Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Reporting

Reply

Metrics Dashboard

[ Edited ]
Adviser
Posts: 31
6577     0

In the interest of collecting Grid DNS/DHCP/IPAM performance and capacity metrics, I am sharing a dashboard I created that pulls together a number of data points into a single dashboard view. Some of these require certain functions such as Network Insight and of course they do require the associated reporting indexing to be enabled. There are also 30 day reports that have a dependency on Reporting functions only available in NIOS 8.5 or newer.

 

The Dashboard includes:

 

Total number of DNS Zones

 

Total DHCP Leases per Month

 

Total DNS Queries per Month

 

Total Number of Active IP Addresses (requires Network Insight)

 

Total Number of Networks (requires Network Insight)

 

Reporting Disk Utilization

 

Device Type Counts (End Hosts, Network Devices) (requires Network Insight)

 

Total Allocated IP Addresses

 

DHCP Usage for 30 Days  (requires 8.5+)

 

DNS QPS Usage for 30 Days (requires 8.5+)

 

 

To load this dashboard, create a new Reporting Dashboard in your Reporting and copy/paste the below into the XML source:

 

 

<dashboard>
<label>Metrics Collection</label>
<row>
<panel>
<table>
<title>Total DNS Zones</title>
<search>
<query>sourcetype=ib:dns:view index=ib_ipam | eval TotalZones=zones_forward+zones_ipv4+zones_ipv6 | stats sum(TotalZones) as TotalZones</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
</table>
</panel>
</row>
<row>
<panel>
<table>
<title>DHCP Leases per Month</title>
<search>
<query>sourcetype=ib:dhcp:lease_history index=ib_dhcp_lease_history earliest=-30d dhcpd OR dhcpdv6 r-l-e | rename ACTION as "Action" | stats count(eval(Action="Issued")) AS ISSUED, count(eval(Action="Reserved")) AS RESERVED, count(eval(Action="Abandoned")) AS ABANDONED, count(eval(Action="Freed")) AS Freed, count(eval(Action="Renewed")) AS RENEWED, count(eval(Action="Fixed")) AS FIXED</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
</table>
</panel>
</row>
<row>
<panel>
<table>
<title>DNS Queries per Month</title>
<search>
<query>index=ib_dns sourcetype=ib:dns:query:by_member | bucket span=1mon _time |stats sum(QCOUNT) as QCOUNT by _time</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
</table>
</panel>
</row>
<row>
<panel>
<table>
<title>Total Number of IP Addresses</title>
<search>
<query>source=ib:ipam:ip_address_inventory index=ib_ipam | sort 0 -_time, +ip(ip_address)
| fillnull value=""
| dedup network_view ip_address | stats count(ip_address) as IPADDRCOUNT</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
</table>
</panel>
</row>
<row>
<panel>
<table>
<title>Total Number of Networks</title>
<search>
<query>sourcetype=ib:ipam:network index=ib_ipam | sort 0 -_time, +ip(address) |
fillnull value=""
| dedup view address cidr | stats count(address) as NETWORKCOUNT</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
</table>
</panel>
</row>
<row>
<panel>
<table>
<title>Reporting Disk Utilization</title>
<search>
<query>| rest /services/server/status/partitions-space | eval free = if(isnotnull(available), available, free) | eval usage = capacity - free | eval pct_usage = floor(usage / capacity * 100) | stats first(fs_type) as fs_type first(capacity) as capacity first(usage) as usage first(pct_usage) as pct_usage by mount_point | eval usage=round(usage / 1024, 2) | eval capacity=round(capacity / 1024, 2) | rename mount_point as "Mount Point", fs_type as "File System Type", usage as "Usage (GB)", capacity as "Capacity (GB)", pct_usage as "Usage (%)"</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
</table>
</panel>
</row>
<row>
<panel>
<title>Device Type Count</title>
<table>
<search>
<query>source=ib:discovery:device_inventory index=ib_discovery











