Last active
July 28, 2017 13:39
-
-
Save diurnalist/e8c5f4a635c336e32131db7cc84c4b69 to your computer and use it in GitHub Desktop.
Generate links for Kibana4 dashboards. Requires `ipcalc` to expand CIDRs. Set KIBANA_HOST and KIBANA_DASHBOARD accordingly.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -eu -o pipefail | |
kibanaBaseUrl="$KIBANA_HOST/app/kibana?#/dashboard/$KIBANA_DASHBOARD" | |
kibanaGlobalParams="_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-1h,mode:quick,to:now))" | |
type="${1:-}" | |
shift | |
usage() { | |
cat <<EOF | |
Usage: kibana <type> [terms] | |
Type: | |
ip: get a summary URL for traffic from some IP/CIDRs | |
path: get a summary URL for traffic on some path | |
referer: get a summary URL for traffic from some referers | |
ua: get a summary URL for traffic from some user agents | |
Examples: | |
# See traffic from a given range | |
kibana ip 10.0.0.0/8 | |
# See traffic from specific IPs | |
kibana ip 10.0.0.1 10.0.0.10 | |
# See traffic on one endpoint (using wildcards) | |
kibana path '/path/to/resource*' | |
# See traffic from a referer (using wildcards) | |
kibana referer 'https://*example.com*' | |
# See traffic from a user agent (using wildcards) | |
kibana ua '*Google Chrome*' | |
EOF | |
exit 1 | |
} | |
kibana_dashboard() { | |
query="$1" | |
echo "$kibanaBaseUrl?$kibanaGlobalParams&_a=(query:($query))" | |
} | |
create_ip_dashboard() { | |
ips="$@" | |
query="" | |
delim="%20OR%20" | |
for ip in $ips | |
do | |
if [[ "$ip" == *"/"* && "$ip" != *"/32" ]]; then | |
# Expand CIDR | |
query="${query}${delim}$(ipcalc "$ip" -b \ | |
| grep HostM \ | |
| awk 'NR==1 { printf "request_header_x_real_ip:%%5B" $2 "%%20TO%%20"; getline; print $2 "%5D" }')" | |
else | |
query="${query}${delim}request_header_x_real_ip:${ip%/32}" | |
fi | |
done | |
kibana_dashboard "query_string:(query:%27$(sed 's/^%20OR%20//' <<<"$query")%27)" | |
} | |
create_referer_dashboard() { | |
# Only allow passing single referer | |
referer="$1" | |
kibana_dashboard "wildcard:(request_header_referer:%27$referer%27)" | |
} | |
create_user_agent_dashboard() { | |
# Only allow passing single user agent | |
userAgent="$1" | |
kibana_dashboard "wildcard:(request_header_user_agent:%27$userAgent%27)" | |
} | |
create_request_path_dashboard() { | |
# Only allow passing single path | |
path="$1" | |
kibana_dashboard "wildcard:(http_request:%27$path%27)" | |
} | |
case $type in | |
-h|--help) | |
usage | |
;; | |
ip) | |
create_ip_dashboard "$@" | |
;; | |
path) | |
create_request_path_dashboard "$@" | |
;; | |
referer) | |
create_referer_dashboard "$@" | |
;; | |
ua) | |
create_user_agent_dashboard "$@" | |
;; | |
*) | |
usage | |
;; | |
esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment