}},{\"name\":\"ssh.kex_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.kex_algorithm\"}}},{\"name\":\"ssh.mac_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.mac_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.mac_algorithm\"}}},{\"name\":\"ssh.mac_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.mac_algorithm\"}}},{\"name\":\"ssh.server\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.server.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.server\"}}},{\"name\":\"ssh.server.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.server\"}}},{\"name\":\"ssh.server_host_key_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.server_host_key_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.server_host_key_algorithms\"}}},{\"name\":\"ssh.server_host_key_algorithms.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.server_host_key_algorithms\"}}},{\"name\":\"ssh.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.certificate.chain_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.chain_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.chain_fuids\"}}},{\"name\":\"ssl.certificate.chain_fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.chain_fuids\"}}},{\"name\":\"ssl.certificate.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.issuer\"}}},{\"name\":\"ssl.certificate.issuer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.issuer\"}}},{\"name\":\"ssl.certificate.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.subject\"}}},{\"name\":\"ssl.certificate.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.subject\"}}},{\"name\":\"ssl.cipher\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.cipher.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.cipher\"}}},{\"name\":\"ssl.cipher.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.cipher\"}}},{\"name\":\"ssl.client.certificate.chain_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.certificate.chain_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.certificate.chain_fuids\"}}},{\"name\":\"ssl.client.certificate.chain_fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.client.certificate.chain_fuids\"}}},{\"name\":\"ssl.client.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.issuer\"}}},{\"name\":\"ssl.client.issuer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.client.issuer\"}}},{\"name\":\"ssl.client.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.subject\"}}},{\"name\":\"ssl.client.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.client.subject\"}}},{\"name\":\"ssl.curve\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.curve.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.curve\"}}},{\"name\":\"ssl.curve.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.curve\"}}},{\"name\":\"ssl.established\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.last_alert\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.last_alert.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.last_alert\"}}},{\"name\":\"ssl.last_alert.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.last_alert\"}}},{\"name\":\"ssl.next_protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.next_protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.next_protocol\"}}},{\"name\":\"ssl.next_protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.next_protocol\"}}},{\"name\":\"ssl.resumed\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.server_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.server_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.server_name\"}}},{\"name\":\"ssl.server_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.server_name\"}}},{\"name\":\"ssl.validation_status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.validation_status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.validation_status\"}}},{\"name\":\"ssl.validation_status.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.validation_status\"}}},{\"name\":\"ssl.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.version\"}}},{\"name\":\"ssl.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.version\"}}},{\"name\":\"syslog.facility\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog.facility.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"syslog.facility\"}}},{\"name\":\"syslog.facility.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"syslog.facility\"}}},{\"name\":\"syslog.severity\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog.severity.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"syslog.severity\"}}},{\"name\":\"syslog.severity.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"syslog.severity\"}}},{\"name\":\"tags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tags\"}}},{\"name\":\"tunnel.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tunnel.type\"}}},{\"name\":\"tunnel.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"tunnel.type\"}}},{\"name\":\"user.escalated\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.escalated.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.escalated\"}}},{\"name\":\"user.escalated.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"user.escalated\"}}},{\"name\":\"user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.name\"}}},{\"name\":\"user.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"user.name\"}}},{\"name\":\"version.minor3\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"weird.additional_info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.additional_info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.additional_info\"}}},{\"name\":\"weird.additional_info.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"weird.additional_info\"}}},{\"name\":\"weird.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.name\"}}},{\"name\":\"weird.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"weird.name\"}}},{\"name\":\"weird.notice\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"weird.peer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.peer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.peer\"}}},{\"name\":\"weird.peer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"weird.peer\"}}},{\"name\":\"winlog.activity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.activity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.activity_id\"}}},{\"name\":\"winlog.activity_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.activity_id\"}}},{\"name\":\"winlog.api\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.api.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.api\"}}},{\"name\":\"winlog.api.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.api\"}}},{\"name\":\"winlog.channel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.channel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.channel\"}}},{\"name\":\"winlog.channel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.channel\"}}},{\"name\":\"winlog.computer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.computer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.computer\"}}},{\"name\":\"winlog.computer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.computer\"}}},{\"name\":\"winlog.computer_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.computer_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.computer_name\"}}},{\"name\":\"winlog.computer_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.computer_name\"}}},{\"name\":\"winlog.eventRecordID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.eventRecordID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.eventRecordID\"}}},{\"name\":\"winlog.eventRecordID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.eventRecordID\"}}},{\"name\":\"winlog.eventSourceName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.eventSourceName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.eventSourceName\"}}},{\"name\":\"winlog.eventSourceName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.eventSourceName\"}}},{\"name\":\"winlog.event_data.AccessList\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.AccessList.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AccessList\"}}},{\"name\":\"winlog.event_data.AccessList.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AccessList\"}}},{\"name\":\"winlog.event_data.AccessMask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.AccessMask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AccessMask\"}}},{\"name\":\"winlog.event_data.AccessMask.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AccessMask\"}}},{\"name\":\"winlog.event_data.Address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Address\"}}},{\"name\":\"winlog.event_data.Address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Address\"}}},{\"name\":\"winlog.event_data.AddressLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.AddressLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AddressLength\"}}},{\"name\":\"winlog.event_data.AddressLength.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AddressLength\"}}},{\"name\":\"winlog.event_data.Binary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Binary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Binary\"}}},{\"name\":\"winlog.event_data.Binary.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Binary\"}}},{\"name\":\"winlog.event_data.CreationUtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.CreationUtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.CreationUtcTime\"}}},{\"name\":\"winlog.event_data.CreationUtcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.CreationUtcTime\"}}},{\"name\":\"winlog.event_data.DeviceName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceName\"}}},{\"name\":\"winlog.event_data.DeviceName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceName\"}}},{\"name\":\"winlog.event_data.DeviceNameLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceNameLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceNameLength\"}}},{\"name\":\"winlog.event_data.DeviceNameLength.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceNameLength\"}}},{\"name\":\"winlog.event_data.DeviceTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceTime\"}}},{\"name\":\"winlog.event_data.DeviceTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceTime\"}}},{\"name\":\"winlog.event_data.DeviceVersionMajor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceVersionMajor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMajor\"}}},{\"name\":\"winlog.event_data.DeviceVersionMajor.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMajor\"}}},{\"name\":\"winlog.event_data.DeviceVersionMinor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceVersionMinor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMinor\"}}},{\"name\":\"winlog.event_data.DeviceVersionMinor.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMinor\"}}},{\"name\":\"winlog.event_data.DirtyPages\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DirtyPages.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DirtyPages\"}}},{\"name\":\"winlog.event_data.DirtyPages.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DirtyPages\"}}},{\"name\":\"winlog.event_data.FileName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.FileName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.FileName\"}}},{\"name\":\"winlog.event_data.FileName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.FileName\"}}},{\"name\":\"winlog.event_data.FinalStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.FinalStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.FinalStatus\"}}},{\"name\":\"winlog.event_data.FinalStatus.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.FinalStatus\"}}},{\"name\":\"winlog.event_data.HandleId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.HandleId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HandleId\"}}},{\"name\":\"winlog.event_data.HandleId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HandleId\"}}},{\"name\":\"winlog.event_data.Hashes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Hashes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Hashes\"}}},{\"name\":\"winlog.event_data.Hashes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Hashes\"}}},{\"name\":\"winlog.event_data.HiveName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.HiveName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HiveName\"}}},{\"name\":\"winlog.event_data.HiveName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HiveName\"}}},{\"name\":\"winlog.event_data.HiveNameLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.HiveNameLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HiveNameLength\"}}},{\"name\":\"winlog.event_data.HiveNameLength.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HiveNameLength\"}}},{\"name\":\"winlog.event_data.ImageLoaded\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ImageLoaded.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ImageLoaded\"}}},{\"name\":\"winlog.event_data.ImageLoaded.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ImageLoaded\"}}},{\"name\":\"winlog.event_data.IntegrityLevel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.IntegrityLevel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.IntegrityLevel\"}}},{\"name\":\"winlog.event_data.IntegrityLevel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.IntegrityLevel\"}}},{\"name\":\"winlog.event_data.KeysUpdated\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.KeysUpdated.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.KeysUpdated\"}}},{\"name\":\"winlog.event_data.KeysUpdated.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.KeysUpdated\"}}},{\"name\":\"winlog.event_data.LinkName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.LinkName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LinkName\"}}},{\"name\":\"winlog.event_data.LinkName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LinkName\"}}},{\"name\":\"winlog.event_data.LogonGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.LogonGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonGuid\"}}},{\"name\":\"winlog.event_data.LogonGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonGuid\"}}},{\"name\":\"winlog.event_data.LogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.LogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonId\"}}},{\"name\":\"winlog.event_data.LogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonId\"}}},{\"name\":\"winlog.event_data.NewSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.NewSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewSize\"}}},{\"name\":\"winlog.event_data.NewSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewSize\"}}},{\"name\":\"winlog.event_data.NewState\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.NewState.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewState\"}}},{\"name\":\"winlog.event_data.NewState.