Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Reporting

Reply

Value Metrics Dashboard

[ Edited ]
Moderator
Moderator
Posts: 32
8375     2

Here's a Dashboard to show the value you're getting out of NIOS for DDI.  It's also a great tool for capacity planning.  I've included the details of the reports below but in a nutshell, you'll get metrics back on DNS query per second (QPS) trends, DHCP Lease usage, active and allocated IP Address counts and trends, zones, Reporting disk utilization and network discovery data (if you have Discovery).  Please feel free to comment on other value metrics that you'd find beneficial or let us know if you have questions on changing the parameters.  I encourage you to share this report with your Infoblox sales engineer for future capacity planning and design considerations.

 

The dashboard is easy to install and run:

  1. Click Reporting -> Dashboards -> Create New Dashboard
  2. Enter a temporary value for Title (this will be overwritten in a subsequent step) -> click Create Dashboard
  3. Click Source or Edit Source (depending on the NIOS version you are running)
  4. Copy the entire contents of the XML below and completely replace the XML source of the newly created Dashboard
  5. Optionally change the value of the <label> and <description> tags at the top of the XML.  By default the Dashboard will be called "Metrics Collection 7.0" with a description of "Value Metrics Collections and Capacity Planning".
  6. Click Save

 

That's it!

 

After it runs you can export to PDF to share out.

 

Description of each report by default.  All report panels report on grid wide values.

 

DNS Daily Peak Hour Query Rate by Member - Last 30 Days

  • DNS Query rate (QPS) at the busiest hour within a day. One data point per day.

 

DNS Query Rate by Member - Last 7 Days

  • QPS plotted every 10 minutes.

 

Active IP Addresses Per Day - Last 365 Days

  • Max number of Active IP addresses plotted once per day. An active IP Address is one that is found in a current DHCP Lease, in a fixed or DNS record, or that has been discovered.  Splits out by IPv4, IPv6, and Total.

 

Total DNS Zones

  • Number of zones defined.

 

DHCP Lease Counts - Last 30 Days

  • The total number of leases split out by Issued, Reserved, Abandoned, Freed, Renewed, and Fixed over the last 30 days.

 

DNS Query Count - Last 30 Days

  • The total DNS query count over the last 30 days.

 

Reporting Disk Utilization

  • The capacity (GB), usage (GB) and utilization (%) of each of the file systems used for Reporting

 

Total Allocated IP Addresses

  • Allocated IP Addresses have a Status value of 'Used'.  This will be a superset of the Active IP Addresses because it also includes Reservations and IP Addresses with a Lease State that is not 'Active'.

 

Total Number of Discovered IP Addresses (requires Discovery)

  • Total number of IP Addresses that have been discovered.  Requires Network Insight or NetMRI with IPAM Sync configured.  Report will be empty if Discovery is not deployed.

 

Total Number of Discovered Networks (requires Discovery)

  • Total number of networks that have been discovered.  Requires Network Insight or NetMRI with IPAM Sync configured.  Report will be empty if Discovery is not deployed.

 

Discovered Device Type Count (requires Discovery)

  • Total number of network devices that have been discovered split out by device type.  Requires Network Insight or NetMRI with IPAM Sync configured.  Report will be empty if Discovery is not deployed.

 

DHCP Usage - Last 365 Days (Requires 8.5+)

  • Measures every 10 min for a Leases per second (LPS) count and records a max for the day. Then displays the 5 day rolling average of those maxes. One data point per day.  Report will be empty if not on 8.5 or later code.

 

DNS kQPS Usage - Last 365 Days (Requires 8.5+)

  • Measures every 10 min for a kQuery per second (kQPS) count and records a max for the day. Then displays the 5 day rolling average of those maxes. One data point per day.  Report will be empty if not on 8.5 or later code.

 

IP Address Usage - Last 365 Days (Requires 8.5+)

  • Measures every 10 min for number of active IP addresses and records a max for the day. An active IP address is one that has been discovered, is in a fixed or DNS record or is in an active DHCP lease.  Then displays the 5 day rolling average of those maxes. One data point per day.  Report will be empty if not on 8.5 or later code.

