DevOps Runbook: An example splunk dashboard XML

<dashboard>
<label>My label</label>
<description>A description</description>

<row>
    <panel>
      <title>Datacentre 1</title>
      <table>
        <search>

          <query>
            (host=jupiter ORhost=neptune)
            sourcetype=apache* source=*check_endpoints_info.log HTTP_STATUS_CODE: |
            rex field=_raw "TIMESTAMP:(?<TIMESTAMP>.+)\s+APP" |
            rex field=_raw "APP:(?<SERVICE>.+)\s+PORT" |
            rex field=_raw "CONTEXT ROOT:(?<CONTEXT_ROOT>.+)\s+GET" |
            rex field=_raw "\s+GET:\s+(?<URI>.+)\s+HTTP.+Host" |
            rex field=_raw "\s+HTTP_STATUS_CODE:\s+(?<HTTP_STATUS>\d+).+" |
            rex field=_raw "PORT:(?<PORT>.+)CONTEXT ROOT" |
            stats max(TIMESTAMP) as TIMESTAMP by host,SERVICE,URI,HTTP_STATUS |
            sort host
          </query>

          <earliest>-210s@s</earliest>
          <latest>now</latest>
          <refresh>1m</refresh>
          <refreshType>delay</refreshType>

        </search>

        <option name="count">18</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">row</option>
        <option name="percentagesRow">false</option>
        <option name="rowNumbers">true</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>

        <format type="color" field="HTTP_STATUS">
          <colorPalette type="map">{"200":#65A637,"404":#D93F3C,"500":#D93F3C,"503":#D93F3C}</colorPalette>
        </format>

      </table>
    </panel>

    <panel>
      <title>Datacentre 2</title>
      <table>
        <search>

          <query>
            (host=mars OR host=venus)
            sourcetype=apache* source=*check_endpoints_info.log HTTP_STATUS_CODE: |
            rex field=_raw "TIMESTAMP:(?<TIMESTAMP>.+)\s+APP" |
            rex field=_raw "APP:(?<SERVICE>.+)\s+PORT" |
            rex field=_raw "CONTEXT ROOT:(?<CONTEXT_ROOT>.+)\s+GET" |
            rex field=_raw "\s+GET:\s+(?<URI>.+)\s+HTTP.+Host" |
            rex field=_raw "\s+HTTP_STATUS_CODE:\s+(?<HTTP_STATUS>\d+).+" |
            rex field=_raw "PORT:(?<PORT>.+)CONTEXT ROOT" |
            stats max(TIMESTAMP) as TIMESTAMP by host,SERVICE,URI,HTTP_STATUS |
            sort host
          </query>

          <earliest>-4m@m</earliest>
          <latest>now</latest>
          <refresh>1m</refresh>
          <refreshType>delay</refreshType>

        </search>

        <option name="count">18</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">row</option>
        <option name="percentagesRow">false</option>
        <option name="rowNumbers">true</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
        <format type="color" field="HTTP_STATUS">
          <colorPalette type="map">{"200":#65A637,"404":#D93F3C,"500":#D93F3C,"503":#D93F3C}</colorPalette>
        </format>

      </table>
    </panel>
</row>
</dashboard>

DevOps Runbook

Saturday 13 January 2018

An example splunk dashboard XML

No comments:

Post a Comment