| dedup ip_address
| eval last_seen=strftime(last_seen,"%Y-%m-%d %H:%M:%S")
| eval first_seen=strftime(first_seen,"%Y-%m-%d %H:%M:%S")
| stats count by device_type</query>
<earliest>0</earliest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">20</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">none</option>
<option name="percentagesRow">false</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
</table>
</panel>
</row>
<row>
<panel>
<title>Total Allocated IP Addresses</title>
<table>
<search>
<query>index=ib_ipam sourcetype=ib:ipam:network
| bin _time span=1d
| eval mydate=strftime(_time, "%Y%m%d")
| eval dedup_key=view."/".address."/".cidr
| dedup mydate, dedup_key
| timechart span=1d sum(address_alloc) as value
| fillnull value=0</query>
<earliest>-1d</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">20</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">none</option>
<option name="percentagesRow">false</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
</table>
</panel>
</row>
<row>
<panel>
<title>DHCP Usage 30 Days</title>
<chart>
<search>
<query>index=ib_usage_count report=si_usage_count_member_dhcp_lps_trend_per_5days
| stats max(LCOUNT) as stats_COUNT by _time
| sort _time
| streamstats window=5 avg(stats_COUNT) as Peak_LPM
| eval Date=strftime(_time, "%a %b %e"),"5-Day Average Peak LPS"=round((Peak_LPM/60),3)
| table Date, "5-Day Average Peak LPS"</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.abbreviation">none</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.abbreviation">none</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.abbreviation">none</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">line</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">none</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.mode">standard</option>
<option name="charting.legend.placement">right</option>
<option name="charting.lineWidth">2</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
</chart>
</panel>
</row>
<row>
<panel>
<title>DNS QPS Usage 30 Days</title>
<chart>
<search>
<query>index=ib_usage_count report=si_usage_count_member_qps_trend_per_5days
| stats max(QCOUNT) as stats_COUNT by _time |eval stats_COUNT = stats_COUNT/1000
| sort _time
| streamstats window=5 avg(stats_COUNT) as Peak_QPM
| eval Date=strftime(_time, "%a %b %e"),"5-Day Average Peak kQPS"=round((Peak_QPM/60),3)
| table Date, "5-Day Average Peak kQPS"</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.abbreviation">none</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.abbreviation">none</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.abbreviation">none</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">line</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">none</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.mode">standard</option>
<option name="charting.legend.placement">right</option>
<option name="charting.lineWidth">2</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
</chart>
</panel>
</row>
</dashboard>

 

Steve S.

Re: Metrics Dashboard

Adviser
Posts: 31
6577     0

I cleaned up the DHCP Leases per Month panel to streamline the evaluations and provide the end results in a more concise format. Thank you Marco!

Steve S.

Re: Metrics Dashboard

New Member
Posts: 2
6577     0

Hi, 

 

I tried to create the dashboard but it's stuck on saving for eternity.

Can you suggest what to do?

 

TIA

Re: Metrics Dashboard

Adviser
Posts: 31
6578     0

Here is a different version of a Metrics Collection dashboard (Metrics Collection 2.0) which focuses on the following:

 

DHCP Usage Last Year (8.5 or newer)

 

DNS QPS Usage Last Year (8.5 or newer)

 

Active IP Addresses per Day

 

DNS Daily Peak Hour Query Rate by Member

 

DNS Daily Query Rate by Member

 

DNS Query Rate by Member

 

Total Zones in Grid

 

<dashboard>
  <label>Metrics Collection 2.0</label>
  <row>
    <panel>
      <title>DHCP Usage Last Year</title>
      <chart>
        <search>
          <query>index=ib_usage_count report=si_usage_count_member_dhcp_lps_trend_per_5days
                 | stats max(LCOUNT) as stats_COUNT by _time
                 | sort _time
                 | streamstats window=5 avg(stats_COUNT) as Peak_LPM
                 | eval Date=strftime(_time, "%a %b %e"),"5-Day Average Peak LPS"=round((Peak_LPM/60),3)
                 | table Date, "5-Day Average Peak LPS"</query>
          <earliest>-365d@d</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
        <option name="charting.axisTitleX.visibility">visible</option>
        <option name="charting.axisTitleY.visibility">visible</option>
        <option name="charting.axisTitleY2.visibility">visible</option>
        <option name="charting.axisX.abbreviation">none</option>
        <option name="charting.axisX.scale">linear</option>
        <option name="charting.axisY.abbreviation">none</option>
        <option name="charting.axisY.scale">linear</option>
        <option name="charting.axisY2.abbreviation">none</option>
        <option name="charting.axisY2.enabled">0</option>
        <option name="charting.axisY2.scale">inherit</option>
        <option name="charting.chart">line</option>
        <option name="charting.chart.bubbleMaximumSize">50</option>
        <option name="charting.chart.bubbleMinimumSize">10</option>
        <option name="charting.chart.bubbleSizeBy">area</option>
        <option name="charting.chart.nullValueMode">gaps</option>
        <option name="charting.chart.showDataLabels">none</option>
        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
        <option name="charting.chart.stackMode">default</option>
        <option name="charting.chart.style">shiny</option>
        <option name="charting.drilldown">none</option>
        <option name="charting.layout.splitSeries">0</option>
        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
        <option name="charting.legend.mode">standard</option>
        <option name="charting.legend.placement">right</option>
        <option name="charting.lineWidth">2</option>
        <option name="trellis.enabled">0</option>
        <option name="trellis.scales.shared">1</option>
        <option name="trellis.size">medium</option>
      </chart>
    </panel>
  </row>
  <row>
    <panel>
      <title>DNS QPS Usage Last Year</title>
      <chart>
        <search>
          <query>index=ib_usage_count report=si_usage_count_member_qps_trend_per_5days
                 | stats max(QCOUNT) as stats_COUNT by _time |eval stats_COUNT = stats_COUNT/1000
                 | sort _time
                 | streamstats window=5 avg(stats_COUNT) as Peak_QPM
                 | eval Date=strftime(_time, "%a %b %e"),"5-Day Average Peak kQPS"=round((Peak_QPM/60),3)
                 | table Date, "5-Day Average Peak kQPS"</query>
          <earliest>-365d@d</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
        <option name="charting.axisTitleX.visibility">visible</option>
        <option name="charting.axisTitleY.visibility">visible</option>
        <option name="charting.axisTitleY2.visibility">visible</option>
        <option name="charting.axisX.abbreviation">none</option>
        <option name="charting.axisX.scale">linear</option>
        <option name="charting.axisY.abbreviation">none</option>
        <option name="charting.axisY.scale">linear</option>
        <option name="charting.axisY2.abbreviation">none</option>
        <option name="charting.axisY2.enabled">0</option>
        <option name="charting.axisY2.scale">inherit</option>
        <option name="charting.chart">line</option>
        <option name="charting.chart.bubbleMaximumSize">50</option>
        <option name="charting.chart.bubbleMinimumSize">10</option>
        <option name="charting.chart.bubbleSizeBy">area</option>
        <option name="charting.chart.nullValueMode">gaps</option>
        <option name="charting.chart.showDataLabels">none</option>
        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
        <option name="charting.chart.stackMode">default</option>
        <option name="charting.chart.style">shiny</option>
        <option name="charting.drilldown">none</option>
        <option name="charting.layout.splitSeries">0</option>
        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
        <option name="charting.legend.mode">standard</option>
        <option name="charting.legend.placement">right</option>
        <option name="charting.lineWidth">2</option>
        <option name="trellis.enabled">0</option>
        <option name="trellis.scales.shared">1</option>
        <option name="trellis.size">medium</option>
      </chart>
    </panel>
  </row>
  <row>
    <panel>
      <title>Active IP Addresses per day</title>
      <chart>
        <search>
          <query>index=ib_ipam_summary report=si_ipam_address_usage_trend_per_5days                  | eval Peak_IPV4=IPV4_COUNT, Peak_IPV6=IPV6_COUNT, Peak_Total=TOTAL_COUNT       | eval "Time"=strftime(_time, "%m/%d/%Y:%H:%M:%S")           | streamstats window=5 avg(Peak_IPV4) as Avg_IPv4_Count, avg(Peak_IPV6) as Avg_IPv6_Count, avg(Peak_Total) as Avg_Total_Count                  | sort _time | rename IPV4_COUNT as "IPv4 Count", IPV6_COUNT as "IPv6 Count", TOTAL_COUNT as "Total Count"                  | table "Time", "IPv4 Count", "IPv6 Count", "Total Count"</query>
          <earliest>-365d@d</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
        <option name="charting.axisTitleX.visibility">visible</option>
        <option name="charting.axisTitleY.visibility">visible</option>
        <option name="charting.axisTitleY2.visibility">visible</option>
        <option name="charting.axisX.abbreviation">none</option>
        <option name="charting.axisX.scale">linear</option>
        <option name="charting.axisY.abbreviation">none</option>
        <option name="charting.axisY.scale">linear</option>
        <option name="charting.axisY2.abbreviation">none</option>
        <option name="charting.axisY2.enabled">0</option>
        <option name="charting.axisY2.scale">inherit</option>
        <option name="charting.chart">line</option>
        <option name="charting.chart.bubbleMaximumSize">50</option>
        <option name="charting.chart.bubbleMinimumSize">10</option>
        <option name="charting.chart.bubbleSizeBy">area</option>
        <option name="charting.chart.nullValueMode">gaps</option>
        <option name="charting.chart.showDataLabels">none</option>
        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
        <option name="charting.chart.stackMode">default</option>
        <option name="charting.chart.style">shiny</option>
        <option name="charting.drilldown">none</option>
        <option name="charting.layout.splitSeries">0</option>
        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
        <option name="charting.legend.mode">standard</option>
        <option name="charting.legend.placement">right</option>
        <option name="charting.lineWidth">2</option>
        <option name="trellis.enabled">0</option>
        <option name="trellis.scales.shared">1</option>
        <option name="trellis.size">medium</option>
      </chart>
    </panel>
  </row>
  <row>
    <panel>
      <title>DNS Daily Peak Hour Query Rate by Member</title>
      <table>
        <search>
          <query>index=ib_dns_summary report=si_dns_member_qps_trend_per_hour | lookup dns_viewkey_displayname_lookup VIEW output display_name | rename orig_host as host | msservers MS_SERVER  | eval source_host=if(MS_SERVER !="", coalesce(ms_resolved_names,ms_resolved_ips),host) | stats avg(QCOUNT) as avg_COUNT, max(QCOUNT) as max_COUNT by _time source_host VIEW | bucket span=1d _time | streamstats max(avg_COUNT) as MAX_AVG_COUNT by _time, source_host, VIEW | eval avg_COUNT = if (avg_COUNT == MAX_AVG_COUNT, avg_COUNT, 0) | eval max_COUNT = if (avg_COUNT == MAX_AVG_COUNT, max_COUNT, 0) | stats max(avg_COUNT) as avg_COUNT, max(max_COUNT) as max_COUNT by _time, source_host, VIEW | timechart span=1d eval(max(max_COUNT)/600) by source_host where max in top5 useother=f | interpolate 172800</query>
          <earliest>-7d@d</earliest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="percentagesRow">false</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
      </table>
    </panel>
  </row>
  <row>
    <panel>
      <title>DNS Daily Query Rate by Member</title>
      <table>
        <search>
          <query>index=ib_dns_summary report=si_dns_member_qps_trend_per_day | lookup dns_viewkey_displayname_lookup VIEW output display_name | rename orig_host as host | msservers MS_SERVER  | eval source_host=if(MS_SERVER !="", coalesce(ms_resolved_names,ms_resolved_ips),host) | stats avg(QCOUNT) as avg_COUNT, max(QCOUNT) as max_COUNT by source_host VIEW _time | timechart span=1d eval(max(max_COUNT)/3600) by source_host where max in top5 useother=f | interpolate 172800</query>
          <earliest>-365d@d</earliest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="percentagesRow">false</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
      </table>
    </panel>
  </row>
  <row>
    <panel>
      <title>DNS Query Rate by Member</title>
      <table>
        <search>
          <query>index=ib_dns_summary report=si_dns_member_qps_trend | lookup dns_viewkey_displayname_lookup VIEW output display_name | rename orig_host as host | msservers MS_SERVER  | eval source_host=if(MS_SERVER !="", coalesce(ms_resolved_names,ms_resolved_ips),host) | stats sum(QCOUNT) as QCOUNT by _time source_host | timechart bins=1000 eval(avg(QCOUNT)/600) by source_host where max in top5 useother=f | interpolate 1200</query>
          <earliest>-365d</earliest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="percentagesRow">false</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
      </table>
    </panel>
  </row>
  <row>
    <panel>
      <title>Total Zones in Grid</title>
      <chart>
        <search>
          <query>sourcetype=ib:dns:view index=ib_ipam | bucket span=1mon _time | dedup view | eval TotalZones=zones_forward+zones_ipv4+zones_ipv6+zones_signed | stats sum(TotalZones) as TotalZones by _time</query>
          <earliest>-7d@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
        <option name="charting.axisTitleX.visibility">visible</option>
        <option name="charting.axisTitleY.visibility">visible</option>
        <option name="charting.axisTitleY2.visibility">visible</option>
        <option name="charting.axisX.abbreviation">none</option>
        <option name="charting.axisX.scale">linear</option>
        <option name="charting.axisY.abbreviation">none</option>
        <option name="charting.axisY.scale">linear</option>
        <option name="charting.axisY2.abbreviation">none</option>
        <option name="charting.axisY2.enabled">0</option>
        <option name="charting.axisY2.scale">inherit</option>
        <option name="charting.chart">line</option>
        <option name="charting.chart.bubbleMaximumSize">50</option>
        <option name="charting.chart.bubbleMinimumSize">10</option>
        <option name="charting.chart.bubbleSizeBy">area</option>
        <option name="charting.chart.nullValueMode">gaps</option>
        <option name="charting.chart.showDataLabels">none</option>
        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
        <option name="charting.chart.stackMode">default</option>
        <option name="charting.chart.style">shiny</option>
        <option name="charting.drilldown">none</option>
        <option name="charting.layout.splitSeries">0</option>
        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
        <option name="charting.legend.mode">standard</option>
        <option name="charting.legend.placement">right</option>
        <option name="charting.lineWidth">2</option>
        <option name="trellis.enabled">0</option>
        <option name="trellis.scales.shared">1</option>
        <option name="trellis.size">medium</option>
      </chart>
    </panel>
  </row>
</dashboard>
Steve S.

