Skip to content

Instantly share code, notes, and snippets.

@aadel

aadel/Realtime Log Analytics Dashboard

Created September 24, 2019 11:42
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save aadel/f32b97ccacfb5bcb55968ab0188e9e4f to your computer and use it in GitHub Desktop.
Save aadel/f32b97ccacfb5bcb55968ab0188e9e4f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Realtime Log Analytics Dashboard
{
"title": "Realtime Log Analytics",
"services": {
"query": {
"idQueue": [
1,
2,
3,
4
],
"list": {
"0": {
"query": "-agent_str:\\\"-\\\"",
"alias": "",
"color": "#7EB26D",
"id": 0,
"pin": false,
"type": "lucene"
}
},
"ids": [
0
]
},
"filter": {
"idQueue": [
1,
3
],
"list": {
"0": {
"from": "NOW-2DAY",
"to": "NOW%2B1DAY",
"field": "_timestamp",
"type": "time",
"fromDateObj": "2019-09-22T11:37:55.899Z",
"toDateObj": "2019-09-24T11:37:55.904Z",
"mandate": "must",
"active": true,
"alias": "",
"id": 0
},
"2": {
"type": "field",
"field": "request",
"query": "(%22%2Fapi%2Fsessions%22)",
"mandate": "mustNot",
"active": true,
"alias": "",
"id": 2
}
},
"ids": [
2,
0
]
}
},
"rows": [
{
"title": "Query and Time Window",
"height": "50px",
"editable": true,
"collapse": false,
"collapsable": true,
"panels": [
{
"error": "",
"span": 6,
"editable": true,
"type": "timepicker",
"loadingEditor": false,
"status": "Stable",
"mode": "relative",
"spyable": true,
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d",
"90d",
"1y",
"5y"
],
"timespan": "2d",
"timefield": "_timestamp",
"timeformat": "",
"refresh": {
"enable": false,
"interval": 90,
"min": 3
},
"filter_id": 0,
"title": "Time Window"
},
{
"error": false,
"span": 6,
"editable": true,
"spyable": true,
"group": [
"default"
],
"type": "query",
"label": "Search",
"history": [
"-agent_str:\\\"-\\\"",
"*"
],
"remember": 10,
"pinned": true,
"query": "*",
"title": "Search",
"def_type": ""
}
]
},
{
"title": "Filters",
"height": "50px",
"editable": true,
"collapse": true,
"collapsable": true,
"panels": [
{
"error": false,
"span": 12,
"editable": true,
"spyable": true,
"group": [
"default"
],
"type": "filtering"
}
]
},
{
"title": "Overview",
"height": "450px",
"editable": true,
"collapse": false,
"collapsable": true,
"panels": [
{
"span": 6,
"editable": true,
"type": "sunburst",
"loadingEditor": false,
"queries": {
"mode": "all",
"ids": [
0
],
"query": "q=-agent_str%3A%5C%22-%5C%22&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&wt=json&facet=true&facet.pivot=verb_str,response,clientip_str&facet.limit=1000&rows=0",
"custom": ""
},
"facet_limit": 1000,
"spyable": true,
"show_queries": true,
"title": "S",
"facet_pivot_strings": [
"verb_str",
"response",
"clientip_str"
]
},
{
"span": 6,
"editable": true,
"type": "map",
"loadingEditor": false,
"queries": {
"mode": "all",
"ids": [
0
],
"query": "q=-agent_str%3A%5C%22-%5C%22&wt=json&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&rows=0&facet=true&facet.field=country_code2_str&facet.limit=100",
"custom": ""
},
"mode": "count",
"field": "country_code2_str",
"stats_field": "",
"decimal_points": 0,
"map": "world",
"useNames": false,
"colors": [
"#A0E2E2",
"#265656"
],
"size": 100,
"exclude": [],
"spyable": true,
"index_limit": 0,
"show_queries": true,
"title": "Map"
}
]
},
{
"title": "Response",
"height": "250px",
"editable": true,
"collapse": false,
"collapsable": true,
"panels": [
{
"span": 4,
"editable": true,
"type": "bar",
"loadingEditor": false,
"queries": {
"mode": "all",
"query": "q=-agent_str%3A%5C%22-%5C%22&wt=json&rows=0&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&facet=true&facet.field=response&facet.limit=10",
"custom": "",
"ids": [
0
]
},
"field": "response",
"size": 10,
"spyable": true,
"show_queries": true,
"title": "R"
},
{
"span": 4,
"editable": true,
"type": "rangeFacet",
"loadingEditor": false,
"mode": "count",
"time_field": "timestamp",
"queries": {
"mode": "all",
"ids": [
0
],
"query": "q=-agent_str%3A%5C%22-%5C%22&wt=json&rows=0&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&facet=true&facet.range=bytes&facet.range.start=0&facet.range.end=1001&facet.range.gap=11\n",
"custom": ""
},
"max_rows": 100000,
"value_field": null,
"fill": 0,