 

XML to copy:

 

<dashboard>
  <label>Metrics Collection 7.0</label>
  <description>Value Metrics Collections and Capacity Planning</description>
  <row>
    <panel>
      <title>DNS Daily Peak Hour Query Rate by Member - Last 30 Days</title>
      <chart>
        <search>
          <query>index=ib_dns_summary report=si_dns_member_qps_trend_per_hour | lookup dns_viewkey_displayname_lookup VIEW output display_name | rename orig_host as host | msservers MS_SERVER  | eval source_host=if(MS_SERVER !="", coalesce(ms_resolved_names,ms_resolved_ips),host) | stats avg(QCOUNT) as avg_COUNT, max(QCOUNT) as max_COUNT by _time source_host VIEW | bucket span=1d _time | streamstats max(avg_COUNT) as MAX_AVG_COUNT by _time, source_host, VIEW | eval avg_COUNT = if (avg_COUNT == MAX_AVG_COUNT, avg_COUNT, 0) | eval max_COUNT = if (avg_COUNT == MAX_AVG_COUNT, max_COUNT, 0) | stats max(avg_COUNT) as avg_COUNT, max(max_COUNT) as max_COUNT by _time, source_host, VIEW | timechart span=1d eval(max(max_COUNT)/600) by source_host where max in top500 useother=f | interpolate 172800</query>
          <earliest>-30d@d</earliest>
          <sampleRatio>1</sampleRatio>
        </search>
<option name="charting.legend.placement">none</option> <option name="charting.chart">area</option> <option name="charting.chart.stackMode">stacked</option> </chart> </panel> </row> <row> <panel> <title>DNS Query Rate by Member - Last 7 Days</title> <chart> <search> <query>index=ib_dns_summary report=si_dns_member_qps_trend | lookup dns_viewkey_displayname_lookup VIEW output display_name | rename orig_host as host | msservers MS_SERVER | eval source_host=if(MS_SERVER !="", coalesce(ms_resolved_names,ms_resolved_ips),host) | stats sum(QCOUNT) as QCOUNT by _time source_host | timechart bins=1000 eval(avg(QCOUNT)/600) by source_host where max in top500 useother=f | interpolate 1200</query> <earliest>-7d@d</earliest> <sampleRatio>1</sampleRatio> </search>
<option name="charting.legend.placement">none</option> <option name="charting.chart">area</option> <option name="charting.chart.stackMode">stacked</option> </chart> </panel> </row> <row> <panel> <title>Active IP Addresses Per Day - Last 365 Days</title> <chart> <search> <query>index=ib_ipam_summary report=si_ipam_address_usage_trend_per_5days | eval Peak_IPV4=IPV4_COUNT, Peak_IPV6=IPV6_COUNT, Peak_Total=TOTAL_COUNT | eval "Time"=strftime(_time, "%m/%d/%Y:%H:%M:%S") | streamstats window=5 avg(Peak_IPV4) as Avg_IPv4_Count, avg(Peak_IPV6) as Avg_IPv6_Count, avg(Peak_Total) as Avg_Total_Count | sort _time | rename IPV4_COUNT as "IPv4 Count", IPV6_COUNT as "IPv6 Count", TOTAL_COUNT as "Total Count" | table "Time", "IPv4 Count", "IPv6 Count", "Total Count"</query> <earliest>-365d@d</earliest> <latest>now</latest> <sampleRatio>1</sampleRatio> </search> <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option> <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option> <option name="charting.axisTitleX.visibility">visible</option> <option name="charting.axisTitleY.visibility">visible</option> <option name="charting.axisTitleY2.visibility">visible</option> <option name="charting.axisX.abbreviation">none</option> <option name="charting.axisX.scale">linear</option> <option name="charting.axisY.abbreviation">none</option> <option name="charting.axisY.scale">linear</option> <option name="charting.axisY2.abbreviation">none</option> <option name="charting.axisY2.enabled">0</option> <option name="charting.axisY2.scale">inherit</option> <option name="charting.chart">line</option> <option name="charting.chart.bubbleMaximumSize">50</option> <option name="charting.chart.bubbleMinimumSize">10</option> <option name="charting.chart.bubbleSizeBy">area</option> <option name="charting.chart.nullValueMode">gaps</option> <option name="charting.chart.showDataLabels">none</option> <option name="charting.chart.sliceCollapsingThreshold">0.01</option> <option name="charting.chart.stackMode">default</option> <option name="charting.chart.style">shiny</option> <option name="charting.drilldown">none</option> <option name="charting.layout.splitSeries">0</option> <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option> <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option> <option name="charting.legend.mode">standard</option> <option name="charting.legend.placement">right</option> <option name="charting.lineWidth">2</option> <option name="trellis.enabled">0</option> <option name="trellis.scales.shared">1</option> <option name="trellis.size">medium</option> </chart> </panel> </row> <row> <panel> <table> <title>Total DNS Zones</title> <search> <query>sourcetype=ib:dns:view index=ib_ipam | eval TotalZones=zones_forward+zones_ipv4+zones_ipv6 | stats sum(TotalZones) as TotalZones</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="drilldown">none</option> </table> </panel> </row> <row> <panel> <table> <title>DHCP Lease Counts - Last 30 Days</title> <search> <query>sourcetype=ib:dhcp:lease_history index=ib_dhcp_lease_history earliest=-30d dhcpd OR dhcpdv6 r-l-e | rename ACTION as "Action" | stats count(eval(Action="Issued")) AS ISSUED, count(eval(Action="Reserved")) AS RESERVED, count(eval(Action="Abandoned")) AS ABANDONED, count(eval(Action="Freed")) AS Freed, count(eval(Action="Renewed")) AS RENEWED, count(eval(Action="Fixed")) AS FIXED</query> <latest>now</latest> </search> <option name="drilldown">none</option> </table> </panel> </row> <row> <panel> <table> <title>DNS Query Count - Last 30 Days</title> <search> <query>index=ib_dns sourcetype=ib:dns:query:by_member | bucket _time |stats sum(QCOUNT) as QCOUNT | rename QCOUNT as "Query Total"</query> <earliest>-30d@d</earliest> <latest>now</latest> </search> <option name="drilldown">none</option> </table> </panel> </row> <row> <panel> <table> <title>Reporting Disk Utilization</title> <search> <query>| rest /services/server/status/partitions-space | eval free = if(isnotnull(available), available, free) | eval usage = capacity - free | eval pct_usage = floor(usage / capacity * 100) | stats first(fs_type) as fs_type first(capacity) as capacity first(usage) as usage first(pct_usage) as pct_usage by mount_point | eval usage=round(usage / 1024, 2) | eval capacity=round(capacity / 1024, 2) | rename mount_point as "Mount Point", fs_type as "File System Type", usage as "Usage (GB)", capacity as "Capacity (GB)", pct_usage as "Usage (%)"</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="drilldown">none</option> </table> </panel> </row> <row>
<panel>
<table>
<title>Total Allocated IP Addresses</title>
<search>
<query>index=ib_ipam sourcetype=ib:ipam:network | eval dedup_key=view."/".address."/".cidr | dedup dedup_key, address | stats sum(address_alloc) as "IP addresses" | fillnull value=0</query>
<earliest>@d</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">20</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">none</option>
<option name="percentagesRow">false</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
</table>
</panel>
</row> <row> <panel> <table> <title>Total Number of Discovered IP Addresses (requires Discovery)</title> <search> <query>source=ib:ipam:ip_address_inventory index=ib_ipam | sort 0 -_time, +ip(ip_address) | fillnull value="" | dedup network_view ip_address | stats count(ip_address) as IPADDRCOUNT</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="drilldown">none</option> </table> </panel> </row> <row> <panel> <table> <title>Total Number of Discovered Networks (requires Discovery)</title> <search> <query>sourcetype=ib:ipam:network index=ib_ipam | sort 0 -_time, +ip(address) | fillnull value="" | dedup view address cidr | stats count(address) as NETWORKCOUNT</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="drilldown">none</option> </table> </panel> </row> <row> <panel> <title>Discovered Device Type Count (requires Discovery)</title> <table> <search> <query>source=ib:discovery:device_inventory index=ib_discovery | dedup ip_address | eval last_seen=strftime(last_seen,"%Y-%m-%d %H:%M:%S") | eval first_seen=strftime(first_seen,"%Y-%m-%d %H:%M:%S") | stats count by device_type</query> <earliest>0</earliest> <sampleRatio>1</sampleRatio> </search> <option name="count">20</option> <option name="dataOverlayMode">none</option> <option name="drilldown">none</option> <option name="percentagesRow">false</option> <option name="rowNumbers">false</option> <option name="totalsRow">false</option> <option name="wrap">true</option> </table> </panel> </row> <row> <panel> <title>DHCP Usage - Last 365 Days (Requires 8.5+)</title> <chart> <search> <query>index=ib_usage_count report=si_usage_count_member_dhcp_lps_trend_per_5days | stats max(LCOUNT) as stats_COUNT by _time | sort _time | streamstats window=5 avg(stats_COUNT) as Peak_LPM | eval Date=strftime(_time, "%a %b %e"),"5-Day Average Peak LPS"=round((Peak_LPM/60),3) | table Date, "5-Day Average Peak LPS"</query> <earliest>-365d@d</earliest> <latest>now</latest> <sampleRatio>1</sampleRatio> </search> <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option> <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option> <option name="charting.axisTitleX.visibility">visible</option> <option name="charting.axisTitleY.visibility">visible</option> <option name="charting.axisTitleY2.visibility">visible</option> <option name="charting.axisX.abbreviation">none</option> <option name="charting.axisX.scale">linear</option> <option name="charting.axisY.abbreviation">none</option> <option name="charting.axisY.scale">linear</option> <option name="charting.axisY2.abbreviation">none</option> <option name="charting.axisY2.enabled">0</option> <option name="charting.axisY2.scale">inherit</option> <option name="charting.chart">line</option> <option name="charting.chart.bubbleMaximumSize">50</option> <option name="charting.chart.bubbleMinimumSize">10</option> <option name="charting.chart.bubbleSizeBy">area</option> <option name="charting.chart.nullValueMode">gaps</option> <option name="charting.chart.showDataLabels">none</option> <option name="charting.chart.sliceCollapsingThreshold">0.01</option> <option name="charting.chart.stackMode">default</option> <option name="charting.chart.style">shiny</option> <option name="charting.drilldown">none</option> <option