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewState\"}}},{\"name\":\"winlog.event_data.NewTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.NewTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewTime\"}}},{\"name\":\"winlog.event_data.NewTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewTime\"}}},{\"name\":\"winlog.event_data.ObjectName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ObjectName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectName\"}}},{\"name\":\"winlog.event_data.ObjectName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectName\"}}},{\"name\":\"winlog.event_data.ObjectServer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ObjectServer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectServer\"}}},{\"name\":\"winlog.event_data.ObjectServer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectServer\"}}},{\"name\":\"winlog.event_data.ObjectType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ObjectType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectType\"}}},{\"name\":\"winlog.event_data.ObjectType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectType\"}}},{\"name\":\"winlog.event_data.OldTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.OldTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.OldTime\"}}},{\"name\":\"winlog.event_data.OldTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.OldTime\"}}},{\"name\":\"winlog.event_data.OriginalSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.OriginalSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.OriginalSize\"}}},{\"name\":\"winlog.event_data.OriginalSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.OriginalSize\"}}},{\"name\":\"winlog.event_data.PreviousCreationUtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.PreviousCreationUtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousCreationUtcTime\"}}},{\"name\":\"winlog.event_data.PreviousCreationUtcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousCreationUtcTime\"}}},{\"name\":\"winlog.event_data.PreviousTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.PreviousTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousTime\"}}},{\"name\":\"winlog.event_data.PreviousTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousTime\"}}},{\"name\":\"winlog.event_data.ProcessID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ProcessID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessID\"}}},{\"name\":\"winlog.event_data.ProcessID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessID\"}}},{\"name\":\"winlog.event_data.ProcessId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ProcessId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessId\"}}},{\"name\":\"winlog.event_data.ProcessId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessId\"}}},{\"name\":\"winlog.event_data.ProcessName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ProcessName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessName\"}}},{\"name\":\"winlog.event_data.ProcessName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessName\"}}},{\"name\":\"winlog.event_data.QueryName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryName\"}}},{\"name\":\"winlog.event_data.QueryName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryName\"}}},{\"name\":\"winlog.event_data.QueryResults\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryResults.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryResults\"}}},{\"name\":\"winlog.event_data.QueryResults.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryResults\"}}},{\"name\":\"winlog.event_data.QueryStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryStatus\"}}},{\"name\":\"winlog.event_data.QueryStatus.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryStatus\"}}},{\"name\":\"winlog.event_data.Reason\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Reason.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Reason\"}}},{\"name\":\"winlog.event_data.Reason.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Reason\"}}},{\"name\":\"winlog.event_data.ResourceAttributes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ResourceAttributes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ResourceAttributes\"}}},{\"name\":\"winlog.event_data.ResourceAttributes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ResourceAttributes\"}}},{\"name\":\"winlog.event_data.ResourceManager\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ResourceManager.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ResourceManager\"}}},{\"name\":\"winlog.event_data.ResourceManager.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ResourceManager\"}}},{\"name\":\"winlog.event_data.RuleName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.RuleName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.RuleName\"}}},{\"name\":\"winlog.event_data.RuleName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.RuleName\"}}},{\"name\":\"winlog.event_data.Signature\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Signature.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signature\"}}},{\"name\":\"winlog.event_data.Signature.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signature\"}}},{\"name\":\"winlog.event_data.SignatureStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SignatureStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SignatureStatus\"}}},{\"name\":\"winlog.event_data.SignatureStatus.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SignatureStatus\"}}},{\"name\":\"winlog.event_data.Signed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Signed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signed\"}}},{\"name\":\"winlog.event_data.Signed.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signed\"}}},{\"name\":\"winlog.event_data.SubjectDomainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectDomainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectDomainName\"}}},{\"name\":\"winlog.event_data.SubjectDomainName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectDomainName\"}}},{\"name\":\"winlog.event_data.SubjectLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectLogonId\"}}},{\"name\":\"winlog.event_data.SubjectLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectLogonId\"}}},{\"name\":\"winlog.event_data.SubjectUserSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectUserSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectUserSid\"}}},{\"name\":\"winlog.event_data.SubjectUserSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectUserSid\"}}},{\"name\":\"winlog.event_data.TerminalSessionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TerminalSessionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TerminalSessionId\"}}},{\"name\":\"winlog.event_data.TerminalSessionId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TerminalSessionId\"}}},{\"name\":\"winlog.event_data.TransactionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TransactionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TransactionId\"}}},{\"name\":\"winlog.event_data.TransactionId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TransactionId\"}}},{\"name\":\"winlog.event_data.UtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.UtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.UtcTime\"}}},{\"name\":\"winlog.event_data.UtcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.UtcTime\"}}},{\"name\":\"winlog.event_data.authenticationPackageName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.authenticationPackageName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.authenticationPackageName\"}}},{\"name\":\"winlog.event_data.authenticationPackageName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.authenticationPackageName\"}}},{\"name\":\"winlog.event_data.callerProcessId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.callerProcessId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.callerProcessId\"}}},{\"name\":\"winlog.event_data.callerProcessId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.callerProcessId\"}}},{\"name\":\"winlog.event_data.callerProcessName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.callerProcessName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.callerProcessName\"}}},{\"name\":\"winlog.event_data.callerProcessName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.callerProcessName\"}}},{\"name\":\"winlog.event_data.clientProcessId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.clientProcessId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.clientProcessId\"}}},{\"name\":\"winlog.event_data.clientProcessId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.clientProcessId\"}}},{\"name\":\"winlog.event_data.countOfCredentialsReturned\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.countOfCredentialsReturned.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.countOfCredentialsReturned\"}}},{\"name\":\"winlog.event_data.countOfCredentialsReturned.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.countOfCredentialsReturned\"}}},{\"name\":\"winlog.event_data.creationUtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.creationUtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.creationUtcTime\"}}},{\"name\":\"winlog.event_data.creationUtcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.creationUtcTime\"}}},{\"name\":\"winlog.event_data.data\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.data.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.data\"}}},{\"name\":\"winlog.event_data.data.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.data\"}}},{\"name\":\"winlog.event_data.destinationIsIpv6\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.destinationIsIpv6.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.destinationIsIpv6\"}}},{\"name\":\"winlog.event_data.destinationIsIpv6.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.destinationIsIpv6\"}}},{\"name\":\"winlog.event_data.destinationPortName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.destinationPortName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.destinationPortName\"}}},{\"name\":\"winlog.event_data.destinationPortName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.destinationPortName\"}}},{\"name\":\"winlog.event_data.details\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.details.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.details\"}}},{\"name\":\"winlog.event_data.details.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.details\"}}},{\"name\":\"winlog.event_data.elevatedToken\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.elevatedToken.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.elevatedToken\"}}},{\"name\":\"winlog.event_data.elevatedToken.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.elevatedToken\"}}},{\"name\":\"winlog.event_data.errorCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.errorCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.errorCode\"}}},{\"name\":\"winlog.event_data.errorCode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.errorCode\"}}},{\"name\":\"winlog.event_data.eventType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.eventType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.eventType\"}}},{\"name\":\"winlog.event_data.eventType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.eventType\"}}},{\"name\":\"winlog.event_data.hashes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.hashes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.hashes\"}}},{\"name\":\"winlog.event_data.hashes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.hashes\"}}},{\"name\":\"winlog.event_data.imagePath\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.imagePath.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.imagePath\"}}},{\"name\":\"winlog.event_data.imagePath.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.imagePath\"}}},{\"name\":\"winlog.event_data.impersonationLevel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.impersonationLevel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.impersonationLevel\"}}},{\"name\":\"winlog.event_data.impersonationLevel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.impersonationLevel\"}}},{\"name\":\"winlog.event_data.initiated\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.initiated.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.initiated\"}}},{\"name\":\"winlog.event_data.initiated.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.initiated\"}}},{\"name\":\"winlog.event_data.integrityLevel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.integrityLevel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.integrityLevel\"}}},{\"name\":\"winlog.event_data.integrityLevel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.integrityLevel\"}}},{\"name\":\"winlog.event_data.keyLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.keyLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.keyLength\"}}},{\"name\":\"winlog.event_data.keyLength.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.keyLength\"}}},{\"name\":\"winlog.event_data.logonGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.logonGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonGuid\"}}},{\"name\":\"winlog.event_data.logonGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonGuid\"}}},{\"name\":\"winlog.event_data.logonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.logonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonId\"}}},{\"name\":\"winlog.event_data.logonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonId\"}}},{\"name\":\"winlog.event_data.logonProcessName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.logonProcessName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonProcessName\"}}},{\"name\":\"winlog.event_data.logonProcessName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonProcessName\"}}},{\"name\":\"winlog.event_data.logonType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.logonType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonType\"}}},{\"name\":\"winlog.event_data.logonType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonType\"}}},{\"name\":\"winlog.event_data.param1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param1\"}}},{\"name\":\"winlog.event_data.param1.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param1\"}}},{\"name\":\"winlog.event_data.param10\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param10.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param10\"}}},{\"name\":\"winlog.event_data.param10.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param10\"}}},{\"name\":\"winlog.event_data.param11\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param11.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param11\"}}},{\"name\":\"winlog.event_data.param11.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param11\"}}},{\"name\":\"winlog.event_data.param16\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param16.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param16\"}}},{\"name\":\"winlog.event_data.param16.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param16\"}}},{\"name\":\"winlog.event_data.param19\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param19.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param19\"}}},{\"name\":\"winlog.event_data.param19.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param19\"}}},{\"name\":\"winlog.event_data.param2\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param2.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param2\"}}},{\"name\":\"winlog.event_data.param2.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param2\"}}},{\"name\":\"winlog.event_data.param20\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param20.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param20\"}}},{\"name\":\"winlog.event_data.param20.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param20\"}}},{\"name\":\"winlog.event_data.param21\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param21.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param21\"}}},{\"name\":\"winlog.event_data.param21.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param21\"}}},{\"name\":\"winlog.event_data.param22\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param22.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param22\"}}},{\"name\":\"winlog.event_data.param22.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param22\"}}},{\"name\":\"winlog.event_data.param23\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param23.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param23\"}}},{\"name\":\"winlog.event_data.param23.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param23\"}}},{\"name\":\"winlog.event_data.param3\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param3.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param3\"}}},{\"name\":\"winlog.event_data.param3.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param3\"}}},{\"name\":\"winlog.event_data.param4\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param4.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param4\"}}},{\"name\":\"winlog.event_data.param4.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param4\"}}},{\"name\":\"winlog.event_data.param5\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param5.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param5\"}}},{\"name\":\"winlog.event_data.param5.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param5\"}}},{\"name\":\"winlog.event_data.param6\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param6.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param6\"}}},{\"name\":\"winlog.event_data.param6.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param6\"}}},{\"name\":\"winlog.event_data.param7\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param7.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param7\"}}},{\"name\":\"winlog.event_data.param7.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param7\"}}},{\"name\":\"winlog.event_data.param8\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param8.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param8\"}}},{\"name\":\"winlog.event_data.param8.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param8\"}}},{\"name\":\"winlog.event_data.param9\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param9.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param9\"}}},{\"name\":\"winlog.event_data.param9.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param9\"}}},{\"name\":\"winlog.event_data.privilegeList\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.privilegeList.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.privilegeList\"}}},{\"name\":\"winlog.event_data.privilegeList.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.privilegeList\"}}},{\"name\":\"winlog.event_data.processCreationTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.processCreationTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processCreationTime\"}}},{\"name\":\"winlog.event_data.processCreationTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processCreationTime\"}}},{\"name\":\"winlog.event_data.processId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.processId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processId\"}}},{\"name\":\"winlog.event_data.processId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processId\"}}},{\"name\":\"winlog.event_data.processName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.processName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processName\"}}},{\"name\":\"winlog.event_data.processName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processName\"}}},{\"name\":\"winlog.event_data.protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.protocol\"}}},{\"name\":\"winlog.event_data.protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.protocol\"}}},{\"name\":\"winlog.event_data.queryName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.queryName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryName\"}}},{\"name\":\"winlog.event_data.queryName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryName\"}}},{\"name\":\"winlog.event_data.queryResults\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.queryResults.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryResults\"}}},{\"name\":\"winlog.event_data.queryResults.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryResults\"}}},{\"name\":\"winlog.event_data.queryStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.queryStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryStatus\"}}},{\"name\":\"winlog.event_data.queryStatus.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryStatus\"}}},{\"name\":\"winlog.event_data.readOperation\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.readOperation.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.readOperation\"}}},{\"name\":\"winlog.event_data.readOperation.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.readOperation\"}}},{\"name\":\"winlog.event_data.returnCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.returnCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.returnCode\"}}},{\"name\":\"winlog.event_data.returnCode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.returnCode\"}}},{\"name\":\"winlog.event_data.ruleName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ruleName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ruleName\"}}},{\"name\":\"winlog.event_data.ruleName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ruleName\"}}},{\"name\":\"winlog.event_data.serviceGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.serviceGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceGuid\"}}},{\"name\":\"winlog.event_data.serviceGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceGuid\"}}},{\"name\":\"winlog.event_data.serviceName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.serviceName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceName\"}}},{\"name\":\"winlog.event_data.serviceName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceName\"}}},{\"name\":\"winlog.event_data.serviceType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.serviceType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceType\"}}},{\"name\":\"winlog.event_data.serviceType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceType\"}}},{\"name\":\"winlog.event_data.sourceIsIpv6\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.sourceIsIpv6.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.sourceIsIpv6\"}}},{\"name\":\"winlog.event_data.sourceIsIpv6.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.sourceIsIpv6\"}}},{\"name\":\"winlog.event_data.startType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.startType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.startType\"}}},{\"name\":\"winlog.event_data.startType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.startType\"}}},{\"name\":\"winlog.event_data.subjectDomainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.subjectDomainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectDomainName\"}}},{\"name\":\"winlog.event_data.subjectDomainName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectDomainName\"}}},{\"name\":\"winlog.event_data.subjectLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.subjectLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectLogonId\"}}},{\"name\":\"winlog.event_data.subjectLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectLogonId\"}}},{\"name\":\"winlog.event_data.subjectUserName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.subjectUserName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectUserName\"}}},{\"name\":\"winlog.event_data.subjectUserName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectUserName\"}}},{\"name\":\"winlog.event_data.subjectUserSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.subjectUserSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectUserSid\"}}},{\"name\":\"winlog.event_data.subjectUserSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectUserSid\"}}},{\"name\":\"winlog.event_data.targetDomainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetDomainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetDomainName\"}}},{\"name\":\"winlog.event_data.targetDomainName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetDomainName\"}}},{\"name\":\"winlog.event_data.targetLinkedLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetLinkedLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetLinkedLogonId\"}}},{\"name\":\"winlog.event_data.targetLinkedLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetLinkedLogonId\"}}},{\"name\":\"winlog.event_data.targetLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetLogonId\"}}},{\"name\":\"winlog.event_data.targetLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetLogonId\"}}},{\"name\":\"winlog.event_data.targetName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetName\"}}},{\"name\":\"winlog.event_data.targetName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetName\"}}},{\"name\":\"winlog.event_data.targetObject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetObject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetObject\"}}},{\"name\":\"winlog.event_data.targetObject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetObject\"}}},{\"name\":\"winlog.event_data.targetSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetSid\"}}},{\"name\":\"winlog.event_data.targetSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetSid\"}}},{\"name\":\"winlog.event_data.targetUserName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetUserName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetUserName\"}}},{\"name\":\"winlog.event_data.targetUserName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetUserName\"}}},{\"name\":\"winlog.event_data.targetUserSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetUserSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetUserSid\"}}},{\"name\":\"winlog.event_data.targetUserSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetUserSid\"}}},{\"name\":\"winlog.event_data.terminalSessionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.terminalSessionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.terminalSessionId\"}}},{\"name\":\"winlog.event_data.terminalSessionId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.terminalSessionId\"}}},{\"name\":\"winlog.event_data.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.type\"}}},{\"name\":\"winlog.event_data.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.type\"}}},{\"name\":\"winlog.event_data.updateGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateGuid\"}}},{\"name\":\"winlog.event_data.updateGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateGuid\"}}},{\"name\":\"winlog.event_data.updateRevisionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateRevisionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateRevisionNumber\"}}},{\"name\":\"winlog.event_data.updateRevisionNumber.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateRevisionNumber\"}}},{\"name\":\"winlog.event_data.updateTitle\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateTitle.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateTitle\"}}},{\"name\":\"winlog.event_data.updateTitle.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateTitle\"}}},{\"name\":\"winlog.event_data.utcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.utcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.utcTime\"}}},{\"name\":\"winlog.event_data.utcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.utcTime\"}}},{\"name\":\"winlog.event_data.virtualAccount\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.virtualAccount.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.virtualAccount\"}}},{\"name\":\"winlog.event_data.virtualAccount.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.virtualAccount\"}}},{\"name\":\"winlog.event_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.keywords\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.keywords.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.keywords\"}}},{\"name\":\"winlog.keywords.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.keywords\"}}},{\"name\":\"winlog.level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.level\"}}},{\"name\":\"winlog.level.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.level\"}}},{\"name\":\"winlog.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.message\"}}},{\"name\":\"winlog.message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.message\"}}},{\"name\":\"winlog.opcode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.opcode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.opcode\"}}},{\"name\":\"winlog.opcode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.opcode\"}}},{\"name\":\"winlog.process.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.process.thread.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.processID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.processID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.processID\"}}},{\"name\":\"winlog.processID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.processID\"}}},{\"name\":\"winlog.providerGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.providerGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.providerGuid\"}}},{\"name\":\"winlog.providerGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.providerGuid\"}}},{\"name\":\"winlog.providerName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.providerName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.providerName\"}}},{\"name\":\"winlog.providerName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.providerName\"}}},{\"name\":\"winlog.provider_guid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.provider_guid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_guid\"}}},{\"name\":\"winlog.provider_guid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_guid\"}}},{\"name\":\"winlog.provider_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.provider_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_name\"}}},{\"name\":\"winlog.provider_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_name\"}}},{\"name\":\"winlog.record_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.severityValue\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.severityValue.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.severityValue\"}}},{\"name\":\"winlog.severityValue.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.severityValue\"}}},{\"name\":\"winlog.systemTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.systemTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.systemTime\"}}},{\"name\":\"winlog.systemTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.systemTime\"}}},{\"name\":\"winlog.task\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.task.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.task\"}}},{\"name\":\"winlog.task.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.task\"}}},{\"name\":\"winlog.threadID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.threadID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.threadID\"}}},{\"name\":\"winlog.threadID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.threadID\"}}},{\"name\":\"winlog.user.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.domain\"}}},{\"name\":\"winlog.user.domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user.domain\"}}},{\"name\":\"winlog.user.identifier\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.identifier.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.identifier\"}}},{\"name\":\"winlog.user.identifier.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user.identifier\"}}},{\"name\":\"winlog.user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.name\"}}},{\"name\":\"winlog.user.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user.name\"}}},{\"name\":\"winlog.user.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.type\"}}},{\"name\":\"winlog.user.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user.type\"}}},{\"name\":\"winlog.user_data.SubjectDomainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.SubjectDomainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectDomainName\"}}},{\"name\":\"winlog.user_data.SubjectDomainName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectDomainName\"}}},{\"name\":\"winlog.user_data.SubjectLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.SubjectLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectLogonId\"}}},{\"name\":\"winlog.user_data.SubjectLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectLogonId\"}}},{\"name\":\"winlog.user_data.SubjectUserName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.SubjectUserName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectUserName\"}}},{\"name\":\"winlog.user_data.SubjectUserName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectUserName\"}}},{\"name\":\"winlog.user_data.SubjectUserSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.SubjectUserSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectUserSid\"}}},{\"name\":\"winlog.user_data.SubjectUserSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectUserSid\"}}},{\"name\":\"winlog.user_data.xml_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.xml_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.xml_name\"}}},{\"name\":\"winlog.user_data.xml_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.xml_name\"}}},{\"name\":\"winlog.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.basic_constraints.ca\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.certificate.curve\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.curve.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.curve\"}}},{\"name\":\"x509.certificate.curve.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.curve\"}}},{\"name\":\"x509.certificate.exponent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.exponent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.exponent\"}}},{\"name\":\"x509.certificate.exponent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.exponent\"}}},{\"name\":\"x509.certificate.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.issuer\"}}},{\"name\":\"x509.certificate.issuer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.issuer\"}}},{\"name\":\"x509.certificate.key.algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.key.algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.algorithm\"}}},{\"name\":\"x509.certificate.key.algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.algorithm\"}}},{\"name\":\"x509.certificate.key.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.certificate.key.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.key.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.type\"}}},{\"name\":\"x509.certificate.key.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.type\"}}},{\"name\":\"x509.certificate.not_valid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.not_valid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_after\"}}},{\"name\":\"x509.certificate.not_valid_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_after\"}}},{\"name\":\"x509.certificate.not_valid_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.not_valid_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_before\"}}},{\"name\":\"x509.certificate.not_valid_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_before\"}}},{\"name\":\"x509.certificate.serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.serial\"}}},{\"name\":\"x509.certificate.serial.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.serial\"}}},{\"name\":\"x509.certificate.signing_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.signing_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.signing_algorithm\"}}},{\"name\":\"x509.certificate.signing_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.signing_algorithm\"}}},{\"name\":\"x509.certificate.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.subject\"}}},{\"name\":\"x509.certificate.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.subject\"}}},{\"name\":\"x509.certificate.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.san_dns\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.san_dns.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.san_dns\"}}},{\"name\":\"x509.san_dns.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.san_dns\"}}},{\"name\":\"Push to TheHive\",\"type\":\"string\",\"count\":0,\"scripted\":true,\"script\":\"'https://PLACEHOLDER/soctopus/thehive/case/' + doc['_id'].value\",\"lang\":\"painless\",\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false}]","timeFieldName":"@timestamp","title":"*:so-*"},"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"type":"index-pattern","updated_at":"2021-03-19T14:35:12.119Z","version":"WzY5Njg3LDRd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - All Logs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - All Logs\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":29}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzY5Njg4LDRd"} @@ -460,7 +461,9 @@ {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\",\"time_zone\":\"America/New_York\"}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":96,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":28,\"x\":8,\"y\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":28,\"x\":28,\"y\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":72,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":48,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":24,\"x\":16,\"y\":72,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":120,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"columns\":[\"event_type\",\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"z16.04 - Sysmon - Logs","version":1},"id":"6d189680-6d62-11e7-8ddb-e71eb260f4a3","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"8cfdeff0-6d6b-11e7-ad64-15aa071374a6","name":"panel_1","type":"visualization"},{"id":"0eb1fd80-6d70-11e7-b09b-f57b22df6524","name":"panel_2","type":"visualization"},{"id":"3072c750-6d71-11e7-b09b-f57b22df6524","name":"panel_3","type":"visualization"},{"id":"7bc74b40-6d71-11e7-b09b-f57b22df6524","name":"panel_4","type":"visualization"},{"id":"13ed0810-6d72-11e7-b09b-f57b22df6524","name":"panel_5","type":"visualization"},{"id":"3b6c92c0-6d72-11e7-b09b-f57b22df6524","name":"panel_6","type":"visualization"},{"id":"e09f6010-6d72-11e7-b09b-f57b22df6524","name":"panel_7","type":"visualization"},{"id":"29611940-6d75-11e7-b09b-f57b22df6524","name":"panel_8","type":"visualization"},{"id":"6b70b840-6d75-11e7-b09b-f57b22df6524","name":"panel_9","type":"visualization"},{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"panel_10","type":"search"},{"id":"AWDHHk1sxQT5EBNmq43Y","name":"panel_11","type":"visualization"}],"type":"dashboard","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQyLDRd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SMB - Action (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMB - Action (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"action.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"6f883480-3aad-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQzLDRd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.certificate.subject.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.certificate.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"},"id":"6fccb600-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ0LDRd"} +{% endraw -%} {"attributes":{"buildNum":39457,"defaultIndex":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute":"/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize":{{DASHBOARD.discover.sampleSize}},"theme:darkMode":true,"timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion":"7.13.4","id":"7.13.4","migrationVersion":{"config":"7.12.0"},"references":[],"type":"config","updated_at":"2021-04-29T21:42:52.430Z","version":"WzY3NTUsM10="} +{% raw -%} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - File - MIME Flavors","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Strelka - File - MIME Flavors\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.flavors.mime.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"70243970-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ2LDRd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Modbus - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG_9KpxQT5EBNmq4Oo","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ3LDRd"} {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"z16.04 - Bro - Modbus","version":1},"id":"70c005f0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"0d168a30-363f-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"20eabd60-380b-11e7-a1cc-ebc6a7e70e84","name":"panel_2","type":"visualization"},{"id":"3c65f500-380b-11e7-a1cc-ebc6a7e70e84","name":"panel_3","type":"visualization"},{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"panel_4","type":"search"},{"id":"178209e0-6e1b-11e7-b553-7f80727663c1","name":"panel_5","type":"visualization"},{"id":"AWDG_9KpxQT5EBNmq4Oo","name":"panel_6","type":"visualization"},{"id":"453f8b90-4a58-11e8-9b0a-f1d33346f773","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ4LDRd"} @@ -731,3 +734,4 @@ {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Top Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Top Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"source.ip: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"},"id":"fd8b4640-6e9f-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwNDEyLDRd"} {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.module:strelka\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":7,\"i\":\"a2e0a619-a5c5-40d9-8593-e60f13ae22bf\"},\"panelIndex\":\"a2e0a619-a5c5-40d9-8593-e60f13ae22bf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":21,\"h\":7,\"i\":\"566a9d04-f2dc-4868-9625-97a19d985703\"},\"panelIndex\":\"566a9d04-f2dc-4868-9625-97a19d985703\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":7,\"i\":\"f247ec64-c278-4e05-ac4d-983bea9dfb7d\"},\"panelIndex\":\"f247ec64-c278-4e05-ac4d-983bea9dfb7d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":7,\"w\":12,\"h\":20,\"i\":\"6e80a142-ab0e-4fd3-891c-e495b78a1625\"},\"panelIndex\":\"6e80a142-ab0e-4fd3-891c-e495b78a1625\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":12,\"y\":7,\"w\":11,\"h\":20,\"i\":\"292cc879-6bc0-4541-ba92-3b3c5f4e3368\"},\"panelIndex\":\"292cc879-6bc0-4541-ba92-3b3c5f4e3368\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":7,\"w\":14,\"h\":20,\"i\":\"66979b2c-e7c1-4291-91ac-16537b7f9ec3\"},\"panelIndex\":\"66979b2c-e7c1-4291-91ac-16537b7f9ec3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":37,\"y\":7,\"w\":11,\"h\":20,\"i\":\"8bb1cf98-0401-4a2d-9dd8-deca08205a22\"},\"panelIndex\":\"8bb1cf98-0401-4a2d-9dd8-deca08205a22\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":8,\"h\":20,\"i\":\"393f3cec-3ee0-4275-b319-f307e7a260c6\"},\"panelIndex\":\"393f3cec-3ee0-4275-b319-f307e7a260c6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":15,\"h\":20,\"i\":\"0e8800a9-a6f5-4a79-8370-61713f584886\"},\"panelIndex\":\"0e8800a9-a6f5-4a79-8370-61713f584886\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":27,\"w\":25,\"h\":20,\"i\":\"be9a0a2a-d8c6-4d15-b5d7-d5599d0482a3\"},\"panelIndex\":\"be9a0a2a-d8c6-4d15-b5d7-d5599d0482a3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":27,\"i\":\"40296d2b-cb6f-423f-989c-3fdaa82d2aad\"},\"panelIndex\":\"40296d2b-cb6f-423f-989c-3fdaa82d2aad\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"Security Onion - Strelka","version":1},"id":"ff689c50-75f3-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"7a88adc0-75f0-11ea-9565-7315f4ee5cac","name":"panel_3","type":"visualization"},{"id":"49cfe850-772c-11ea-bee5-af7f7c7b8e05","name":"panel_4","type":"visualization"},{"id":"70243970-772c-11ea-bee5-af7f7c7b8e05","name":"panel_5","type":"visualization"},{"id":"ce9e03f0-772c-11ea-bee5-af7f7c7b8e05","name":"panel_6","type":"visualization"},{"id":"a7ebb450-772c-11ea-bee5-af7f7c7b8e05","name":"panel_7","type":"visualization"},{"id":"08c0b770-772e-11ea-bee5-af7f7c7b8e05","name":"panel_8","type":"visualization"},{"id":"e087c7d0-772d-11ea-bee5-af7f7c7b8e05","name":"panel_9","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_10","type":"search"}],"type":"dashboard","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwNDEzLDRd"} {"exportedCount":732,"missingRefCount":0,"missingReferences":[]} +{% endraw -%} From f31dc5abc7c46b8c076adabc0275cd1a504a0543 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 28 Jul 2021 09:49:59 -0400 Subject: [PATCH 221/266] Add learn to allowed states --- salt/allowed_states.map.jinja | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja index 12d8f99ec..1aa79474e 100644 --- a/salt/allowed_states.map.jinja +++ b/salt/allowed_states.map.jinja @@ -46,7 +46,8 @@ 'soctopus', 'tcpreplay', 'docker_clean', - 'logscsan' + 'logscsan', + 'learn' ], 'so-heavynode': [ 'ca', @@ -111,7 +112,8 @@ 'schedule', 'tcpreplay', 'docker_clean', - 'logscsan' + 'logscsan', + 'learn' ], 'so-manager': [ 'salt.master', @@ -131,7 +133,8 @@ 'schedule', 'soctopus', 'docker_clean', - 'logscsan' + 'logscsan', + 'learn' ], 'so-managersearch': [ 'salt.master', @@ -151,7 +154,8 @@ 'schedule', 'soctopus', 'docker_clean', - 'logscsan' + 'logscsan', + 'learn' ], 'so-node': [ 'ca', @@ -184,7 +188,8 @@ 'soctopus', 'tcpreplay', 'docker_clean', - 'logscsan' + 'logscsan', + 'learn' ], 'so-sensor': [ 'ca', From 8d56fc71fa6b242ceca2720dce2160bb108e1780 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 28 Jul 2021 09:53:24 -0400 Subject: [PATCH 222/266] Fix jinja length calculation --- salt/learn/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/learn/init.sls b/salt/learn/init.sls index 581f3f073..a511c1074 100644 --- a/salt/learn/init.sls +++ b/salt/learn/init.sls @@ -3,7 +3,7 @@ {% set module_list = salt['pillar.get']('learn:modules', [] ) %} -{% if len(module_list) != 0 %}} +{% if module_list|length != 0 %}} include: {% for module in module_list %} - .