"linewidth": 3,
"auto_int": true,
"resolution": 100,
"interval": 11,
"interval_decimal": 0,
"resolutions": [
5,
10,
25,
50,
75,
100
],
"spyable": true,
"zoomlinks": true,
"bars": true,
"stack": true,
"points": false,
"lines": false,
"lines_smooth": false,
"legend": true,
"x-axis": true,
"y-axis": true,
"percentage": false,
"interactive": true,
"options": true,
"minimum": 0,
"maximum": 1000,
"chart_minimum": "0",
"chart_maximum": "1000",
"tooltip": {
"value_type": "cumulative",
"query_as_alias": false
},
"showChart": true,
"show_queries": true,
"refresh": {
"enable": false,
"interval": 2
},
"title": "Bytes",
"range_field": "bytes"
},
{
"span": 2,
"editable": true,
"type": "hits",
"loadingEditor": false,
"queries": {
"mode": "all",
"ids": [
0
],
"query": "q=-agent_str%3A%5C%22-%5C%22&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&stats=true&stats.field=verb_str&stats.field=bytes&stats.field=bytes&stats.field=bytes&stats.field=bytes&wt=json&rows=0\n",
"basic_query": "",
"custom": ""
},
"style": {
"font-size": "16pt",
"flex-direction": "column"
},
"arrangement": "vertical",
"chart": "total",
"counter_pos": "above",
"donut": false,
"tilt": false,
"labels": true,
"spyable": true,
"show_queries": true,
"metrics": [
{
"type": "count",
"field": "verb_str",
"decimalDigits": 0,
"label": "Hits",
"value": "1607"
},
{
"type": "sum",
"field": "bytes",
"decimalDigits": 0,
"label": "Total bytes transferred",
"value": "9195554"
},
{
"type": "mean",
"field": "bytes",
"decimalDigits": 2,
"label": "Average bytes per request",
"value": "5722.19"
},
{
"type": "min",
"field": "bytes",
"decimalDigits": 0,
"label": "Minimum bytes served",
"value": "126"
},
{
"type": "max",
"field": "bytes",
"decimalDigits": 0,
"label": "Maximum bytes served",
"value": "648338"
}
],
"refresh": {
"enable": false,
"interval": 2
},
"title": "Hits"
},
{
"span": 2,
"editable": true,
"type": "facet",
"loadingEditor": false,
"status": "Stable",
"queries": {
"mode": "all",
"ids": [
0
],
"query": "q=-agent_str%3A%5C%22-%5C%22&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&facet=true&facet.field=httpversion&facet.field=ident_str&wt=json",
"basic_query": "q=-agent_str%3A%5C%22-%5C%22&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&facet=true&facet.field=httpversion&facet.field=ident_str",
"custom": ""
},
"group": "default",
"style": {
"font-size": "9pt"
},
"overflow": "min-height",
"fields": [
"httpversion",
"ident_str"
],
"spyable": true,
"facet_limit": 10,
"maxnum_facets": 5,
"foundResults": true,
"header_title": "Facet Fields",
"toggle_element": null,
"show_queries": true,
"title": "Facet",
"exportSize": null,
"offset": 0
}
]
},
{
"title": "Facets, Histogram and Table",
"height": "250px",
"editable": true,
"collapse": false,
"collapsable": true,
"panels": [
{
"span": 4,
"editable": true,
"type": "terms",
"loadingEditor": false,
"queries": {
"mode": "all",
"ids": [
0
],
"query": "q=-agent_str%3A%5C%22-%5C%22&wt=json&rows=0&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&facet=true&facet.field=verb&facet.limit=10&facet.missing=true&f.verb.facet.sort=count",
"custom": ""
},
"mode": "count",
"field": "verb",
"stats_field": "",
"decimal_points": 0,
"exclude": [],
"missing": false,
"other": false,
"size": 10,
"pages": 10,
"sortBy": "count",
"order": "descending",
"style": {
"font-size": "10pt"
},
"donut": false,
"tilt": false,
"labels": true,
"logAxis": false,
"arrangement": "horizontal",
"chart": "bar",
"counter_pos": "above",
"exportSize": 100,
"lastColor": "rgb(234,184,57)",
"spyable": true,
"show_queries": true,
"bar_chart_arrangement": "vertical",
"chartColors": [
"#E24D42"
],
"refresh": {
"enable": false,
"interval": 2
},
"title": "Methods"
},
{
"span": 8,
"editable": true,
"type": "histogram",
"loadingEditor": false,
"mode": "count",
"queries": {
"mode": "all",
"ids": [
0
],
"query": "q=-agent_str%3A%5C%22-%5C%22&wt=json&rows=0&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&facet=true&facet.range=_timestamp&facet.range.start=NOW-2DAY&facet.range.end=NOW%2B1DAY&facet.range.gap=%2B30MINUTE\n",
"custom": ""
},
"max_rows": 100000,
"value_field": null,
"group_field": null,
"auto_int": true,