Re: Metrics Dashboard

Moderator
Moderator
Posts: 32
6578     0

Here is a another version of a Metrics Collection dashboard (Metrics Collection 3.0) which contain the same reports as the previous post but the default values for reports 4, 5, and 6 are 1 Year; default Top N values for reports 4 and 5 are 500 and reports 4, 5, 6 have been changed to Stacked Area.

 

1. DHCP Usage Last Year (8.5 or newer)

2. DNS QPS Usage Last Year (8.5 or newer)

3. Active IP Addresses per Day

4. DNS Daily Peak Hour Query Rate by Member

5. DNS Daily Query Rate by Member

6. DNS Query Rate by Member

7. Total Zones in Grid

 

<dashboard>
  <label>Metrics Collection 3.0</label>
  <row>
    <panel>
      <title>DHCP Usage Last Year</title>
      <chart>
        <search>
          <query>index=ib_usage_count report=si_usage_count_member_dhcp_lps_trend_per_5days
                 | stats max(LCOUNT) as stats_COUNT by _time
                 | sort _time
                 | streamstats window=5 avg(stats_COUNT) as Peak_LPM
                 | eval Date=strftime(_time, "%a %b %e"),"5-Day Average Peak LPS"=round((Peak_LPM/60),3)
                 | table Date, "5-Day Average Peak LPS"</query>
          <earliest>-365d@d</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
        <option name="charting.axisTitleX.visibility">visible</option>
        <option name="charting.axisTitleY.visibility">visible</option>
        <option name="charting.axisTitleY2.visibility">visible</option>
        <option name="charting.axisX.abbreviation">none</option>
        <option name="charting.axisX.scale">linear</option>
        <option name="charting.axisY.abbreviation">none</option>
        <option name="charting.axisY.scale">linear</option>
        <option name="charting.axisY2.abbreviation">none</option>
        <option name="charting.axisY2.enabled">0</option>
        <option name="charting.axisY2.scale">inherit</option>
        <option name="charting.chart">line</option>
        <option name="charting.chart.bubbleMaximumSize">50</option>
        <option name="charting.chart.bubbleMinimumSize">10</option>
        <option name="charting.chart.bubbleSizeBy">area</option>
        <option name="charting.chart.nullValueMode">gaps</option>
        <option name="charting.chart.showDataLabels">none</option>
        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
        <option name="charting.chart.stackMode">default</option>
        <option name="charting.chart.style">shiny</option>
        <option name="charting.drilldown">none</option>
        <option name="charting.layout.splitSeries">0</option>
        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
        <option name="charting.legend.mode">standard</option>
        <option name="charting.legend.placement">right</option>
        <option name="charting.lineWidth">2</option>
        <option name="trellis.enabled">0</option>
        <option name="trellis.scales.shared">1</option>
        <option name="trellis.size">medium</option>
      </chart>
    </panel>
  </row>
  <row>
    <panel>
      <title>DNS kQPS Usage Last Year</title>
      <chart>
        <search>
          <query>index=ib_usage_count report=si_usage_count_member_qps_trend_per_5days
                 | stats max(QCOUNT) as stats_COUNT by _time |eval stats_COUNT = stats_COUNT/1000
                 | sort _time
                 | streamstats window=5 avg(stats_COUNT) as Peak_QPM
                 | eval Date=strftime(_time, "%a %b %e"),"5-Day Average Peak kQPS"=round((Peak_QPM/60),3)
                 | table Date, "5-Day Average Peak kQPS"</query>
          <earliest>-365d@d</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
        <option name="charting.axisTitleX.visibility">visible</option>
        <option name="charting.axisTitleY.visibility">visible</option>
        <option name="charting.axisTitleY2.visibility">visible</option>
        <option name="charting.axisX.abbreviation">none</option>
        <option name="charting.axisX.scale">linear</option>
        <option name="charting.axisY.abbreviation">none</option>
        <option name="charting.axisY.scale">linear</option>
        <option name="charting.axisY2.abbreviation">none</option>
        <option name="charting.axisY2.enabled">0</option>
        <option name="charting.axisY2.scale">inherit</option>
