CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-09 02:32:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

beginning of managing individual panels in grafana

Browse Source
This commit is contained in:
m0duspwnens
2021-07-06 10:08:36 -04:00
parent a16f733622
commit 98505a9a3f
6 changed files with 904 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

152
salt/grafana/dashboards/standalone/common_standalone.json.jinja Normal file
View File

@@ -0,0 +1,152 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"description": "This Dashboard provides a general overview of Standalone Mode",
"editable": true,
"gnetId": 2381,
"graphTooltip": 0,
"id": 6,
"iteration": 1625018989654,
"links": [],
"panels": [
{% for panel in PANELS -%}
{%- import_json "grafana/panels/" ~ panel ~ ".json" as panel %}
{{ panel }},
{%- endfor %}
],
"refresh": "30s",
"schemaVersion": 27,
"style": "dark",
"tags": [],
"templating": {
"list": [
{
"auto": true,
"auto_count": 30,
"auto_min": "10s",
"current": {
"selected": false,
"text": "10s",
"value": "10s"
},
"description": null,
"error": null,
"hide": 0,
"label": null,
"name": "Interval",
"options": [
{
"selected": false,
"text": "auto",
"value": "$__auto_interval_Interval"
},
{
"selected": true,
"text": "10s",
"value": "10s"
},
{
"selected": false,
"text": "1m",
"value": "1m"
},
{
"selected": false,
"text": "10m",
"value": "10m"
},
{
"selected": false,
"text": "30m",
"value": "30m"
},
{
"selected": false,
"text": "1h",
"value": "1h"
},
{
"selected": false,
"text": "6h",
"value": "6h"
},
{
"selected": false,
"text": "12h",
"value": "12h"
},
{
"selected": false,
"text": "1d",
"value": "1d"
},
{
"selected": false,
"text": "7d",
"value": "7d"
},
{
"selected": false,
"text": "14d",
"value": "14d"
},
{
"selected": false,
"text": "30d",
"value": "30d"
}
],
"query": "10s, 1m,10m,30m,1h,6h,12h,1d,7d,14d,30d",
"refresh": 3,
"skipUrlSync": false,
"type": "interval"
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "browser",
"title": "Standalone Mode - {{ SERVERNAME }} Overview",
"uid": "{{ UID }}",
"version": 17
}

130
salt/grafana/dashboards/template.json Normal file
View File

@@ -0,0 +1,130 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"description": "MY DASHBOARD DESCRIPTION",
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"id": 7,
"iteration": 1625251118337,
"links": [],
"panels": [],
"schemaVersion": 27,
"style": "dark",
"tags": [],
"templating": {
"list": [
{
"allValue": null,
"current": {
"selected": false,
"text": "mynode1",
"value": "mynode1"
},
"description": "",
"error": null,
"hide": 0,
"includeAll": false,
"label": "Node",
"multi": false,
"name": "query0",
"options": [
{
"selected": true,
"text": "mynode1",
"value": "mynode1"
},
{
"selected": false,
"text": "mynode2",
"value": "mynode2"
},
{
"selected": false,
"text": "mynode3",
"value": "mynode3"
}
],
"query": "mynode1,mynode2,mynode3",
"queryValue": "",
"skipUrlSync": false,
"type": "custom"
},
{
"current": {
"selected": true,
"text": "{{ MANINT }}",
"value": "{{ MANINT }}"
},
"description": null,
"error": null,
"hide": 0,
"label": "Management Interface",
"name": "manint",
"options": [
{
"selected": true,
"text": "{{ MANINT }}",
"value": "{{ MANINT }}"
}
],
"query": "{{ MANINT }}",
"skipUrlSync": false,
"type": "textbox"
},
{
"current": {
"selected": true,
"text": "{{ MONINT }}",
"value": "{{ MONINT }}"
},
"description": null,
"error": null,
"hide": 2,
"label": "Monitor Interface",
"name": "monint",
"options": [
{
"selected": true,
"text": "{{ MONINT }}",
"value": "{{ MONINT }}"
}
],
"query": "{{ MONINT }}",
"skipUrlSync": false,
"type": "textbox"
}
]
},
"time": {
"from": "now-6h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
]
},
"timezone": "browser",
"title": "MY DASHBOARD NAME",
"uid": "IQqwsPznk",
"version": 3
}

20
salt/grafana/defaults.yaml
View File

@@ -23,4 +23,22 @@ grafana:
# config_file: /etc/grafana/config/files/ldap.toml
# allow_sign_up: true
# enterprise:
# license_path: /opt/so/conf/grafana/etc/files/license.jwt
# license_path: /opt/so/conf/grafana/etc/files/license.jwt
dashboards:
standalone:
panels:
cpu_usage_idle:
enabled: true
trend: true
gridPos:
h: 10
w: 20
x: 0
y: 0
# cpu_usage_tasks: {}
# disk_io: {}
# disk_used_root: {}
# disk_used_nsm: {}
# elasticsearch_cpu_usage: {}
# elasticsearch_documents_count: {}
# elasticsearch_field_data_cache_size: {}

125
salt/grafana/init.sls
View File

@@ -115,141 +115,28 @@ grafana-config-files:
- source: salt://grafana/etc/files
- makedirs: True
{% if salt['pillar.get']('managertab', False) %}
{% for SN, SNDATA in salt['pillar.get']('managertab', {}).items() %}
{% set NODETYPE = SN.split('_')|last %}
{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
dashboard-manager:
file.managed:
- name: /opt/so/conf/grafana/grafana_dashboards/manager/{{ SN }}-Manager.json
- user: 939
- group: 939
- template: jinja
- source: salt://grafana/dashboards/manager/manager.json
- defaults:
SERVERNAME: {{ SN }}
MANINT: {{ SNDATA.manint }}
CPUS: {{ SNDATA.totalcpus }}
UID: so_overview
ROOTFS: {{ SNDATA.rootfs }}
NSMFS: {{ SNDATA.nsmfs }}
{% endfor %}
{% endif %}
{% if salt['pillar.get']('managersearchtab', False) %}
{% for SN, SNDATA in salt['pillar.get']('managersearchtab', {}).items() %}
{% set NODETYPE = SN.split('_')|last %}
{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
dashboard-managersearch:
file.managed:
- name: /opt/so/conf/grafana/grafana_dashboards/managersearch/{{ SN }}-ManagerSearch.json
- user: 939
- group: 939
- template: jinja
- source: salt://grafana/dashboards/managersearch/managersearch.json
- defaults:
SERVERNAME: {{ SN }}
MANINT: {{ SNDATA.manint }}
CPUS: {{ SNDATA.totalcpus }}
UID: so_overview
ROOTFS: {{ SNDATA.rootfs }}
NSMFS: {{ SNDATA.nsmfs }}
{% endfor %}
{% endif %}
{% if salt['pillar.get']('standalonetab', False) %}
{% for SN, SNDATA in salt['pillar.get']('standalonetab', {}).items() %}
{% set NODETYPE = SN.split('_')|last %}
{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
dashboard-standalone:
{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
common--standalone-dashboard:
file.managed:
- name: /opt/so/conf/grafana/grafana_dashboards/standalone/{{ SN }}-Standalone.json
- name: /opt/so/conf/grafana/grafana_dashboards/standalone/common_standalone.json
- user: 939
- group: 939