{{ module }} From 455719936bdbffaef594c9744ab3f5c59e746a3d Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 28 Jul 2021 09:53:35 -0400 Subject: [PATCH 223/266] Uncomment required lines in so-learn --- salt/common/tools/sbin/so-learn | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/common/tools/sbin/so-learn b/salt/common/tools/sbin/so-learn index 8b5c2473f..a033c7db5 100644 --- a/salt/common/tools/sbin/so-learn +++ b/salt/common/tools/sbin/so-learn @@ -208,11 +208,11 @@ def main(): args = main_parser.parse_args(sys.argv[1:]) - # args.pillar = find_minion_pillar() + args.pillar = find_minion_pillar() - # args.pillar_dict = read_pillar(args.pillar) + args.pillar_dict = read_pillar(args.pillar) - # create_pillar_if_not_exist(args.pillar, args.pillar_dict) + create_pillar_if_not_exist(args.pillar, args.pillar_dict) if hasattr(args, 'func'): exit_code = args.func(args) From ead9ae8cb5578a905178c753277b64e597184cd9 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 28 Jul 2021 09:58:38 -0400 Subject: [PATCH 224/266] fix merge and defaults passed --- salt/kibana/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls index fe10364cc..a23fc68cc 100644 --- a/salt/kibana/init.sls +++ b/salt/kibana/init.sls @@ -7,7 +7,7 @@ {% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %} {% import_yaml 'kibana/defaults.yaml' as default_settings %} -{% set KIBANA_SETTINGS = salt['pillar.get']('kibana', default=default_settings, merge=True) %} +{% set KIBANA_SETTINGS = salt['grains.filter_by'](default_settings, default='kibana', merge=salt['pillar.get']('kibana', {})) %} # Add ES Group kibanasearchgroup: @@ -102,7 +102,7 @@ kibanadashtemplate: - group: 939 - template: jinja - defaults: - DASHBOARD: {{ KIBANA_SETTINGS.kibana.dashboard }} + DASHBOARD: {{ KIBANA_SETTINGS.dashboard }} so-kibana-config-load: cmd.run: From e2abe8840f0b99c14910c512d6a95c96a0a55f8f Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 28 Jul 2021 10:12:19 -0400 Subject: [PATCH 225/266] Fix directory in logscan state --- salt/learn/logscan.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/learn/logscan.sls b/salt/learn/logscan.sls index 43318d81a..833c40bd2 100644 --- a/salt/learn/logscan.sls +++ b/salt/learn/logscan.sls @@ -20,7 +20,7 @@ logscan_conf_dir: logscan_conf: file.managed: - name: /opt/so/conf/logscan/logscan.conf - - source: salt://logscan/files/logscan.conf + - source: salt://learn/files/logscan.conf - user: 939 - group: 939 - mode: 600 From 91accb0bc666c179c014b7108a599184952c44a1 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 28 Jul 2021 10:12:32 -0400 Subject: [PATCH 226/266] [wip] Fixing so-learn script --- salt/common/tools/sbin/so-learn | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/salt/common/tools/sbin/so-learn b/salt/common/tools/sbin/so-learn index a033c7db5..4734b3fad 100644 --- a/salt/common/tools/sbin/so-learn +++ b/salt/common/tools/sbin/so-learn @@ -88,8 +88,12 @@ def write_pillar(pillar: str, content: dict): def create_pillar_if_not_exist(pillar:str, content: dict): if content.get('learn', {}).get('modules') is None: + content['learn'] = {} content['learn']['modules'] = learn_modules write_pillar(pillar, content) + + content.update() + return content def apply(module_list: List): @@ -99,7 +103,7 @@ def apply(module_list: List): print(f'Applying salt state for {module} module...') cmd = subprocess.run(salt_cmd, stdout=subprocess.DEVNULL) if cmd.returncode != 0: - print(f'[ERROR] Failed to apply salt state for {module}') + print(f'[ERROR] Failed to apply salt state for {module} module.') return_code = cmd.returncode return return_code @@ -135,13 +139,18 @@ def enable_disable_modules(args, enable: bool): write_needed = False for module in args.modules: if module in pillar_modules: - pillar_modules[module]['enabled'] = enable - write_needed = enable + if pillar_modules[module]['enabled'] == enable: + action_str = 'enabled' if enable else 'disabled' + print(f'{module} module already {action_str}.', file=sys.stderr) + else: + pillar_modules[module]['enabled'] = enable + write_needed = enable if write_needed: args.pillar_dict.update() write_pillar(args.pillarm, args.pillar_dict) - check_apply(args) + salt_proc = check_apply(args) + return salt_proc def enable_modules(args): @@ -155,8 +164,8 @@ def disable_modules(args): def list_modules(*_): print('Available ML modules:') for module in learn_modules: - print(f' - { module["name"] } : {module["description"]}') + return 0 def main(): @@ -194,25 +203,18 @@ def main(): enable.add_argument('--apply', action='store_const', const=True, required=False, help=enable_apply_help) enable.add_argument('--yes', '-y', action='store_const', const=True, required=False, help=yes_help) - disable = subparsers.add_parser('disable') disable.set_defaults(func=disable_modules) disable.add_argument('modules', metavar='ML_MODULES', nargs='+', help=module_help_str) disable.add_argument('--apply', action='store_const', const=True, required=False, help=disable_apply_help) disable.add_argument('--yes', '-y', action='store_const', const=True, required=False, help=yes_help) - - list = subparsers.add_parser('list') list.set_defaults(func=list_modules) args = main_parser.parse_args(sys.argv[1:]) - args.pillar = find_minion_pillar() - - args.pillar_dict = read_pillar(args.pillar) - - create_pillar_if_not_exist(args.pillar, args.pillar_dict) + args.pillar_dict = create_pillar_if_not_exist(args.pillar, read_pillar(args.pillar)) if hasattr(args, 'func'): exit_code = args.func(args) From cf9121dfc2015555ecaffdf9a8e1720b545f7b1e Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 28 Jul 2021 14:13:16 -0400 Subject: [PATCH 227/266] Actually download so-learn container --- salt/common/tools/sbin/so-image-common | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index 9b6e2174a..ad16379bb 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -37,6 +37,7 @@ container_list() { "so-idstools" "so-kibana" "so-kratos" + "so-learn" "so-nginx" "so-pcaptools" "so-soc" @@ -58,6 +59,7 @@ container_list() { "so-influxdb" "so-kibana" "so-kratos" + "so-learn" "so-logstash" "so-mysql" "so-nginx" From 7ef5b39b048079d84fb29a930e21d937341b77da Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 28 Jul 2021 14:28:00 -0400 Subject: [PATCH 228/266] [wip] Fix `'Nonetype' object is not callable` error --- salt/common/tools/sbin/so-learn | 54 +++++++++++++++------------------ 1 file changed, 24 insertions(+), 30 deletions(-) diff --git a/salt/common/tools/sbin/so-learn b/salt/common/tools/sbin/so-learn index 4734b3fad..85b70730d 100644 --- a/salt/common/tools/sbin/so-learn +++ b/salt/common/tools/sbin/so-learn @@ -15,6 +15,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . +from typing import List import signal import sys @@ -23,12 +24,10 @@ import re import subprocess import argparse import textwrap -from typing import List - import yaml minion_pillar_dir = '/opt/so/saltstack/local/pillar/minions' -salt_proc = subprocess.CompletedProcess = None +salt_proc: subprocess.CompletedProcess = None # Temp store of modules, will likely be broken out into salt learn_modules = [ @@ -80,19 +79,21 @@ def read_pillar(pillar: str): def write_pillar(pillar: str, content: dict): try: with open(pillar, 'w') as f: - return yaml.dump(content, f, default_flow_style=False) + yaml.dump(content, f, default_flow_style=False, sort_keys=False) except: print(f'Could not open {pillar}', file=sys.stderr) sys.exit(3) def create_pillar_if_not_exist(pillar:str, content: dict): - if content.get('learn', {}).get('modules') is None: - content['learn'] = {} - content['learn']['modules'] = learn_modules - write_pillar(pillar, content) + pillar_dict = content + + if pillar_dict.get('learn', {}).get('modules') is None: + pillar_dict['learn'] = {} + pillar_dict['learn']['modules'] = learn_modules + content.update() + write_pillar(pillar, content) - content.update() return content @@ -100,11 +101,11 @@ def apply(module_list: List): return_code = 0 for module in module_list: salt_cmd = ['salt-call', 'state.apply', '-l', 'quiet', f'learn.{module}', 'queue=True'] - print(f'Applying salt state for {module} module...') - cmd = subprocess.run(salt_cmd, stdout=subprocess.DEVNULL) - if cmd.returncode != 0: - print(f'[ERROR] Failed to apply salt state for {module} module.') - return_code = cmd.returncode + print(f' Applying salt state for {module} module...') + salt_proc = subprocess.run(salt_cmd, stdout=subprocess.DEVNULL) + if salt_proc.returncode != 0: + print(f' [ERROR] Failed to apply salt state for {module} module.') + return_code = salt_proc.returncode return return_code @@ -113,18 +114,15 @@ def check_apply(args: dict): print('Configuration updated. Applying changes:') return apply(args.modules) else: - if not hasattr(args, 'yes'): - message = 'Configuration updated. Would you like to apply your changes now? (y/N) ' + message = 'Configuration updated. Would you like to apply your changes now? (y/N) ' + answer = input(message) + while answer.lower() not in [ 'y', 'n', '' ]: answer = input(message) - while answer.lower() not in [ 'y', 'n', '' ]: - answer = input(message) - if answer.lower() in [ 'n', '' ]: - return 0 - else: - print('Applying changes:') - return apply(args.modules) - else: + if answer.lower() in [ 'n', '' ]: return 0 + else: + print('Applying changes:') + return apply(args.modules) def enable_disable_modules(args, enable: bool): @@ -149,8 +147,8 @@ def enable_disable_modules(args, enable: bool): args.pillar_dict.update() write_pillar(args.pillarm, args.pillar_dict) - salt_proc = check_apply(args) - return salt_proc + cmd_ret = check_apply(args) + return cmd_ret def enable_modules(args): @@ -175,8 +173,6 @@ def main(): enable_apply_help = apply_help.replace('ACTION', 'enabling') disable_apply_help = apply_help.replace('ACTION', 'disabling') - yes_help = 'Accept apply prompt.' - signal.signal(signal.SIGINT, sigint_handler) if os.geteuid() != 0: @@ -201,13 +197,11 @@ def main(): enable.set_defaults(func=enable_modules) enable.add_argument('modules', metavar='ML_MODULES', nargs='+', help=module_help_str) enable.add_argument('--apply', action='store_const', const=True, required=False, help=enable_apply_help) - enable.add_argument('--yes', '-y', action='store_const', const=True, required=False, help=yes_help) disable = subparsers.add_parser('disable') disable.set_defaults(func=disable_modules) disable.add_argument('modules', metavar='ML_MODULES', nargs='+', help=module_help_str) disable.add_argument('--apply', action='store_const', const=True, required=False, help=disable_apply_help) - disable.add_argument('--yes', '-y', action='store_const', const=True, required=False, help=yes_help) list = subparsers.add_parser('list') list.set_defaults(func=list_modules) From dd0e407935f7992dbcff32cf7ba4f914224e20f0 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 28 Jul 2021 15:06:38 -0400 Subject: [PATCH 229/266] Use correct container name --- salt/common/tools/sbin/so-image-common | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index ad16379bb..cea0f6507 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -37,7 +37,7 @@ container_list() { "so-idstools" "so-kibana" "so-kratos" - "so-learn" + "so-logscan" "so-nginx" "so-pcaptools" "so-soc" @@ -59,7 +59,7 @@ container_list() { "so-influxdb" "so-kibana" "so-kratos" - "so-learn" + "so-logscan" "so-logstash" "so-mysql" "so-nginx" From a42d8c922955b56ae99d5cd7aaf159708f4b1d74 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Jul 2021 17:03:14 -0400 Subject: [PATCH 230/266] Fix Manager Search --- salt/elasticsearch/files/elasticsearch.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index bf5e7e2b4..518cd74e9 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -49,6 +49,16 @@ discovery.seed_hosts: - {{ SN.split('_')|first }} {%- endfor %} {%- endif %} + {%- elif grains.role == 'so-managersearch' %} + {%- if salt['pillar.get']('nodestab', {}) %} +node.roles: [ master, data, remote_cluster_client ] +discovery.seed_hosts: + - {{ grains.master }} + {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} + - {{ SN.split('_')|first }} + {%- endfor %} + {%- endif %} +node.attr.box_type: {{ NODE_ROUTE_TYPE }} {%- else %} node.roles: {{ NODE_ROLES }} node.attr.box_type: {{ NODE_ROUTE_TYPE }} From d4a177949ac5d9b2d3a2f87d69bc872297352971 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Jul 2021 17:05:16 -0400 Subject: [PATCH 231/266] Fix Manager Search --- HOTFIX | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/HOTFIX b/HOTFIX index b1fe67394..6061123a0 100644 --- a/HOTFIX +++ b/HOTFIX @@ -1 +1 @@ -STENODOCKER +STENODOCKER MSEARCH From 8ed264460f828669207708df5fe787ab390c85cd Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 29 Jul 2021 10:45:35 -0400 Subject: [PATCH 232/266] Do not prompt about uppercased hostname during testing --- setup/so-whiptail | 3 +++ 1 file changed, 3 insertions(+) diff --git a/setup/so-whiptail b/setup/so-whiptail index 10d86ec2b..961924afa 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1851,6 +1851,9 @@ whiptail_suricata_pins() { # shellcheck disable=2120 whiptail_uppercase_warning() { + + [ -n "$TESTING" ] && return + local type=$1 local msg From 3fc43f7d9243760a4767be8d9563477b164404fa Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 29 Jul 2021 10:48:24 -0400 Subject: [PATCH 233/266] allow for adjustment to auto patch os schedule - https://github.com/Security-Onion-Solutions/securityonion/issues/4985 --- salt/patch/os/schedule.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/patch/os/schedule.sls b/salt/patch/os/schedule.sls index 4ad9a454e..01f1ad117 100644 --- a/salt/patch/os/schedule.sls +++ b/salt/patch/os/schedule.sls @@ -42,7 +42,7 @@ patch_os_schedule: - function: state.sls - job_args: - patch.os - - hours: 8 + - hours: {{ salt['pillar.get']('patch_os_pillar:hours', 8) }} - splay: {{splay}} - return_job: True From 5894b85bd1956f0656252e72a7049b23b733471b Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 29 Jul 2021 10:57:53 -0400 Subject: [PATCH 234/266] Remove broken yaml dump arg, rename metavars --- salt/common/tools/sbin/so-learn | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/common/tools/sbin/so-learn b/salt/common/tools/sbin/so-learn index 85b70730d..53e2b5020 100644 --- a/salt/common/tools/sbin/so-learn +++ b/salt/common/tools/sbin/so-learn @@ -79,7 +79,7 @@ def read_pillar(pillar: str): def write_pillar(pillar: str, content: dict): try: with open(pillar, 'w') as f: - yaml.dump(content, f, default_flow_style=False, sort_keys=False) + yaml.dump(content, f, default_flow_style=False) except: print(f'Could not open {pillar}', file=sys.stderr) sys.exit(3) @@ -195,12 +195,12 @@ def main(): enable = subparsers.add_parser('enable') enable.set_defaults(func=enable_modules) - enable.add_argument('modules', metavar='ML_MODULES', nargs='+', help=module_help_str) + enable.add_argument('modules', metavar='ML_MODULE', nargs='+', help=module_help_str) enable.add_argument('--apply', action='store_const', const=True, required=False, help=enable_apply_help) disable = subparsers.add_parser('disable') disable.set_defaults(func=disable_modules) - disable.add_argument('modules', metavar='ML_MODULES', nargs='+', help=module_help_str) + disable.add_argument('modules', metavar='ML_MODULE', nargs='+', help=module_help_str) disable.add_argument('--apply', action='store_const', const=True, required=False, help=disable_apply_help) list = subparsers.add_parser('list') From 4b6120a46b2f00a1bafdbd0dc83c98c50a17f6d5 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 29 Jul 2021 10:59:33 -0400 Subject: [PATCH 235/266] fix the hours get --- salt/patch/os/schedule.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/patch/os/schedule.sls b/salt/patch/os/schedule.sls index 01f1ad117..7e5b3d532 100644 --- a/salt/patch/os/schedule.sls +++ b/salt/patch/os/schedule.sls @@ -42,7 +42,7 @@ patch_os_schedule: - function: state.sls - job_args: - patch.os - - hours: {{ salt['pillar.get']('patch_os_pillar:hours', 8) }} + - hours: {{ patch_os_pillar.get('hours', 8) }} - splay: {{splay}} - return_job: True From f585eb6e624b73828f3b8fc70d2406befc5e91f9 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 29 Jul 2021 11:08:03 -0400 Subject: [PATCH 236/266] 2.3.61-MSEARCH --- VERIFY_ISO.md | 22 +++++++++++----------- sigs/securityonion-2.3.61-MSEARCH.iso.sig | Bin 0 -> 543 bytes 2 files changed, 11 insertions(+), 11 deletions(-) create mode 100644 sigs/securityonion-2.3.61-MSEARCH.iso.sig diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index ac6101ad1..3e807d21d 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,18 +1,18 @@ -### 2.3.61-STENODOCKER ISO image built on 2021/07/26 +### 2.3.61-MSEARCH ISO image built on 2021/07/26 ### Download and Verify -2.3.61-STENODOCKER ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.61-STENODOCKER.iso +2.3.61-MSEARCH ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.61-MSEARCH.iso -MD5: 10815F1F816E75BF15F331B39CB5EBEC -SHA1: 2D4F4ACA6FBA35563D76C1296A6A774FF73D67FD -SHA256: D9C927C07A2B29C0BD93B1349EB750D4E3CF7F553A14D3EF90593BA660936821 +MD5: D38450A6609A1DFF0E19482517B24275 +SHA1: DBCBD8F035FD875DC56307982A2480A62BCAB96D +SHA256: D7767AA10FE5D655E8502BDC9B8F963C5584DF8F72F26A5A997C1F2277D4F07E Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.61-STENODOCKER.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.61-MSEARCH.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.61-STENODOCKER.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.61-MSEARCH.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.61-STENODOCKER.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.61-MSEARCH.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.61-STENODOCKER.iso.sig securityonion-2.3.61-STENODOCKER.iso +gpg --verify securityonion-2.3.61-MSEARCH.iso.sig securityonion-2.3.61-MSEARCH.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Mon 26 Jul 2021 04:34:58 PM EDT using RSA key ID FE507013 +gpg: Signature made Wed 28 Jul 2021 05:27:35 PM EDT using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/sigs/securityonion-2.3.61-MSEARCH.iso.sig b/sigs/securityonion-2.3.61-MSEARCH.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..52b3b7645cfa6becb3e3f223345a4104e36afbf7 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;9K%f|o;2@re`V7LBIa1&?%5C4AYFMku1Yb9^S`MLeh*2I)l3goS#SvxGa z2CW^Cn^50tDJkLs3=vKTW=_?d?MoM1%yz4$&<-sgx5Q=^5tmX|4r zo8rWWi}>XX%aG-kd#tXe=Je=&*BE7kTfKU^Y=N{DubAL;rTFUSW?$GXh4>!KZFU-E hECTlT^$VlGc=e#p&$q8RH=qhr-kba_1YiIF literal 0 HcmV?d00001 From 3d2da303c8f861447c0d7699cae4804451b20844 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 29 Jul 2021 11:09:27 -0400 Subject: [PATCH 237/266] 2.3.61-MSEARCH --- VERIFY_ISO.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 3e807d21d..d3264ced0 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,4 +1,4 @@ -### 2.3.61-MSEARCH ISO image built on 2021/07/26 +### 2.3.61-MSEARCH ISO image built on 2021/07/29 From 7591bb115e08fc8e32f1a52f6702e7f9dfbe8103 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 29 Jul 2021 11:09:54 -0400 Subject: [PATCH 238/266] 2.3.61-MSEARCH --- VERIFY_ISO.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index d3264ced0..84c09fe06 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,4 +1,4 @@ -### 2.3.61-MSEARCH ISO image built on 2021/07/29 +### 2.3.61-MSEARCH ISO image built on 2021/07/28 From 211a841cdbd397b61fea9cc096fcaf1c25ea99ac Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 29 Jul 2021 11:40:19 -0400 Subject: [PATCH 239/266] Fix file path in bind mount for logscan --- salt/learn/logscan.sls | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/salt/learn/logscan.sls b/salt/learn/logscan.sls index 833c40bd2..1e21e3b2a 100644 --- a/salt/learn/logscan.sls +++ b/salt/learn/logscan.sls @@ -1,7 +1,7 @@ {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %} {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} -{% set logscan_cpu_period = salt['pillar.get']('logscan:cpu_period', 10000) %} +{% set logscan_cpu_period = salt['pillar.get']('learn:modules:logscan:cpu_period', 20000) %} logscan_data_dir: file.directory: @@ -24,7 +24,6 @@ logscan_conf: - user: 939 - group: 939 - mode: 600 - - template: jinja logscan_log_dir: file.directory: @@ -39,7 +38,7 @@ so-logscan: - name: so-logscan - binds: - /nsm/logscan/data:/logscan/data:rw - - /opt/so/conf/logscan.conf:/logscan/logscan.conf:ro + - /opt/so/conf/logscan/logscan.conf:/logscan/logscan.conf:ro - /opt/so/log/logscan:/logscan/output:rw - /opt/so/log:/logscan/logs:ro - cpu_period: {{ logscan_cpu_period }} From d53e989c55b5a222fb87fb88de00fb1c61f7ceab Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 29 Jul 2021 11:52:10 -0400 Subject: [PATCH 240/266] Add ability to set cpu_period per module --- salt/common/tools/sbin/so-learn | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/salt/common/tools/sbin/so-learn b/salt/common/tools/sbin/so-learn index 53e2b5020..39004b052 100644 --- a/salt/common/tools/sbin/so-learn +++ b/salt/common/tools/sbin/so-learn @@ -25,14 +25,28 @@ import subprocess import argparse import textwrap import yaml +import multiprocessing minion_pillar_dir = '/opt/so/saltstack/local/pillar/minions' salt_proc: subprocess.CompletedProcess = None # Temp store of modules, will likely be broken out into salt -learn_modules = [ - { 'name': 'logscan', 'enabled': False, 'description': 'Scan log files against pre-trained models to alert on anomalies.' } -] +def get_learn_modules(): + return [ + { 'name': 'logscan', 'cpu_period': get_cpu_period(fraction=0.25), 'enabled': False, 'description': 'Scan log files against pre-trained models to alert on anomalies.' } + ] + + +def get_cpu_period(fraction: float): + multiplier = 10000 + + num_cores = multiprocessing.cpu_count() + if num_cores <= 2: + fraction = 1. + + num_used_cores = int(num_cores * fraction) + cpu_period = num_used_cores * multiplier + return cpu_period def sigint_handler(*_): @@ -90,7 +104,7 @@ def create_pillar_if_not_exist(pillar:str, content: dict): if pillar_dict.get('learn', {}).get('modules') is None: pillar_dict['learn'] = {} - pillar_dict['learn']['modules'] = learn_modules + pillar_dict['learn']['modules'] = get_learn_modules() content.update() write_pillar(pillar, content) From 2560a9b78c3087f782a11486ba42a5979d797b81 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 29 Jul 2021 11:58:58 -0400 Subject: [PATCH 241/266] [wip] Change learn:modules to dictionary --- salt/common/tools/sbin/so-learn | 6 +++--- salt/learn/init.sls | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/salt/common/tools/sbin/so-learn b/salt/common/tools/sbin/so-learn index 39004b052..e444bc442 100644 --- a/salt/common/tools/sbin/so-learn +++ b/salt/common/tools/sbin/so-learn @@ -32,9 +32,9 @@ salt_proc: subprocess.CompletedProcess = None # Temp store of modules, will likely be broken out into salt def get_learn_modules(): - return [ - { 'name': 'logscan', 'cpu_period': get_cpu_period(fraction=0.25), 'enabled': False, 'description': 'Scan log files against pre-trained models to alert on anomalies.' } - ] + return { + 'logscan': { 'cpu_period': get_cpu_period(fraction=0.25), 'enabled': False, 'description': 'Scan log files against pre-trained models to alert on anomalies.' } + } def get_cpu_period(fraction: float): diff --git a/salt/learn/init.sls b/salt/learn/init.sls index a511c1074..ee0b5e91b 100644 --- a/salt/learn/init.sls +++ b/salt/learn/init.sls @@ -1,12 +1,12 @@ {% from 'allowed_states.map.jinja' import allowed_states %} {% if sls in allowed_states %} -{% set module_list = salt['pillar.get']('learn:modules', [] ) %} +{% set module_dict = salt['pillar.get']('learn:modules', [] ) %} {% if module_list|length != 0 %}} include: -{% for module in module_list %} - - .{{ module }} +{% for module, _ in module_dict %} + - 'learn.{{ module }}' {% endfor %} {% endif %} From e1785dbd9a74896ed92310d5f3a7f641773a8a89 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 29 Jul 2021 12:00:53 -0400 Subject: [PATCH 242/266] Fix typo --- salt/common/tools/sbin/so-learn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-learn b/salt/common/tools/sbin/so-learn index e444bc442..be5e6ee02 100644 --- a/salt/common/tools/sbin/so-learn +++ b/salt/common/tools/sbin/so-learn @@ -159,7 +159,7 @@ def enable_disable_modules(args, enable: bool): write_needed = enable if write_needed: args.pillar_dict.update() - write_pillar(args.pillarm, args.pillar_dict) + write_pillar(args.pillar, args.pillar_dict) cmd_ret = check_apply(args) return cmd_ret From c53da9b1fffc296490a72fd4c263c43747ec7db9 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 29 Jul 2021 12:04:40 -0400 Subject: [PATCH 243/266] Fix wrong variables in learn init.sls --- salt/learn/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/learn/init.sls b/salt/learn/init.sls index ee0b5e91b..32f8647b9 100644 --- a/salt/learn/init.sls +++ b/salt/learn/init.sls @@ -3,9 +3,9 @@ {% set module_dict = salt['pillar.get']('learn:modules', [] ) %} -{% if module_list|length != 0 %}} +{% if module_dict.items()|length != 0 %}} include: -{% for module, _ in module_dict %} +{% for module, _ in module_dict.items() %} - 'learn.{{ module }}' {% endfor %} {% endif %} From 44551ea9eeaf91aff80b54e7004f966e4ee241ac Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 29 Jul 2021 13:31:48 -0400 Subject: [PATCH 244/266] Fix so-learn list --- salt/common/tools/sbin/so-learn | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-learn b/salt/common/tools/sbin/so-learn index be5e6ee02..9a307712b 100644 --- a/salt/common/tools/sbin/so-learn +++ b/salt/common/tools/sbin/so-learn @@ -175,8 +175,8 @@ def disable_modules(args): def list_modules(*_): print('Available ML modules:') - for module in learn_modules: - print(f' - { module["name"] } : {module["description"]}') + for module, details in get_learn_modules().items(): + print(f' - { module } : {details["description"]}') return 0 From 9e92f6da3d339f61b29a90fab498ed31af399e87 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 29 Jul 2021 14:25:20 -0400 Subject: [PATCH 245/266] Add container to so-status when enabling/disabling ml module --- salt/common/tools/sbin/so-learn | 44 ++++++++++++++++++++++++++------- 1 file changed, 35 insertions(+), 9 deletions(-) diff --git a/salt/common/tools/sbin/so-learn b/salt/common/tools/sbin/so-learn index 9a307712b..ea5a18b2c 100644 --- a/salt/common/tools/sbin/so-learn +++ b/salt/common/tools/sbin/so-learn @@ -28,6 +28,7 @@ import yaml import multiprocessing minion_pillar_dir = '/opt/so/saltstack/local/pillar/minions' +so_status_conf = '/opt/so/conf/so-status/so-status.conf' salt_proc: subprocess.CompletedProcess = None # Temp store of modules, will likely be broken out into salt @@ -79,8 +80,8 @@ def find_minion_pillar() -> str: def read_pillar(pillar: str): try: - with open(pillar, 'r') as f: - loaded_yaml = yaml.safe_load(f.read()) + with open(pillar, 'r') as pillar_file: + loaded_yaml = yaml.safe_load(pillar_file.read()) if loaded_yaml is None: print(f'Could not parse {pillar}', file=sys.stderr) sys.exit(3) @@ -92,13 +93,31 @@ def read_pillar(pillar: str): def write_pillar(pillar: str, content: dict): try: - with open(pillar, 'w') as f: - yaml.dump(content, f, default_flow_style=False) + with open(pillar, 'w') as pillar_file: + yaml.dump(content, pillar_file, default_flow_style=False) except: print(f'Could not open {pillar}', file=sys.stderr) sys.exit(3) +def mod_so_status(action: str, items: str): + with open(so_status_conf, 'a+') as conf: + conf.seek(0) + containers = conf.readlines() + + for item in items: + if f'so-{item}' in containers: + if action == 'remove': containers.remove(f'so-{item}') + if action == 'add': pass + else: + if action == 'remove': pass + if action == 'add': containers.append(f'so-{item}') + + conf.seek(0) + conf.truncate(0) + conf.writelines(containers) + + def create_pillar_if_not_exist(pillar:str, content: dict): pillar_dict = content @@ -141,21 +160,26 @@ def check_apply(args: dict): def enable_disable_modules(args, enable: bool): pillar_modules = args.pillar_dict.get('learn', {}).get('modules') + pillar_mod_names = args.pillar_dict.get('learn', {}).get('modules').keys() + action_str = 'add' if enable else 'remove' + if 'all' in args.modules: - for module in pillar_modules: - module['enabled'] = enable + for module, details in pillar_modules.items(): + details['enabled'] = enable + mod_so_status(action_str, module) args.pillar_dict.update() write_pillar(args.pillar, args.pillar_dict) else: write_needed = False for module in args.modules: - if module in pillar_modules: + if module in pillar_mod_names: if pillar_modules[module]['enabled'] == enable: - action_str = 'enabled' if enable else 'disabled' - print(f'{module} module already {action_str}.', file=sys.stderr) + state_str = 'enabled' if enable else 'disabled' + print(f'{module} module already {state_str}.', file=sys.stderr) else: pillar_modules[module]['enabled'] = enable + mod_so_status(action_str, module) write_needed = enable if write_needed: args.pillar_dict.update() @@ -167,10 +191,12 @@ def enable_disable_modules(args, enable: bool): def enable_modules(args): enable_disable_modules(args, enable=True) + mod_so_status('add', args.modules) def disable_modules(args): enable_disable_modules(args, enable=False) + mod_so_status('remove', args.modules) def list_modules(*_): From e38219aa2e4b88f827aeccccc9bda6134f01b163 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 29 Jul 2021 14:35:02 -0400 Subject: [PATCH 246/266] Fix learn init.sls typo --- salt/learn/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/learn/init.sls b/salt/learn/init.sls index 32f8647b9..51a3fc973 100644 --- a/salt/learn/init.sls +++ b/salt/learn/init.sls @@ -3,7 +3,7 @@ {% set module_dict = salt['pillar.get']('learn:modules', [] ) %} -{% if module_dict.items()|length != 0 %}} +{% if module_dict.items()|length != 0 %} include: {% for module, _ in module_dict.items() %} - 'learn.{{ module }}' From b30f771fa2166c77869f526a03f09cdb3acec650 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 29 Jul 2021 14:59:26 -0400 Subject: [PATCH 247/266] Set write_needed flag correctly, include newline in so-status.conf string --- salt/common/tools/sbin/so-learn | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/common/tools/sbin/so-learn b/salt/common/tools/sbin/so-learn index ea5a18b2c..8103dc09b 100644 --- a/salt/common/tools/sbin/so-learn +++ b/salt/common/tools/sbin/so-learn @@ -106,12 +106,12 @@ def mod_so_status(action: str, items: str): containers = conf.readlines() for item in items: - if f'so-{item}' in containers: - if action == 'remove': containers.remove(f'so-{item}') + if f'so-{item}\n' in containers: + if action == 'remove': containers.remove(f'so-{item}\n') if action == 'add': pass else: if action == 'remove': pass - if action == 'add': containers.append(f'so-{item}') + if action == 'add': containers.append(f'so-{item}\n') conf.seek(0) conf.truncate(0) @@ -180,7 +180,7 @@ def enable_disable_modules(args, enable: bool): else: pillar_modules[module]['enabled'] = enable mod_so_status(action_str, module) - write_needed = enable + write_needed = True if write_needed: args.pillar_dict.update() write_pillar(args.pillar, args.pillar_dict) From ba265d94f45cbb7b2ec2440606d7d4ff72aee180 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 29 Jul 2021 15:14:28 -0400 Subject: [PATCH 248/266] Change default value in learn init to a dict where approriate --- salt/learn/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/learn/init.sls b/salt/learn/init.sls index 51a3fc973..fb5b89802 100644 --- a/salt/learn/init.sls +++ b/salt/learn/init.sls @@ -1,7 +1,7 @@ {% from 'allowed_states.map.jinja' import allowed_states %} {% if sls in allowed_states %} -{% set module_dict = salt['pillar.get']('learn:modules', [] ) %} +{% set module_dict = salt['pillar.get']('learn:modules', {} ) %} {% if module_dict.items()|length != 0 %} include: From b2a83018ba0fe44d77af77b57415264ac19f1a4b Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 29 Jul 2021 15:14:54 -0400 Subject: [PATCH 249/266] Remove or run logscan based on enabled bool --- salt/learn/logscan.sls | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/salt/learn/logscan.sls b/salt/learn/logscan.sls index 1e21e3b2a..cc8bb2996 100644 --- a/salt/learn/logscan.sls +++ b/salt/learn/logscan.sls @@ -2,6 +2,14 @@ {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} {% set logscan_cpu_period = salt['pillar.get']('learn:modules:logscan:cpu_period', 20000) %} +{% set enabled = salt['pillar.get']('learn:modules:logscan:enabled', False) %} + +{% if enabled %} + {% set container_action = 'running' %} +{% else %} + {% set container_action = 'absent'%} +{% endif %} + logscan_data_dir: file.directory: @@ -32,7 +40,8 @@ logscan_log_dir: - group: 939 so-logscan: - docker_container.running: + docker_container.{{ container_action }}: + {% if container_action == 'running' %} - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-logscan:{{ VERSION }} - hostname: logscan - name: so-logscan @@ -42,3 +51,6 @@ so-logscan: - /opt/so/log/logscan:/logscan/output:rw - /opt/so/log:/logscan/logs:ro - cpu_period: {{ logscan_cpu_period }} + {% else %} + - force: true + {% endif %} From d71967ea1db09c37cc25b2e7e4304219321a2bdb Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 30 Jul 2021 10:28:39 -0400 Subject: [PATCH 250/266] Fix incorrect writing of so-status.conf --- salt/common/tools/sbin/so-learn | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-learn b/salt/common/tools/sbin/so-learn index 8103dc09b..815d78ebf 100644 --- a/salt/common/tools/sbin/so-learn +++ b/salt/common/tools/sbin/so-learn @@ -100,7 +100,7 @@ def write_pillar(pillar: str, content: dict): sys.exit(3) -def mod_so_status(action: str, items: str): +def mod_so_status(action: str, items: List): with open(so_status_conf, 'a+') as conf: conf.seek(0) containers = conf.readlines() @@ -112,6 +112,8 @@ def mod_so_status(action: str, items: str): else: if action == 'remove': pass if action == 'add': containers.append(f'so-{item}\n') + + [containers.remove(c_name) for c_name in containers if c_name == '\n'] # remove extra newlines conf.seek(0) conf.truncate(0) From 01bb94514c32eb390f3e107f1fb71c8cd32e7dcb Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 30 Jul 2021 11:05:48 -0400 Subject: [PATCH 251/266] Correct mod_so_status to only act on single string --- salt/common/tools/sbin/so-learn | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/salt/common/tools/sbin/so-learn b/salt/common/tools/sbin/so-learn index 815d78ebf..f4a8ef90e 100644 --- a/salt/common/tools/sbin/so-learn +++ b/salt/common/tools/sbin/so-learn @@ -100,18 +100,18 @@ def write_pillar(pillar: str, content: dict): sys.exit(3) -def mod_so_status(action: str, items: List): +def mod_so_status(action: str, item: str): with open(so_status_conf, 'a+') as conf: conf.seek(0) containers = conf.readlines() - - for item in items: - if f'so-{item}\n' in containers: - if action == 'remove': containers.remove(f'so-{item}\n') - if action == 'add': pass - else: - if action == 'remove': pass - if action == 'add': containers.append(f'so-{item}\n') + + if f'so-{item}\n' in containers: + if action == 'remove': containers.remove(f'so-{item}\n') + if action == 'add': pass + else: + if action == 'remove': pass + if action == 'add': containers.append(f'so-{item}\n') + [containers.remove(c_name) for c_name in containers if c_name == '\n'] # remove extra newlines @@ -193,12 +193,10 @@ def enable_disable_modules(args, enable: bool): def enable_modules(args): enable_disable_modules(args, enable=True) - mod_so_status('add', args.modules) def disable_modules(args): enable_disable_modules(args, enable=False) - mod_so_status('remove', args.modules) def list_modules(*_): From b9980c9d30e547f5ae32e8e8afe15f89f5e78932 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 30 Jul 2021 13:09:09 -0400 Subject: [PATCH 252/266] Fix pipeline name --- .../logstash/pipelines/config/so/9800_output_logscan.conf.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/logstash/pipelines/config/so/9800_output_logscan.conf.jinja b/salt/logstash/pipelines/config/so/9800_output_logscan.conf.jinja index a1c621484..38ee29b69 100644 --- a/salt/logstash/pipelines/config/so/9800_output_logscan.conf.jinja +++ b/salt/logstash/pipelines/config/so/9800_output_logscan.conf.jinja @@ -10,7 +10,7 @@ output { if [module] =~ "logscan" { elasticsearch { id => "logscan_pipeline" - pipeline => "%{module}" + pipeline => "logscan" hosts => "{{ ES }}" {% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %} user => "{{ ES_USER }}" From 33bd6aed20d42d941ed08cd1b83cea4b34c5aceb Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 30 Jul 2021 14:41:15 -0400 Subject: [PATCH 253/266] Fix logscan pipeline on eval * Rename logscan pipeline to logscan.alert * Add module to indices array in filebeat.yml --- salt/elasticsearch/files/ingest/{logscan => logscan.alert} | 0 salt/filebeat/etc/filebeat.yml | 3 +++ .../pipelines/config/so/9800_output_logscan.conf.jinja | 2 +- 3 files changed, 4 insertions(+), 1 deletion(-) rename salt/elasticsearch/files/ingest/{logscan => logscan.alert} (100%) diff --git a/salt/elasticsearch/files/ingest/logscan b/salt/elasticsearch/files/ingest/logscan.alert similarity index 100% rename from salt/elasticsearch/files/ingest/logscan rename to salt/elasticsearch/files/ingest/logscan.alert diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml index f5ba5dc74..3c482e274 100644 --- a/salt/filebeat/etc/filebeat.yml +++ b/salt/filebeat/etc/filebeat.yml @@ -307,6 +307,9 @@ output.elasticsearch: - index: "so-strelka" when.contains: module: "strelka" + - index: "so-logscan" + when.contains: + module: "logscan" setup.template.enabled: false {%- else %} diff --git a/salt/logstash/pipelines/config/so/9800_output_logscan.conf.jinja b/salt/logstash/pipelines/config/so/9800_output_logscan.conf.jinja index 38ee29b69..86944d155 100644 --- a/salt/logstash/pipelines/config/so/9800_output_logscan.conf.jinja +++ b/salt/logstash/pipelines/config/so/9800_output_logscan.conf.jinja @@ -10,7 +10,7 @@ output { if [module] =~ "logscan" { elasticsearch { id => "logscan_pipeline" - pipeline => "logscan" + pipeline => "logscan.alert" hosts => "{{ ES }}" {% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %} user => "{{ ES_USER }}" From 2a6277c0c3bfab781799cd685ae99396011eca1d Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 30 Jul 2021 15:46:39 -0400 Subject: [PATCH 254/266] Fix field names in logscan pipeline --- salt/elasticsearch/files/ingest/logscan.alert | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/salt/elasticsearch/files/ingest/logscan.alert b/salt/elasticsearch/files/ingest/logscan.alert index 3a3debabc..88772c16c 100644 --- a/salt/elasticsearch/files/ingest/logscan.alert +++ b/salt/elasticsearch/files/ingest/logscan.alert @@ -11,12 +11,14 @@ { "remove": { "field": "start_time", "ignore_missing": true } }, { "remove": { "field": "end_time", "ignore_missing": true } }, { "rename": { "field": "source_ip", "target_field": "source.ip", "ignore_missing": true } }, - { "append": { "field": "logsscan.source.ips", "value": "{{{source.ip}}}", "ignore_failure": true } }, - { "rename": { "field": "source_ips", "target_field": "logscan.source.ips", "ignore_missing": true } }, - { "set": { "if": "ctx.model == 'kff'", "field": "rule.name", "value": "LOGSCAN KFF MODEL THRESHOLD" } }, - { "set": { "if": "ctx.model == 'kff'", "field": "rule.description", "value": "High ratio of login failures in 5 minute window" } }, - { "set": { "if": "ctx.model == 'kl'", "field": "rule.name", "value": "LOGSCAN KL MODEL THRESHOLD" } }, - { "set": { "if": "ctx.model == 'kl'", "field": "rule.description", "value": "Large number of login failures in 1 hour window" } }, + { "append": { "field": "logscan.source.ips", "value": "{{{source.ip}}}", "ignore_failure": true } }, + { "rename": { "field": "top_source_ips", "target_field": "logscan.source.ips", "ignore_missing": true } }, + { "set": { "if": "ctx.model == 'k1'", "field": "rule.name", "value": "LOGSCAN K1 MODEL THRESHOLD" } }, + { "set": { "if": "ctx.model == 'k1'", "field": "rule.description", "value": "High number of logins from single IP in 1 minute window" } }, + { "set": { "if": "ctx.model == 'k5'", "field": "rule.name", "value": "LOGSCAN K5 MODEL THRESHOLD" } }, + { "set": { "if": "ctx.model == 'k5'", "field": "rule.description", "value": "High ratio of login failures from single IP in 5 minute window" } }, + { "set": { "if": "ctx.model == 'k60'", "field": "rule.name", "value": "LOGSCAN K60 MODEL THRESHOLD" } }, + { "set": { "if": "ctx.model == 'k60'", "field": "rule.description", "value": "Large number of login failures in 1 hour window" } }, { "rename": { "field": "model", "target_field": "logscan.model" } }, { "rename": { "field": "num_attempts", "target_field": "logscan.attempts.total.amount", "ignore_missing": true } }, { "rename": { "field": "num_failed", "target_field": "logscan.attempts.failed.amount", "ignore_missing": true } }, From 4f39cd1d7f80516134e6b603b82c35cafb3d07df Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 30 Jul 2021 16:02:02 -0400 Subject: [PATCH 255/266] Add logscan dynamic object to so-common template mappings --- salt/elasticsearch/templates/so/so-common-template.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/salt/elasticsearch/templates/so/so-common-template.json b/salt/elasticsearch/templates/so/so-common-template.json index 8afac271c..777bf3f53 100644 --- a/salt/elasticsearch/templates/so/so-common-template.json +++ b/salt/elasticsearch/templates/so/so-common-template.json @@ -313,6 +313,10 @@ "type":"object", "dynamic": true }, + "logscan": { + "type": "object", + "dynamic": true + }, "manager":{ "type":"object", "dynamic": true From 8a49039b854749ab6f76635cf4eeb35bb092c579 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 2 Aug 2021 09:50:49 -0400 Subject: [PATCH 256/266] Only append source.ip to logscan.source.ips if it's been created --- salt/elasticsearch/files/ingest/logscan.alert | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/files/ingest/logscan.alert b/salt/elasticsearch/files/ingest/logscan.alert index 88772c16c..7473060a7 100644 --- a/salt/elasticsearch/files/ingest/logscan.alert +++ b/salt/elasticsearch/files/ingest/logscan.alert @@ -11,8 +11,8 @@ { "remove": { "field": "start_time", "ignore_missing": true } }, { "remove": { "field": "end_time", "ignore_missing": true } }, { "rename": { "field": "source_ip", "target_field": "source.ip", "ignore_missing": true } }, - { "append": { "field": "logscan.source.ips", "value": "{{{source.ip}}}", "ignore_failure": true } }, { "rename": { "field": "top_source_ips", "target_field": "logscan.source.ips", "ignore_missing": true } }, + { "append": { "if": "ctx.source != null", "field": "logscan.source.ips", "value": "{{{source.ip}}}", "ignore_failure": true } }, { "set": { "if": "ctx.model == 'k1'", "field": "rule.name", "value": "LOGSCAN K1 MODEL THRESHOLD" } }, { "set": { "if": "ctx.model == 'k1'", "field": "rule.description", "value": "High number of logins from single IP in 1 minute window" } }, { "set": { "if": "ctx.model == 'k5'", "field": "rule.name", "value": "LOGSCAN K5 MODEL THRESHOLD" } }, From 757091beeb6573d73df6aca44130f4c0d39b9817 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 2 Aug 2021 10:35:39 -0400 Subject: [PATCH 257/266] Add log_level to logscan.conf --- salt/learn/files/logscan.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/learn/files/logscan.conf b/salt/learn/files/logscan.conf index 9b3df8027..d7aa30734 100644 --- a/salt/learn/files/logscan.conf +++ b/salt/learn/files/logscan.conf @@ -1,6 +1,7 @@ [global] ts_format = iso8601 scan_interval = 30s +log_level = info [kratos] log_path = kratos/kratos.log From d3b170c6df21c0ba9a00b41928aa613a804a5122 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 2 Aug 2021 12:37:37 -0400 Subject: [PATCH 258/266] Add logscan automation file + fix enable command in setup --- setup/automation/standalone-iso-logscan | 77 +++++++++++++++++++++++++ setup/so-setup | 2 +- 2 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 setup/automation/standalone-iso-logscan diff --git a/setup/automation/standalone-iso-logscan b/setup/automation/standalone-iso-logscan new file mode 100644 index 000000000..d83ad73db --- /dev/null +++ b/setup/automation/standalone-iso-logscan @@ -0,0 +1,77 @@ +#!/bin/bash + +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +TESTING=true + +address_type=DHCP +ADMINUSER=onionuser +ADMINPASS1=onionuser +ADMINPASS2=onionuser +ALLOW_CIDR=0.0.0.0/0 +ALLOW_ROLE=a +BASICZEEK=2 +BASICSURI=2 +# BLOGS= +BNICS=eth1 +ZEEKVERSION=ZEEK +# CURCLOSEDAYS= +# EVALADVANCED=BASIC +GRAFANA=1 +# HELIXAPIKEY= +HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 +HNSENSOR=inherit +HOSTNAME=standalone +install_type=STANDALONE +LEARN_LOGSCAN_ENABLE=true +# LSINPUTBATCHCOUNT= +# LSINPUTTHREADS= +# LSPIPELINEBATCH= +# LSPIPELINEWORKERS= +MANAGERADV=BASIC +# MDNS= +# MGATEWAY= +# MIP= +# MMASK= +MNIC=eth0 +# MSEARCH= +# MSRV= +# MTU= +NIDS=Suricata +# NODE_ES_HEAP_SIZE= +# NODE_LS_HEAP_SIZE= +NODESETUP=NODEBASIC +NSMSETUP=BASIC +NODEUPDATES=MANAGER +# OINKCODE= +OSQUERY=1 +# PATCHSCHEDULEDAYS= +# PATCHSCHEDULEHOURS= +PATCHSCHEDULENAME=auto +PLAYBOOK=1 +# REDIRECTHOST= +REDIRECTINFO=IP +RULESETUP=ETOPEN +# SHARDCOUNT= +# SKIP_REBOOT= +SOREMOTEPASS1=onionuser +SOREMOTEPASS2=onionuser +STRELKA=1 +THEHIVE=1 +WAZUH=1 +WEBUSER=onionuser@somewhere.invalid +WEBPASSWD1=0n10nus3r +WEBPASSWD2=0n10nus3r diff --git a/setup/so-setup b/setup/so-setup index bfca9b2bd..958d8aea1 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -965,7 +965,7 @@ else if [[ -n $LEARN_LOGSCAN_ENABLE ]]; then set_progress_str 99 'Enabling logscan' - so-learn enable logscan --apply -y >> $setup_log 2>&1 + so-learn enable logscan --apply >> $setup_log 2>&1 fi } | whiptail_gauge_post_setup "Running post-installation steps..." From 19816d8814f251969602deac65745ce513c22d43 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 2 Aug 2021 17:55:27 -0400 Subject: [PATCH 259/266] Condense cloud automations --- ...azure-manager => distribute-cloud-manager} | 0 setup/automation/distributed-ami-manager | 76 ------------------ setup/automation/distributed-azure-search | 78 ------------------- setup/automation/distributed-azure-sensor | 78 ------------------- ...ed-ami-search => distributed-cloud-search} | 0 ...ed-ami-sensor => distributed-cloud-sensor} | 0 setup/automation/eval-ami | 76 ------------------ setup/automation/{eval-azure => eval-cloud} | 0 setup/automation/import-ami | 76 ------------------ .../automation/{import-azure => import-cloud} | 0 setup/automation/standalone-ami | 76 ------------------ .../{standalone-azure => standalone-cloud} | 0 12 files changed, 460 deletions(-) rename setup/automation/{distributed-azure-manager => distribute-cloud-manager} (100%) delete mode 100644 setup/automation/distributed-ami-manager delete mode 100644 setup/automation/distributed-azure-search