        <option name="charting.chart">line</option>
        <option name="charting.chart.bubbleMaximumSize">50</option>
        <option name="charting.chart.bubbleMinimumSize">10</option>
        <option name="charting.chart.bubbleSizeBy">area</option>
        <option name="charting.chart.nullValueMode">gaps</option>
        <option name="charting.chart.showDataLabels">none</option>
        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
        <option name="charting.chart.stackMode">default</option>
        <option name="charting.chart.style">shiny</option>
        <option name="charting.drilldown">none</option>
        <option name="charting.layout.splitSeries">0</option>
        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
        <option name="charting.legend.mode">standard</option>
        <option name="charting.legend.placement">right</option>
        <option name="charting.lineWidth">2</option>
        <option name="trellis.enabled">0</option>
        <option name="trellis.scales.shared">1</option>
        <option name="trellis.size">medium</option>
      </chart>
    </panel>
  </row>
  <row>
    <panel>
      <title>Active IP Addresses per day</title>
      <chart>
        <search>
          <query>index=ib_ipam_summary report=si_ipam_address_usage_trend_per_5days                  | eval Peak_IPV4=IPV4_COUNT, Peak_IPV6=IPV6_COUNT, Peak_Total=TOTAL_COUNT       | eval "Time"=strftime(_time, "%m/%d/%Y:%H:%M:%S")           | streamstats window=5 avg(Peak_IPV4) as Avg_IPv4_Count, avg(Peak_IPV6) as Avg_IPv6_Count, avg(Peak_Total) as Avg_Total_Count                  | sort _time | rename IPV4_COUNT as "IPv4 Count", IPV6_COUNT as "IPv6 Count", TOTAL_COUNT as "Total Count"                  | table "Time", "IPv4 Count", "IPv6 Count", "Total Count"</query>
          <earliest>-365d@d</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
        <option name="charting.axisTitleX.visibility">visible</option>
        <option name="charting.axisTitleY.visibility">visible</option>
        <option name="charting.axisTitleY2.visibility">visible</option>
        <option name="charting.axisX.abbreviation">none</option>
        <option name="charting.axisX.scale">linear</option>
        <option name="charting.axisY.abbreviation">none</option>
        <option name="charting.axisY.scale">linear</option>
        <option name="charting.axisY2.abbreviation">none</option>
        <option name="charting.axisY2.enabled">0</option>
        <option name="charting.axisY2.scale">inherit</option>
        <option name="charting.chart">line</option>
        <option name="charting.chart.bubbleMaximumSize">50</option>
        <option name="charting.chart.bubbleMinimumSize">10</option>
        <option name="charting.chart.bubbleSizeBy">area</option>
        <option name="charting.chart.nullValueMode">gaps</option>
        <option name="charting.chart.showDataLabels">none</option>
        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
        <option name="charting.chart.stackMode">default</option>
        <option name="charting.chart.style">shiny</option>
        <option name="charting.drilldown">none</option>
        <option name="charting.layout.splitSeries">0</option>
        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
        <option name="charting.legend.mode">standard</option>
        <option name="charting.legend.placement">right</option>
        <option name="charting.lineWidth">2</option>
        <option name="trellis.enabled">0</option>
        <option name="trellis.scales.shared">1</option>
        <option name="trellis.size">medium</option>
      </chart>
    </panel>
  </row>
  <row>
    <panel>
      <title>DNS Daily Peak Hour Query Rate by Member</title>
      <chart>
        <search>
          <query>index=ib_dns_summary report=si_dns_member_qps_trend_per_hour | lookup dns_viewkey_displayname_lookup VIEW output display_name | rename orig_host as host | msservers MS_SERVER  | eval source_host=if(MS_SERVER !="", coalesce(ms_resolved_names,ms_resolved_ips),host) | stats avg(QCOUNT) as avg_COUNT, max(QCOUNT) as max_COUNT by _time source_host VIEW | bucket span=1d _time | streamstats max(avg_COUNT) as MAX_AVG_COUNT by _time, source_host, VIEW | eval avg_COUNT = if (avg_COUNT == MAX_AVG_COUNT, avg_COUNT, 0) | eval max_COUNT = if (avg_COUNT == MAX_AVG_COUNT, max_COUNT, 0) | stats max(avg_COUNT) as avg_COUNT, max(max_COUNT) as max_COUNT by _time, source_host, VIEW | timechart span=1d eval(max(max_COUNT)/600) by source_host where max in top500 useother=f | interpolate 172800</query>
          <earliest>-365d@d</earliest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="charting.chart">area</option>
        <option name="charting.chart.stackMode">stacked</option>
      </chart>
    </panel>
  </row>
  <row>
    <panel>
      <title>DNS Daily Query Rate by Member</title>
      <chart>
        <search>
          <query>index=ib_dns_summary report=si_dns_member_qps_trend_per_day | lookup dns_viewkey_displayname_lookup VIEW output display_name | rename orig_host as host | msservers MS_SERVER  | eval source_host=if(MS_SERVER !="", coalesce(ms_resolved_names,ms_resolved_ips),host) | stats avg(QCOUNT) as avg_COUNT, max(QCOUNT) as max_COUNT by source_host VIEW _time | timechart span=1d eval(max(max_COUNT)/3600) by source_host where max in top500 useother=f | interpolate 172800</query>
          <earliest>-365d@d</earliest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="charting.chart">area</option>
        <option name="charting.chart.stackMode">stacked</option>
      </chart>
    </panel>
  </row>
  <row>
    <panel>
      <title>DNS Query Rate by Member</title>
      <chart>
        <search>
          <query>index=ib_dns_summary report=si_dns_member_qps_trend | lookup dns_viewkey_displayname_lookup VIEW output display_name | rename orig_host as host | msservers MS_SERVER  | eval source_host=if(MS_SERVER !="", coalesce(ms_resolved_names,ms_resolved_ips),host) | stats sum(QCOUNT) as QCOUNT by _time source_host | timechart bins=1000 eval(avg(QCOUNT)/600) by source_host where max in top500 useother=f | interpolate 1200</query>
          <earliest>-365d</earliest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="charting.chart">area</option>
        <option name="charting.chart.stackMode">stacked</option>
      </chart>
    </panel>
  </row>
  <row>
    <panel>
      <title>Total Zones in Grid</title>
      <chart>
        <search>
          <query>sourcetype=ib:dns:view index=ib_ipam | bucket span=1mon _time | dedup view | eval TotalZones=zones_forward+zones_ipv4+zones_ipv6+zones_signed | stats sum(TotalZones) as TotalZones by _time</query>
          <earliest>-7d@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
        <option name="charting.axisTitleX.visibility">visible</option>
        <option name="charting.axisTitleY.visibility">visible</option>
        <option name="charting.axisTitleY2.visibility">visible</option>
        <option name="charting.axisX.abbreviation">none</option>
        <option name="charting.axisX.scale">linear</option>
        <option name="charting.axisY.abbreviation">none</option>
        <option name="charting.axisY.scale">linear</option>
        <option name="charting.axisY2.abbreviation">none</option>
        <option name="charting.axisY2.enabled">0</option>
        <option name="charting.axisY2.scale">inherit</option>
        <option name="charting.chart">line</option>
        <option name="charting.chart.bubbleMaximumSize">50</option>
        <option name="charting.chart.bubbleMinimumSize">10</option>
        <option name="charting.chart.bubbleSizeBy">area</option>
        <option name="charting.chart.nullValueMode">gaps</option>
        <option name="charting.chart.showDataLabels">none</option>
        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
        <option name="charting.chart.stackMode">default</option>
        <option name="charting.chart.style">shiny</option>
        <option name="charting.drilldown">none</option>
        <option name="charting.layout.splitSeries">0</option>
        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
        <option name="charting.legend.mode">standard</option>
        <option name="charting.legend.placement">right</option>
        <option name="charting.lineWidth">2</option>
        <option name="trellis.enabled">0</option>
        <option name="trellis.scales.shared">1</option>
        <option name="trellis.size">medium</option>
      </chart>
    </panel>
  </row>
</dashboard>
@DaveSignori
Showing results for 
Search instead for 
Did you mean: 

Recommended for You