name="charting.layout.splitSeries">0</option> <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option> <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option> <option name="charting.legend.mode">standard</option> <option name="charting.legend.placement">right</option> <option name="charting.lineWidth">2</option> <option name="trellis.enabled">0</option> <option name="trellis.scales.shared">1</option> <option name="trellis.size">medium</option> </chart> </panel> </row> <row> <panel> <title>DNS kQPS Usage - Last 365 Days (requires 8.5+)</title> <chart> <search> <query>index=ib_usage_count report=si_usage_count_member_qps_trend_per_5days | stats max(QCOUNT) as stats_COUNT by _time |eval stats_COUNT = stats_COUNT/1000 | sort _time | streamstats window=5 avg(stats_COUNT) as Peak_QPM | eval Date=strftime(_time, "%a %b %e"),"5-Day Average Peak kQPS"=round((Peak_QPM/60),3) | table Date, "5-Day Average Peak kQPS"</query> <earliest>-365d@d</earliest> <latest>now</latest> <sampleRatio>1</sampleRatio> </search> <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option> <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option> <option name="charting.axisTitleX.visibility">visible</option> <option name="charting.axisTitleY.visibility">visible</option> <option name="charting.axisTitleY2.visibility">visible</option> <option name="charting.axisX.abbreviation">none</option> <option name="charting.axisX.scale">linear</option> <option name="charting.axisY.abbreviation">none</option> <option name="charting.axisY.scale">linear</option> <option name="charting.axisY2.abbreviation">none</option> <option name="charting.axisY2.enabled">0</option> <option name="charting.axisY2.scale">inherit</option> <option name="charting.chart">line</option> <option name="charting.chart.bubbleMaximumSize">50</option> <option name="charting.chart.bubbleMinimumSize">10</option> <option name="charting.chart.bubbleSizeBy">area</option> <option name="charting.chart.nullValueMode">gaps</option> <option name="charting.chart.showDataLabels">none</option> <option name="charting.chart.sliceCollapsingThreshold">0.01</option> <option name="charting.chart.stackMode">default</option> <option name="charting.chart.style">shiny</option> <option name="charting.drilldown">none</option> <option name="charting.layout.splitSeries">0</option> <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option> <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option> <option name="charting.legend.mode">standard</option> <option name="charting.legend.placement">right</option> <option name="charting.lineWidth">2</option> <option name="trellis.enabled">0</option> <option name="trellis.scales.shared">1</option> <option name="trellis.size">medium</option> </chart> </panel> </row> <row> <panel> <title>IP Address Usage - Last 365 Days (requires 8.5+)</title> <chart> <search> <query>index=ib_usage_count report=si_ipam_usage_count_address_usage_trend_per_5days | streamstats window=5 avg(IPV4_COUNT) as Peak_IPV4, avg(IPV6_COUNT) as Peak_IPV6, avg(TOTAL_COUNT) as Peak_TOTAL | sort _time | eval Date=strftime(_time, "%a %b %e"), "5-Day Avg IPv4 Count"=round(Peak_IPV4,0), "5-Day Avg IPv6 Count"=round(Peak_IPV6,0), "5-Day Avg Total Count"=round(Peak_TOTAL,0) | dedup the_date | table Date, "5-Day Avg IPv4 Count","5-Day Avg IPv6 Count","5-Day Avg Total Count" </query> <earliest>-365d@d</earliest> <latest>now</latest> <sampleRatio>1</sampleRatio> </search> <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option> <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option> <option name="charting.axisTitleX.visibility">visible</option> <option name="charting.axisTitleY.visibility">visible</option> <option name="charting.axisTitleY2.visibility">visible</option> <option name="charting.axisX.abbreviation">none</option> <option name="charting.axisX.scale">linear</option> <option name="charting.axisY.abbreviation">none</option> <option name="charting.axisY.scale">linear</option> <option name="charting.axisY2.abbreviation">none</option> <option name="charting.axisY2.enabled">0</option> <option name="charting.axisY2.scale">inherit</option> <option name="charting.chart">line</option> <option name="charting.chart.bubbleMaximumSize">50</option> <option name="charting.chart.bubbleMinimumSize">10</option> <option name="charting.chart.bubbleSizeBy">area</option> <option name="charting.chart.nullValueMode">gaps</option> <option name="charting.chart.showDataLabels">none</option> <option name="charting.chart.sliceCollapsingThreshold">0.01</option> <option name="charting.chart.stackMode">default</option> <option name="charting.chart.style">shiny</option> <option name="charting.drilldown">none</option> <option name="charting.layout.splitSeries">0</option> <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option> <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option> <option name="charting.legend.mode">standard</option> <option name="charting.legend.placement">right</option> <option name="charting.lineWidth">2</option> <option name="trellis.enabled">0</option> <option name="trellis.scales.shared">1</option> <option name="trellis.size">medium</option> </chart> </panel> </row> </dashboard>

 

@DaveSignori

Re: Value Metrics Dashboard

New Member
Posts: 1
8376     2

Test message

Re: Value Metrics Dashboard

Moderator
Moderator
Posts: 32
8376     2

I just updated the XML so that the hostnames would not be displayed in the first two report panels.

 

Dave

@DaveSignori

Re: Value Metrics Dashboard

Techie
Posts: 6
8376     2

Awsome job Dave Smiley Happy

Re: Value Metrics Dashboard

Techie
Posts: 6
8376     2

Can I please have a sugestion; bellow the Reporting Disk Utilization insert a graph with daily license utilization, or % of Indexed data usage for the day ?

Re: Value Metrics Dashboard

Moderator
Moderator
Posts: 32
8376     2

Hi Lorand-Zajzon,

 

There is an out-of-box report & dashboard that will provide that information.  See the following under your Reporting menu option in NIOS:

  • “Reporting Index Usage Statistics” report that provides Volume(in MB) for every index used per day
  • “Reporting License Usage” dashboard provides visibility into license usage per day (in MB)

Dave

@DaveSignori

Re: Value Metrics Dashboard

New Member
Posts: 2
8376     2

Hi Dave How would we GET any or all those reports ported into Service-Now via rest api.??

Re: Value Metrics Dashboard

Moderator
Moderator
Posts: 32
8376     2

Just updated the Dashboard shortening up the duration of the following two reports.  This will make the Dashboard run more quickly:

DNS Daily Peak Hour Query Rate by Member from Last 365 Days to 30 Days

DNS Query Rate by Member from Last 30 Days to 7 Days.

 

Dave

@DaveSignori

Re: Value Metrics Dashboard

[ Edited ]
Techie
Posts: 5
8376     2

Team:

 

Can someone help me add a section to the Value Metrics Dashboard or columns to the Device Inventory Dashboard to reflect what devices have been discovered via SNMPv2 vs Devices discovered via SNMPv3? 

After thought, why not ask:  It would also be helpful to display a column on encryption methods used like SHA, MD5 or DES or 3DES.

 

Reply appreciated.

Re: Value Metrics Dashboard

Authority
Posts: 15
8376     2

Fantastic work on this dashboard, Dave!

Re: Value Metrics Dashboard

New Member
Posts: 1
8376     2

Thanks, Ross.  Couldn't have done it without help from Steve Salo and Sanjeev Manurkar.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You