- template: jinja
- source: salt://grafana/dashboards/standalone/standalone.json
- source: salt://grafana/dashboards/standalone/common_standalone.json.jinja
- defaults:
SERVERNAME: {{ SN }}
MANINT: {{ SNDATA.manint }}
MONINT: {{ SNDATA.monint }}
CPUS: {{ SNDATA.totalcpus }}
UID: so_overview
ROOTFS: {{ SNDATA.rootfs }}
NSMFS: {{ SNDATA.nsmfs }}
PANELS: {{GRAFANA_SETTINGS.dashboards.standalone.panels}}
{% endfor %}
{% endif %}
{% if salt['pillar.get']('sensorstab', False) %}
{% for SN, SNDATA in salt['pillar.get']('sensorstab', {}).items() %}
{% set NODETYPE = SN.split('_')|last %}
{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
dashboard-{{ SN }}:
file.managed:
- name: /opt/so/conf/grafana/grafana_dashboards/sensor_nodes/{{ SN }}-Sensor.json
- user: 939
- group: 939
- template: jinja
- source: salt://grafana/dashboards/sensor_nodes/sensor.json
- defaults:
SERVERNAME: {{ SN }}
MANINT: {{ SNDATA.manint }}
MONINT: {{ SNDATA.monint }}
CPUS: {{ SNDATA.totalcpus }}
UID: {{ SNDATA.guid }}
ROOTFS: {{ SNDATA.rootfs }}
NSMFS: {{ SNDATA.nsmfs }}
{% endfor %}
{% endif %}
{% if salt['pillar.get']('nodestab', False) %}
{% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
{% set NODETYPE = SN.split('_')|last %}
{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
dashboardsearch-{{ SN }}:
file.managed:
- name: /opt/so/conf/grafana/grafana_dashboards/search_nodes/{{ SN }}-Node.json
- user: 939
- group: 939
- template: jinja
- source: salt://grafana/dashboards/search_nodes/searchnode.json
- defaults:
SERVERNAME: {{ SN }}
MANINT: {{ SNDATA.manint }}
CPUS: {{ SNDATA.totalcpus }}
UID: {{ SNDATA.guid }}
ROOTFS: {{ SNDATA.rootfs }}
NSMFS: {{ SNDATA.nsmfs }}
{% endfor %}
{% endif %}
{% if salt['pillar.get']('evaltab', False) %}
{% for SN, SNDATA in salt['pillar.get']('evaltab', {}).items() %}
{% set NODETYPE = SN.split('_')|last %}
{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
dashboard-{{ SN }}:
file.managed:
- name: /opt/so/conf/grafana/grafana_dashboards/eval/{{ SN }}-Node.json
- user: 939
- group: 939
- template: jinja
- source: salt://grafana/dashboards/eval/eval.json
- defaults:
SERVERNAME: {{ SN }}
MANINT: {{ SNDATA.manint }}
MONINT: {{ SNDATA.monint }}
CPUS: {{ SNDATA.totalcpus }}
UID: so_overview
ROOTFS: {{ SNDATA.rootfs }}
NSMFS: {{ SNDATA.nsmfs }}
{% endfor %}
{% endif %}
so-grafana:
docker_container.running:
@@ -283,4 +170,4 @@ append_so-grafana_so-status.conf:
test.fail_without_changes:
- name: {{sls}}_state_not_allowed
{% endif %}
{% endif %}