delete mode 100644 setup/automation/distributed-azure-sensor rename setup/automation/{distributed-ami-search => distributed-cloud-search} (100%) rename setup/automation/{distributed-ami-sensor => distributed-cloud-sensor} (100%) delete mode 100644 setup/automation/eval-ami rename setup/automation/{eval-azure => eval-cloud} (100%) delete mode 100644 setup/automation/import-ami rename setup/automation/{import-azure => import-cloud} (100%) delete mode 100644 setup/automation/standalone-ami rename setup/automation/{standalone-azure => standalone-cloud} (100%) diff --git a/setup/automation/distributed-azure-manager b/setup/automation/distribute-cloud-manager similarity index 100% rename from setup/automation/distributed-azure-manager rename to setup/automation/distribute-cloud-manager diff --git a/setup/automation/distributed-ami-manager b/setup/automation/distributed-ami-manager deleted file mode 100644 index 6f5fb93dc..000000000 --- a/setup/automation/distributed-ami-manager +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC - -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -ALLOW_CIDR=0.0.0.0/0 -ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -#BNICS=eth1 -ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -GRAFANA=1 -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=distributed-manager -install_type=MANAGER -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -MANAGERADV=BASIC -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -# MSRV= -# MTU= -NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -PLAYBOOK=1 -REDIRECTHOST=$(curl http://169.254.169.254/latest/meta-data/public-ipv4) -REDIRECTINFO=OTHER -RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT=0 -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -STRELKA=1 -THEHIVE=1 -WAZUH=1 -WEBUSER=onionuser@somewhere.invalid -WEBPASSWD1=0n10nus3r -WEBPASSWD2=0n10nus3r diff --git a/setup/automation/distributed-azure-search b/setup/automation/distributed-azure-search deleted file mode 100644 index 7e7a82291..000000000 --- a/setup/automation/distributed-azure-search +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/bash - -# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC - -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -#ALLOW_CIDR=0.0.0.0/0 -#ALLOW_ROLE=a -#BASICZEEK=7 -#BASICSURI=7 -# BLOGS= -#BNICS=ens6 -#ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -#GRAFANA=1 -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=distributed-search -install_type=SEARCHNODE -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -#MANAGERADV=BASIC -MANAGERUPDATES=1 -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -MSRV=distributed-manager -MSRVIP=10.99.1.20 -# MTU= -#NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -#OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -#PLAYBOOK=1 -# REDIRECTHOST= -#REDIRECTINFO=HOSTNAME -#RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT=0 -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -#STRELKA=1 -#THEHIVE=1 -#WAZUH=1 -# WEBUSER=onionuser@somewhere.invalid -# WEBPASSWD1=0n10nus3r -# WEBPASSWD2=0n10nus3r \ No newline at end of file diff --git a/setup/automation/distributed-azure-sensor b/setup/automation/distributed-azure-sensor deleted file mode 100644 index fc12774b3..000000000 --- a/setup/automation/distributed-azure-sensor +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/bash - -# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC - -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -#ALLOW_CIDR=0.0.0.0/0 -#ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -BNICS=eth1 -ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -#GRAFANA=1 -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=distributed-sensor -install_type=SENSOR -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -#MANAGERADV=BASIC -MANAGERUPDATES=1 -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -MSRV=distributed-manager -MSRVIP=10.99.1.20 -# MTU= -#NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -#NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -#OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -#PLAYBOOK=1 -# REDIRECTHOST= -#REDIRECTINFO=HOSTNAME -#RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT=0 -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -#STRELKA=1 -#THEHIVE=1 -#WAZUH=1 -# WEBUSER=onionuser@somewhere.invalid -# WEBPASSWD1=0n10nus3r -# WEBPASSWD2=0n10nus3r \ No newline at end of file diff --git a/setup/automation/distributed-ami-search b/setup/automation/distributed-cloud-search similarity index 100% rename from setup/automation/distributed-ami-search rename to setup/automation/distributed-cloud-search diff --git a/setup/automation/distributed-ami-sensor b/setup/automation/distributed-cloud-sensor similarity index 100% rename from setup/automation/distributed-ami-sensor rename to setup/automation/distributed-cloud-sensor diff --git a/setup/automation/eval-ami b/setup/automation/eval-ami deleted file mode 100644 index ac8e42728..000000000 --- a/setup/automation/eval-ami +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC - -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -ALLOW_CIDR=0.0.0.0/0 -ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -BNICS=eth1 -ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -GRAFANA=1 -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=eval-aws -install_type=EVAL -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -MANAGERADV=BASIC -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -# MSRV= -# MTU= -NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -PLAYBOOK=1 -REDIRECTHOST=$(curl http://169.254.169.254/latest/meta-data/public-ipv4) -REDIRECTINFO=OTHER -RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -STRELKA=1 -THEHIVE=1 -WAZUH=1 -WEBUSER=onionuser@somewhere.invalid -WEBPASSWD1=0n10nus3r -WEBPASSWD2=0n10nus3r diff --git a/setup/automation/eval-azure b/setup/automation/eval-cloud similarity index 100% rename from setup/automation/eval-azure rename to setup/automation/eval-cloud diff --git a/setup/automation/import-ami b/setup/automation/import-ami deleted file mode 100644 index 039e9caee..000000000 --- a/setup/automation/import-ami +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC - -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -ALLOW_CIDR=0.0.0.0/0 -ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -#BNICS=eth1 -ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# GRAFANA=1 -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=import -install_type=IMPORT -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -MANAGERADV=BASIC -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -# MSRV= -# MTU= -NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -# OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -# PLAYBOOK=1 -REDIRECTHOST=$(curl http://169.254.169.254/latest/meta-data/public-ipv4) -REDIRECTINFO=OTHER -RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -# SOREMOTEPASS1=onionuser -# SOREMOTEPASS2=onionuser -STRELKA=1 -# THEHIVE=1 -# WAZUH=1 -WEBUSER=onionuser@somewhere.invalid -WEBPASSWD1=0n10nus3r -WEBPASSWD2=0n10nus3r diff --git a/setup/automation/import-azure b/setup/automation/import-cloud similarity index 100% rename from setup/automation/import-azure rename to setup/automation/import-cloud diff --git a/setup/automation/standalone-ami b/setup/automation/standalone-ami deleted file mode 100644 index c006b28fb..000000000 --- a/setup/automation/standalone-ami +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC - -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -ALLOW_CIDR=0.0.0.0/0 -ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -BNICS=eth1 -ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -GRAFANA=1 -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=standalone-aws -install_type=STANDALONE -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -MANAGERADV=BASIC -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -# MSRV= -# MTU= -NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -PLAYBOOK=1 -REDIRECTHOST=$(curl http://169.254.169.254/latest/meta-data/public-ipv4) -REDIRECTINFO=OTHER -RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -STRELKA=1 -THEHIVE=1 -WAZUH=1 -WEBUSER=onionuser@somewhere.invalid -WEBPASSWD1=0n10nus3r -WEBPASSWD2=0n10nus3r diff --git a/setup/automation/standalone-azure b/setup/automation/standalone-cloud similarity index 100% rename from setup/automation/standalone-azure rename to setup/automation/standalone-cloud From f88fa6e3b238b63ad64c00e1ad742dcf56662f79 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 2 Aug 2021 21:51:26 -0400 Subject: [PATCH 260/266] Condense cloud automations --- setup/automation/distribute-cloud-manager | 76 ----------------------- 1 file changed, 76 deletions(-) delete mode 100644 setup/automation/distribute-cloud-manager diff --git a/setup/automation/distribute-cloud-manager b/setup/automation/distribute-cloud-manager deleted file mode 100644 index b9e26beac..000000000 --- a/setup/automation/distribute-cloud-manager +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC - -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -ALLOW_CIDR=0.0.0.0/0 -ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -#BNICS=eth1 -ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -GRAFANA=1 -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=distributed-manager -install_type=MANAGER -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -MANAGERADV=BASIC -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -# MSRV= -# MTU= -NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -PLAYBOOK=1 -REDIRECTHOST=$(cat /root/public_ip) -REDIRECTINFO=OTHER -RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT=0 -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -STRELKA=1 -THEHIVE=1 -WAZUH=1 -WEBUSER=onionuser@somewhere.invalid -WEBPASSWD1=0n10nus3r -WEBPASSWD2=0n10nus3r From eb093b8e6c454b32916829d8abe53c173ed8a2e4 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 2 Aug 2021 21:52:42 -0400 Subject: [PATCH 261/266] Condense cloud automations --- setup/automation/distributed-cloud-manager | 76 ++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 setup/automation/distributed-cloud-manager diff --git a/setup/automation/distributed-cloud-manager b/setup/automation/distributed-cloud-manager new file mode 100644 index 000000000..b9e26beac --- /dev/null +++ b/setup/automation/distributed-cloud-manager @@ -0,0 +1,76 @@ +#!/bin/bash + +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +TESTING=true + +address_type=DHCP +ADMINUSER=onionuser +ADMINPASS1=onionuser +ADMINPASS2=onionuser +ALLOW_CIDR=0.0.0.0/0 +ALLOW_ROLE=a +BASICZEEK=2 +BASICSURI=2 +# BLOGS= +#BNICS=eth1 +ZEEKVERSION=ZEEK +# CURCLOSEDAYS= +# EVALADVANCED=BASIC +GRAFANA=1 +# HELIXAPIKEY= +HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 +HNSENSOR=inherit +HOSTNAME=distributed-manager +install_type=MANAGER +# LSINPUTBATCHCOUNT= +# LSINPUTTHREADS= +# LSPIPELINEBATCH= +# LSPIPELINEWORKERS= +MANAGERADV=BASIC +# MDNS= +# MGATEWAY= +# MIP= +# MMASK= +MNIC=eth0 +# MSEARCH= +# MSRV= +# MTU= +NIDS=Suricata +# NODE_ES_HEAP_SIZE= +# NODE_LS_HEAP_SIZE= +NODESETUP=NODEBASIC +NSMSETUP=BASIC +NODEUPDATES=MANAGER +# OINKCODE= +OSQUERY=1 +# PATCHSCHEDULEDAYS= +# PATCHSCHEDULEHOURS= +PATCHSCHEDULENAME=auto +PLAYBOOK=1 +REDIRECTHOST=$(cat /root/public_ip) +REDIRECTINFO=OTHER +RULESETUP=ETOPEN +# SHARDCOUNT= +# SKIP_REBOOT=0 +SOREMOTEPASS1=onionuser +SOREMOTEPASS2=onionuser +STRELKA=1 +THEHIVE=1 +WAZUH=1 +WEBUSER=onionuser@somewhere.invalid +WEBPASSWD1=0n10nus3r +WEBPASSWD2=0n10nus3r From ee176f5bfd9063b974b247567441c25c746118c5 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 3 Aug 2021 07:40:50 -0400 Subject: [PATCH 262/266] Condense cloud automations --- setup/automation/eval-cloud | 2 +- setup/automation/standalone-cloud | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/automation/eval-cloud b/setup/automation/eval-cloud index 2e9a69784..87994dad2 100644 --- a/setup/automation/eval-cloud +++ b/setup/automation/eval-cloud @@ -34,7 +34,7 @@ GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit -HOSTNAME=eval-aws +HOSTNAME=eval install_type=EVAL # LSINPUTBATCHCOUNT= # LSINPUTTHREADS= diff --git a/setup/automation/standalone-cloud b/setup/automation/standalone-cloud index 28bb2ae87..94fc26cbb 100644 --- a/setup/automation/standalone-cloud +++ b/setup/automation/standalone-cloud @@ -34,7 +34,7 @@ GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit -HOSTNAME=standalone-aws +HOSTNAME=standalone install_type=STANDALONE # LSINPUTBATCHCOUNT= # LSINPUTTHREADS= From 25bf25eae68528e8148ca709548214cc274d1c8e Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 3 Aug 2021 15:24:32 -0400 Subject: [PATCH 263/266] Allowed states remove typo'd logscan --- salt/allowed_states.map.jinja | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja index 1aa79474e..f5f77d8f3 100644 --- a/salt/allowed_states.map.jinja +++ b/salt/allowed_states.map.jinja @@ -46,7 +46,6 @@ 'soctopus', 'tcpreplay', 'docker_clean', - 'logscsan', 'learn' ], 'so-heavynode': [ @@ -78,7 +77,7 @@ 'schedule', 'tcpreplay', 'docker_clean', - 'logscsan' + 'learn' ], 'so-fleet': [ 'ca', @@ -112,7 +111,6 @@ 'schedule', 'tcpreplay', 'docker_clean', - 'logscsan', 'learn' ], 'so-manager': [ @@ -133,7 +131,6 @@ 'schedule', 'soctopus', 'docker_clean', - 'logscsan', 'learn' ], 'so-managersearch': [ @@ -154,7 +151,6 @@ 'schedule', 'soctopus', 'docker_clean', - 'logscsan', 'learn' ], 'so-node': [ @@ -188,7 +184,6 @@ 'soctopus', 'tcpreplay', 'docker_clean', - 'logscsan', 'learn' ], 'so-sensor': [ From 9e5d3aa28675155cf10d7fb26ad95a574607f16c Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 3 Aug 2021 15:25:53 -0400 Subject: [PATCH 264/266] Fix removed root check in so-rule --- salt/common/tools/sbin/so-rule | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-rule b/salt/common/tools/sbin/so-rule index bbb916807..bd1556f58 100755 --- a/salt/common/tools/sbin/so-rule +++ b/salt/common/tools/sbin/so-rule @@ -349,7 +349,9 @@ def sigint_handler(*_): def main(): signal.signal(signal.SIGINT, sigint_handler) - + if os.geteuid() != 0: + print('You must run this script as root', file=sys.stderr) + sys.exit(1) apply_help='After updating rule configuration, apply the idstools state.' From ef59cb47dd22c700a9c6103aeb8c2d2b90979b0f Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 3 Aug 2021 15:26:57 -0400 Subject: [PATCH 265/266] Use print_err function --- salt/common/tools/sbin/so-rule | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-rule b/salt/common/tools/sbin/so-rule index bd1556f58..07d6cd2cc 100755 --- a/salt/common/tools/sbin/so-rule +++ b/salt/common/tools/sbin/so-rule @@ -350,7 +350,7 @@ def main(): signal.signal(signal.SIGINT, sigint_handler) if os.geteuid() != 0: - print('You must run this script as root', file=sys.stderr) + print_err('You must run this script as root') sys.exit(1) apply_help='After updating rule configuration, apply the idstools state.' From 2bc88e77507ea09ec317ce4e7d9b53040ac006df Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 3 Aug 2021 15:29:37 -0400 Subject: [PATCH 266/266] Remove learn from allowed states for helixsensor --- salt/allowed_states.map.jinja | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja index f5f77d8f3..a51ea434b 100644 --- a/salt/allowed_states.map.jinja +++ b/salt/allowed_states.map.jinja @@ -76,8 +76,7 @@ 'logstash', 'schedule', 'tcpreplay', - 'docker_clean', - 'learn' + 'docker_clean' ], 'so-fleet': [ 'ca',