Reply
Highlighted

DNS Top Clients (Host) with IP filter

[ Edited ]
Adviser
Posts: 118
4318     3

 

As requested by LEdwards, here is a version of the DNS Top Clients (Host) reporting with an IP filter. Note that you can input a single IP, use wildcards (192.168.*), or use CIDR notation (192.168.0.0/16).

 

screencapture-demogm1-infoblox-ui-mjvSn9GKADp75DyV1BGF-Q-mjva8-Qmj8d-1493925954270.png

 

<form>
  <label>DNS Top Clients (Host) with IP filter</label>
  <description>System-created dashboard: Please clone before editing.</description>
  <fieldset submitButton="true" autoRun="true">
    <input type="time" token="time">
      <label>Time</label>
      <default>
        <earliest>-1d</earliest>
        <latest>now</latest>
      </default>
    </input>
    <input type="dropdown" token="topn">
      <label>Top N</label>
      <default>10</default>
      <choice value="5">5</choice>
      <choice value="10">10</choice>
      <choice value="20">20</choice>
      <choice value="50">50</choice>
      <choice value="100">100</choice>
      <choice value="200">200</choice>
      <choice value="250">250</choice>
      <choice value="500">500</choice>
    </input>
    <input type="text" token="ip_filter">
      <label>IP</label>
      <default>*</default>
      <initialValue>*</initialValue>
    </input>
    <input type="multiselect" token="members">
      <label>Members</label>
      <choice value="*">All</choice>
      <search>
        <query>index=ib_dns_summary report=si_dns_top_clients
               | stats count by orig_host</query>
        <earliest>$time.earliest$</earliest>
        <latest>$time.latest$</latest>
      </search>
      <fieldForLabel>orig_host</fieldForLabel>
      <fieldForValue>orig_host</fieldForValue>
      <default>*</default>
      <prefix>(</prefix>
      <suffix>)</suffix>
      <valuePrefix>orig_host="</valuePrefix>
      <valueSuffix>"</valueSuffix>
      <delimiter> OR </delimiter>
    </input>
    <input type="dropdown" token="dns_view">
      <label>DNS View</label>
      <choice value="All">All</choice>
      <search>
        <query>index=ib_dns_summary report=si_dns_top_clients
               | stats count by display_name</query>
        <earliest>$time.earliest$</earliest>
        <latest>$time.latest$</latest>
      </search>
      <fieldForLabel>display_name</fieldForLabel>
      <fieldForValue>display_name</fieldForValue>
      <default>All</default>
      <change>
        <condition value="All">
          <set token="dns_view_str">*</set>
        </condition>
        <condition value="*">
          <set token="dns_view_str">display_name="$value$"</set>
        </condition>
      </change>
    </input>
    <input type="link" token="view" searchWhenChanged="true">
      <label>View</label>
      <choice value="chart">Bar Chart</choice>
      <choice value="table">Table</choice>
      <choice value="both">Both</choice>
      <default>chart</default>
      <change>
        <condition value="table">
          <set token="show_table">true</set>
          <unset token="show_chart"></unset>
        </condition>
        <condition value="chart">
          <set token="show_chart">true</set>
          <unset token="show_table"></unset>
        </condition>
        <condition value="both">
          <set token="show_chart">true</set>
          <set token="show_table">true</set>
        </condition>
      </change>
    </input>
  </fieldset>
  <search id="base_search">
    <query>index=ib_dns_summary report=si_dns_top_clients
      CLIENT=$ip_filter$
           $members$
           $dns_view_str$
           | stats sum(COUNT) as CLIENT_QUERIES by CLIENT
           | sort -CLIENT_QUERIES
       | lookup dnslookup clientip as CLIENT OUTPUT clienthost as CLIENT_RESOLVED
      | fillnull value="" CLIENT_RESOLVED
      | eval newField= CLIENT." ".CLIENT_RESOLVED 
      | rename newField as CLIENT
           | head $topn$
           | eventstats sum(CLIENT_QUERIES) as TOTAL
           | eval PERCENT=round(CLIENT_QUERIES*100/TOTAL,1)
           | eval PCLIENT=CLIENT+" ("+PERCENT+"%)"
           | rename PCLIENT as Client, CLIENT_QUERIES as Queries
           | fields Client, Queries</query>
    <earliest>$time.earliest$</earliest>
    <latest>$time.latest$</latest>
  </search>
  <row>
    <panel>
      <chart depends="$show_chart$">
        <search base="base_search">
          <query>| noop</query>
        </search>
        <option name="charting.chart">bar</option>
        <option name="charting.drilldown">none</option>
        <option name="charting.axisTitleX.text">Client</option>
        <option name="charting.axisTitleY.text">Queries</option>
        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
        <option name="charting.axisTitleX.visibility">visible</option>
        <option name="charting.axisTitleY.visibility">visible</option>
        <option name="charting.axisTitleY2.visibility">visible</option>
        <option name="charting.axisX.scale">linear</option>
        <option name="charting.axisY.scale">linear</option>
        <option name="charting.axisY2.enabled">0</option>
        <option name="charting.axisY2.scale">inherit</option>
        <option name="charting.chart.bubbleMaximumSize">50</option>
        <option name="charting.chart.bubbleMinimumSize">10</option>
        <option name="charting.chart.bubbleSizeBy">area</option>
        <option name="charting.chart.nullValueMode">gaps</option>
        <option name="charting.chart.showDataLabels">none</option>
        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
        <option name="charting.chart.stackMode">default</option>
        <option name="charting.chart.style">shiny</option>
        <option name="charting.layout.splitSeries">0</option>
        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
        <option name="charting.legend.placement">right</option>
      </chart>
    </panel>
  </row>
  <row>
    <panel>
      <table depends="$show_table$">
        <search base="base_search">
          <query>| noop</query>
        </search>
        <option name="rowNumbers">true</option>
        <option name="drilldown">none</option>
      </table>
    </panel>
  </row>
</form>

 

Re: DNS Top Clients (Host) with IP filter

LEdwards
Techie
Posts: 8
4319     3

this worked for me thanks!

DNS Top Clients by grid member

samjha
Techie
Posts: 2
4319     3

Hi Team,

 

Newbie in infoblox community, How do we make report which should populate one by one DNS top clients by grid member.

 

<search id="base_search">
    <query>index=ib_dns_summary report=si_dns_top_clients
           $members$
           $dns_view_str$
           | stats sum(COUNT) as CLIENT_QUERIES by CLIENT
           | sort -CLIENT_QUERIES
           | head $topn$
           | eventstats sum(CLIENT_QUERIES) as TOTAL
           | eval PERCENT=round(CLIENT_QUERIES*100/TOTAL,1)
           | eval PCLIENT=CLIENT+" ("+PERCENT+"%)"
           | rename PCLIENT as Client, CLIENT_QUERIES as Queries
           | fields Client, Queries</query>
    <earliest>$time.earliest$</earliest>
    <latest>$time.latest$</latest>
  </search>

 

Please help me to create it.

Re: DNS Top Clients by grid member

Adviser
Posts: 77
4319     3

Hello Samjha,

 

Sorry that this question was left unanswered. I guess you don’t have to create a separate XML for that. Roger’s post above does cover your requirement too. Check out the snip below :

 

 pic5.JPG

 

Please feel free to post questions if any.

 

Best regards,

Mohammed Alman.

 

 

Showing results for 
Search instead for 
Do you mean 

Recommended for You