594
salt/grafana/panels/cpu_docker_combined.json Normal file
View File

@@ -0,0 +1,594 @@
{
"type": "graph",
"title": "Panel Title",
"gridPos": {
"x": 0,
"y": 0,
"w": 24,
"h": 14
},
"id": 78,
"targets": [
{
"refId": "A",
"queryType": "randomWalk",
"policy": "default",
"resultFormat": "time_series",
"orderByTime": "ASC",
"tags": [
{
"key": "host",
"operator": "=",
"value": "jppce2360sa-influx-scripts"
},
{
"condition": "AND",
"key": "container_name",
"operator": "=",
"value": "so-elasticsearch"
}
],
"groupBy": [
{
"type": "time",
"params": [
"$__interval"
]
},
{
"type": "fill",
"params": [
"null"
]
}
],
"select": [
[
{
"type": "field",
"params": [
"usage_percent"
]
},
{
"type": "mean",
"params": []
},
{
"type": "math",
"params": [
" /8"
]
}
]
],
"measurement": "docker_container_cpu",
"query": "SELECT mean(\"usage_percent\") /8 FROM \"docker_container_cpu\" WHERE (\"host\" = 'jppce2360sa-influx-scripts' AND \"container_name\" = 'so-elasticsearch') AND $timeFilter GROUP BY time($__interval) fill(null)",
"rawQuery": false,
"hide": false,
"alias": "elasticsearch"
},
{
"refId": "B",
"hide": false,
"policy": "default",
"resultFormat": "time_series",
"orderByTime": "ASC",
"tags": [
{
"key": "host",
"operator": "=",
"value": "jppce2360sa-influx-scripts"
},
{
"condition": "AND",
"key": "container_name",
"operator": "=",
"value": "so-filebeat"
}
],
"groupBy": [
{
"type": "time",
"params": [
"$__interval"
]
},
{
"type": "fill",
"params": [
"null"
]
}
],
"select": [
[
{
"type": "field",
"params": [
"usage_percent"
]
},
{
"type": "mean",
"params": []
},
{
"type": "math",
"params": [
" /8"
]
}
]
],
"measurement": "docker_container_cpu",
"alias": "filebeat"
},
{
"refId": "C",
"hide": false,
"policy": "default",
"resultFormat": "time_series",
"orderByTime": "ASC",
"tags": [
{
"key": "host",
"operator": "=",
"value": "jppce2360sa-influx-scripts"
},
{
"condition": "AND",
"key": "container_name",
"operator": "=",
"value": "so-influxdb"
}
],
"groupBy": [
{
"type": "time",
"params": [
"$__interval"
]
},
{
"type": "fill",
"params": [
"null"
]
}
],
"select": [
[
{
"type": "field",
"params": [
"usage_percent"
]
},
{
"type": "mean",
"params": []
},
{
"type": "math",
"params": [
" /8"
]
}
]
],
"measurement": "docker_container_cpu",
"alias": "influxdb"
},
{
"refId": "D",
"hide": false,
"policy": "default",
"resultFormat": "time_series",
"orderByTime": "ASC",
"tags": [
{
"key": "host",
"operator": "=",
"value": "jppce2360sa-influx-scripts"
},
{
"condition": "AND",
"key": "container_name",
"operator": "=",
"value": "so-logstash"
}
],
"groupBy": [
{
"type": "time",
"params": [
"$__interval"
]
},
{
"type": "fill",
"params": [
"null"
]
}
],
"select": [
[
{
"type": "field",
"params": [
"usage_percent"
]
},
{
"type": "mean",
"params": []
},
{
"type": "math",
"params": [
" /8"
]
}
]
],
"measurement": "docker_container_cpu",
"alias": "logstash"
},
{
"refId": "E",
"hide": false,
"policy": "default",
"resultFormat": "time_series",
"orderByTime": "ASC",
"tags": [
{
"key": "host",
"operator": "=",
"value": "jppce2360sa-influx-scripts"
},
{
"condition": "AND",
"key": "container_name",
"operator": "=",
"value": "so-zeek"
}
],
"groupBy": [
{
"type": "time",
"params": [
"$__interval"
]
},
{
"type": "fill",
"params": [
"null"
]
}
],
"select": [
[
{
"type": "field",
"params": [
"usage_percent"
]
},
{
"type": "mean",
"params": []
},
{
"type": "math",
"params": [
"/8"
]
}
]
],
"alias": "zeek",
"measurement": "docker_container_cpu"
},
{
"refId": "F",
"hide": false,
"policy": "default",
"resultFormat": "time_series",
"orderByTime": "ASC",
"tags": [
{
"key": "host",
"operator": "=",
"value": "jppce2360sa-influx-scripts"
},
{
"condition": "AND",
"key": "container_name",
"operator": "=",
"value": "so-suricata"
}
],
"groupBy": [
{
"type": "time",
"params": [
"$__interval"
]
},
{
"type": "fill",
"params": [
"null"
]
}
],
"select": [
[
{
"type": "field",
"params": [
"value"
]
},
{
"type": "mean",
"params": []
},
{
"type": "math",
"params": [
"/8"
]
}
]
],
"measurement": "docker_container_cpu",
"alias": "suricata"
},
{
"refId": "G",
"hide": false,
"policy": "default",
"resultFormat": "time_series",
"orderByTime": "ASC",
"tags": [
{
"key": "host",
"operator": "=",
"value": "jppce2360sa-influx-scripts"
},
{
"condition": "AND",
"key": "container_name",
"operator": "=",
"value": "so-steno"
}
],
"groupBy": [
{
"type": "time",
"params": [
"$__interval"
]
},
{
"type": "fill",
"params": [
"null"
]
}
],
"select": [
[
{
"type": "field",
"params": [
"usage_percent"
]
},
{
"type": "mean",
"params": []
},
{
"type": "math",
"params": [
"/8"
]
}
]
],
"measurement": "docker_container_cpu",
"alias": "steno"
},
{
"refId": "H",
"hide": false,
"policy": "default",
"resultFormat": "time_series",
"orderByTime": "ASC",
"tags": [
{
"key": "host",
"operator": "=",
"value": "jppce2360sa-influx-scripts"
},
{
"condition": "AND",
"key": "container_name",
"operator": "=",
"value": "so-kibana"
}
],
"groupBy": [
{
"type": "time",
"params": [
"$__interval"
]
},
{
"type": "fill",
"params": [
"null"
]
}
],
"select": [
[
{
"type": "field",
"params": [
"usage_percent"
]
},
{
"type": "mean",
"params": []
},
{
"type": "math",
"params": [
"/8"
]
}
]
],
"measurement": "docker_container_cpu",
"alias": "kibana"
},
{
"refId": "I",
"hide": false,
"policy": "default",
"resultFormat": "time_series",
"orderByTime": "ASC",
"tags": [
{
"key": "host",
"operator": "=",
"value": "jppce2360sa-influx-scripts"
},
{
"condition": "AND",
"key": "container_name",
"operator": "=",
"value": "so-redis"
}
],
"groupBy": [
{
"type": "time",
"params": [
"$__interval"
]
},
{
"type": "fill",
"params": [
"null"
]
}
],
"select": [
[
{
"type": "field",
"params": [
"usage_percent"
]
},
{
"type": "mean",
"params": []
},
{
"type": "math",
"params": [
"/8"
]
}
]
],
"measurement": "docker_container_cpu",
"alias": "redis"
}
],
"options": {
"alertThreshold": true
},
"datasource": "InfluxDB",
"fieldConfig": {
"defaults": {},
"overrides": []
},
"pluginVersion": "7.5.4",
"renderer": "flot",
"yaxes": [
{
"label": null,
"show": true,
"logBase": 1,
"min": null,
"max": null,
"format": "short"
},
{
"label": null,
"show": true,
"logBase": 1,
"min": null,
"max": null,
"format": "short"
}
],
"xaxis": {
"show": true,
"mode": "time",
"name": null,
"values": [],
"buckets": null
},
"yaxis": {
"align": false,
"alignLevel": null
},
"lines": true,
"fill": 1,
"linewidth": 1,
"dashLength": 10,
"spaceLength": 10,
"pointradius": 2,
"legend": {
"show": true,
"values": false,
"min": false,
"max": false,
"current": false,
"total": false,
"avg": false
},
"nullPointMode": "connected",
"tooltip": {
"value_type": "individual",
"shared": true,
"sort": 0
},
"aliasColors": {},
"seriesOverrides": [],
"thresholds": [],
"timeRegions": [],
"fillGradient": 0,
"dashes": false,
"hiddenSeries": false,
"points": false,
"bars": false,
"stack": false,
"percentage": false,
"steppedLine": false,
"timeFrom": null,
"timeShift": null
}

6
salt/grafana/panels/cpu_usage_idle.json.jinja → salt/grafana/panels/cpu_usage_idle.json
View File

@@ -101,7 +101,7 @@
{
"key": "host",
"operator": "=",
"value": "{{ SERVERNAME }}"
"value": " SERVERNAME "
},
{
"condition": "AND",
@@ -158,7 +158,7 @@
{
"key": "host",
"operator": "=",
"value": "{{ SERVERNAME }}"
"value": " SERVERNAME "
},
{
"condition": "AND",
@@ -173,7 +173,7 @@
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "{{ SERVERNAME }} - CPU",
"title": " SERVERNAME - CPU",
"tooltip": {
"shared": true,
"sort": 0,