"resolution": 100,
"interval": "30m",
"intervals": [
"auto",
"1s",
"1m",
"5m",
"10m",
"30m",
"1h",
"3h",
"12h",
"1d",
"1w",
"1M",
"1y"
],
"fill": 0,
"linewidth": 3,
"timezone": "browser",
"spyable": true,
"zoomlinks": true,
"bars": true,
"stack": true,
"points": false,
"lines": false,
"legend": true,
"x-axis": true,
"y-axis": true,
"percentage": false,
"interactive": true,
"options": true,
"tooltip": {
"value_type": "cumulative",
"query_as_alias": false
},
"title": "Event Counts",
"sum_value": false,
"lines_smooth": false,
"show_queries": true,
"refresh": {
"enable": false,
"interval": 2
}
}
]
},
{
"title": "Graph",
"height": "250px",
"editable": true,
"collapse": false,
"collapsable": true,
"panels": [
{
"span": 4,
"editable": true,
"group": [
"default"
],
"type": "terms",
"queries": {
"mode": "all",
"ids": [
0
],
"query": "q=-agent_str%3A%5C%22-%5C%22&wt=json&rows=0&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&facet=true&facet.field=agent&facet.limit=5&facet.missing=true&f.agent.facet.sort=count"
},
"field": "agent",
"exclude": [],
"missing": false,
"other": false,
"size": 5,
"order": "count",
"style": {
"font-size": "10pt"
},
"donut": false,
"tilt": false,
"labels": true,
"arrangement": "horizontal",
"chart": "pie",
"counter_pos": "none",
"title": "Message Terms",
"spyable": true,
"time_field": "event_timestamp",
"mode": "count",
"stats_field": "",
"decimal_points": 0,
"pages": 10,
"sortBy": "count",
"logAxis": false,
"exportSize": 100,
"lastColor": "rgb(226,77,66)",
"show_queries": true,
"bar_chart_arrangement": "vertical",
"chartColors": [
"#0A437C"
],
"refresh": {
"enable": false,
"interval": 2
}
},
{
"span": 8,
"editable": true,
"type": "heatmap",
"loadingEditor": false,
"queries": {
"mode": "all",
"ids": [
0
],
"query": "q=-agent_str%3A%5C%22-%5C%22&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&wt=json&rows=0&facet=true&facet.pivot=verb,clientip&facet.limit=5&facet.pivot.mincount=0",
"custom": ""
},
"size": 0,
"row_field": "verb",
"col_field": "clientip",
"row_size": 5,
"color": "lime",
"spyable": true,
"transpose_show": true,
"transposed": false,
"show_queries": true,
"title": "H"
}
]
},
{
"title": "Events",
"height": "650px",
"editable": true,
"collapse": false,
"collapsable": true,
"panels": [
{
"span": 12,
"editable": true,
"group": [
"default"
],
"type": "table",
"size": 20,
"pages": 5,
"offset": 0,
"sort": [
"id",
"desc"
],
"style": {
"font-size": "9pt"
},
"overflow": "min-height",
"fields": [
"request",
"response",
"clientip",
"bytes",
"verb",
"message"
],
"highlight": [],
"sortable": true,
"header": true,
"paging": true,
"spyable": true,
"queries": {
"mode": "all",
"ids": [
0
],
"query": "q=-agent_str%3A%5C%22-%5C%22&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&sort=id desc&wt=json&rows=100",
"basic_query": "q=-agent_str%3A%5C%22-%5C%22&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&sort=id desc"
},
"field_list": false,
"status": "Stable",
"trimFactor": 300,
"normTimes": true,
"title": "Events",
"time_field": "event_timestamp",
"important_fields": [
"request_str",
"response",
"path_str"
],
"saveOption": "json",
"exportSize": 100,
"exportAll": true,
"displayLinkIcon": true,
"imageFields": [],
"imgFieldWidth": "auto",
"imgFieldHeight": "85px",
"show_queries": true,
"maxNumCalcTopFields": 20,
"calcTopFieldValuesFromAllData": false,
"subrowMaxChar": 300,
"subrowOffset": 0,
"refresh": {
"enable": false,
"interval": 2
}
}
]
}
],
"editable": true,
"index": {
"interval": "none",
"pattern": "[logstash-]YYYY.MM.DD",
"default": "_all"
},
"style": "light",
"failover": false,
"panel_hints": true,
"loader": {
"save_gist": true,
"save_elasticsearch": true,
"save_local": true,
"save_default": true,
"save_temp": true,
"save_temp_ttl_enable": true,
"save_temp_ttl": "30d",
"load_gist": true,
"load_elasticsearch": true,
"load_elasticsearch_size": 20,
"load_local": true,
"hide": false,
"dropdown_collections": false,
"save_as_public": false
},
"solr": {
"server": "/solr/",
"core_name": "logs",
"core_list": [
"logs"
],
"global_params": ""
},
"username": "guest",
"home": true
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment