Skip to content
This repository has been archived by the owner on Feb 3, 2023. It is now read-only.

Commit

Permalink
Merge pull request #47 from guilhemmarchand/version_1031
Browse files Browse the repository at this point in the history 
Version 1031
  • Loading branch information
@guilhemmarchand
guilhemmarchand committed Nov 26, 2019
2 parents 8c357fc + 8d500af commit 1add670
Show file tree
Hide file tree
Showing 6 changed files with 199 additions and 10 deletions.
7 changes: 7 additions & 0 deletions docs/releasenotes.rst
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,13 @@
Release notes
#############

Version 1.0.31
==============

- fix: Regression in flipping state introduced by metric implementation, does not trigger anymore for events indexes
- feature: Add auditing view to report on application scheduling search workload
- feature: Nav menus re-organized

Version 1.0.30
==============

Expand Down
2 changes: 1 addition & 1 deletion trackme/default/app.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,4 @@ label = TrackMe
[launcher]
author = Guilhem Marchand
description = Easy data tracking system for Splunk admins
version = 1.0.30
version = 1.0.31
17 changes: 11 additions & 6 deletions trackme/default/data/ui/nav/default.xml
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,15 @@
<nav search_view="search" color="#404040">
<view name="TrackMe" default="true" />
<view name="trackMe_summary" />
<view name="search" />
<view name="analysis_workspace" />
<view name="datasets" />
<view name="reports" />
<view name="alerts" />
<view name="dashboards" />
<collection label="Search">
<view name="search" />
<view name="reports" />
<view name="dashboards" />
<view name="alerts" />
<view name="analysis_workspace" />
</collection>
<collection label="Audit">
<a href="trackMe_internal_scheduling">Audit scheduling</a>
</collection>
<a href="search">Run a search</a>
</nav>
176 changes: 176 additions & 0 deletions trackme/default/data/ui/views/trackMe_internal_scheduling.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,176 @@
<form>
<label>TrackMe - Internal scheduling audit</label>
<!-- main search for scheduling cost -->
<search id="scheduling_mainsearch">
<query>index=_internal host="*" source=*scheduler.log status="*" NOT (status="continued" OR status=delegated*) trackme app="trackme"
| timechart span=1d avg(run_time) AS avg_run_time, max(run_time) AS max_run_time, sum(run_time) AS sum_run_time
| stats avg(avg_run_time) AS avg_run_time, avg(max_run_time) AS max_run_time, avg(sum_run_time) AS sum_run_time</query>
<earliest>-24h</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<search id="scheduling_table">
<query>index=_internal host="*" source=*scheduler.log status="*" AND status!="continued" trackme app="trackme" savedsearch_name="TrackMe - *"
| stats avg(run_time) AS avg_run_time, max(run_time) AS max_run_time, latest(run_time) AS latest_run_time, max(_time) AS "last_run (dd/mm/YYYY H:M:S)" by app,savedsearch_name
| append [ | rest splunk_server=local /servicesNS/-/trackme/saved/searches | search eai:acl.app="trackme" title="TrackMe - *" is_visible=1 | fields eai:acl.app, title, cron_schedule, schedule_window, disabled, next_scheduled_time | sort limit=0 title | rename eai:acl.app as app, title as savedsearch_name ]
| stats first(*) as "*" by app, savedsearch_name
| eval "last_run (dd/mm/YYYY H:M:S)"=strftime('last_run (dd/mm/YYYY H:M:S)', "%d/%m/%Y %H:%M:%S")
| foreach *_run_time [ eval &lt;&lt;FIELD&gt;&gt;=round('&lt;&lt;FIELD&gt;&gt;', 2) ]
| sort - avg_run_time | rename savedsearch_name AS "report (savedsearch_name)"
| eval duration_avg=tostring(avg_run_time, "duration"), duration_max=tostring(max_run_time, "duration"), duration_latest=tostring(latest_run_time, "duration")
| eval "Avg run time (seconds / duration)" = avg_run_time + " sec / " + duration_avg + " (HH:MM:SSS)"
| eval "Max run time (seconds / duration)" = max_run_time + " sec / " + duration_avg + " (HH:MM:SSS)"
| eval "Latest run time (seconds / duration)" = latest_run_time + " sec / " + duration_avg + " (HH:MM:SSS)"
| fields app,report*,Avg*,Max*,Latest*,"last_run (dd/mm/YYYY H:M:S)", avg_run_time, cron_schedule, disabled, next_scheduled_time, schedule_window</query>
<earliest>$timerange_scheduled.earliest$</earliest>
<latest>$timerange_scheduled.latest$</latest>
</search>
<fieldset submitButton="false"></fieldset>
<row>
<panel>
<title>Scheduling summary</title>
<single>
<search>
<query>index=_internal host="*" source=*scheduler.log status="*" NOT (status="continued" OR status=delegated*) trackme app="trackme"
| bucket _time span=5m
| stats count AS count by _time
| stats avg(count) AS avg_scheduled_per_5min</query>
<earliest>-24h</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="colorBy">value</option>
<option name="colorMode">none</option>
<option name="drilldown">all</option>
<option name="numberPrecision">0</option>
<option name="rangeColors">["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"]</option>
<option name="rangeValues">[0,30,70,100]</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="underLabel">AVERAGE NUMBER OF SCHEDULED SEARCHED PER 5 MIN</option>
<option name="unit">Scheduled searches / 5 min</option>
<option name="unitPosition">after</option>
<option name="useColors">0</option>
<option name="useThousandSeparators">1</option>
</single>
<single>
<search base="scheduling_mainsearch">
<query>fields avg_run_time</query>
</search>
<option name="colorBy">value</option>
<option name="colorMode">none</option>
<option name="drilldown">all</option>
<option name="numberPrecision">0.00</option>
<option name="rangeColors">["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"]</option>
<option name="rangeValues">[0,30,70,100]</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="underLabel">AVERAGE RUN TIME PER DAY</option>
<option name="unit">sec</option>
<option name="unitPosition">after</option>
<option name="useColors">0</option>
<option name="useThousandSeparators">1</option>
</single>
<single>
<search base="scheduling_mainsearch">
<query>fields max_run_time</query>
</search>
<option name="colorBy">value</option>
<option name="colorMode">none</option>
<option name="drilldown">all</option>
<option name="numberPrecision">0.00</option>
<option name="rangeColors">["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"]</option>
<option name="rangeValues">[0,30,70,100]</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="underLabel">MAX RUN TIME PER DAY</option>
<option name="unit">sec</option>
<option name="unitPosition">after</option>
<option name="useColors">0</option>
<option name="useThousandSeparators">1</option>
</single>
<single>
<search base="scheduling_mainsearch">
<query>fields sum_run_time</query>
</search>
<option name="colorBy">value</option>
<option name="colorMode">none</option>
<option name="drilldown">all</option>
<option name="numberPrecision">0.00</option>
<option name="rangeColors">["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"]</option>
<option name="rangeValues">[0,30,70,100]</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="underLabel">AVERAGE SUM RUN TIME PER DAY</option>
<option name="unit">sec</option>
<option name="unitPosition">after</option>
<option name="useColors">0</option>
<option name="useThousandSeparators">1</option>
</single>
</panel>
</row>
<row>
<panel>
<title>Statistics per scheduled report</title>
<input type="time" token="timerange_scheduled" searchWhenChanged="true">
<label>Time Range:</label>
<default>
<earliest>-24h@h</earliest>
<latest>now</latest>
</default>
</input>
</panel>
</row>
<row>
<panel>
<title>Trackers - These scheduled reports are responsible for discovering and maintaining data states</title>
<chart>
<search base="scheduling_table">
<query>search "report (savedsearch_name)"="TrackMe - * tracker" | fields "report (savedsearch_name)", avg_run_time</query>
</search>
<option name="charting.chart">pie</option>
<option name="charting.drilldown">all</option>
</chart>
<table>
<search base="scheduling_table">
<query>search "report (savedsearch_name)"="TrackMe - * tracker" | sort "report (savedsearch_name)" | fields - avg_run_time</query>
</search>
<option name="count">100</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="rowNumbers">false</option>
<option name="wrap">true</option>
</table>
</panel>
</row>
<row>
<panel>
<title>Alerts &amp; Miscellaneous - Builtin alerts and various scheduled reports related to the application</title>
<chart>
<search base="scheduling_table">
<query>search "report (savedsearch_name)"="TrackMe -*" "report (savedsearch_name)"!="TrackMe - * tracker" | fields "report (savedsearch_name)", avg_run_time</query>
</search>
<option name="charting.chart">pie</option>
<option name="charting.drilldown">all</option>
</chart>
<table>
<search base="scheduling_table">
<query>search "report (savedsearch_name)"="TrackMe -*" "report (savedsearch_name)"!="TrackMe - * tracker" | sort "report (savedsearch_name)" | fields - avg_run_time</query>
</search>
<option name="count">100</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="rowNumbers">false</option>
<option name="wrap">true</option>
</table>
</panel>
</row>
</form>
7 changes: 4 additions & 3 deletions trackme/default/savedsearches.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -403,9 +403,10 @@ dispatch.latest_time = now
enableSched = 1
request.ui_dispatch_app = trackme
request.ui_dispatch_view = trackme
search = | inputlookup trackme_data_source_monitoring | where data_monitored_state="enabled"\
| inputlookup append=t trackme_host_monitoring | where data_monitored_state="enabled"\
| inputlookup append=t trackme_metric_host_monitoring | where metric_monitored_state="enabled"\
search = | inputlookup trackme_data_source_monitoring\
| inputlookup append=t trackme_host_monitoring\
| inputlookup append=t trackme_metric_host_monitoring\
| where (data_monitored_state="enabled" OR metric_monitored_state="enabled")\
| where (data_source_state!=data_previous_source_state) OR (data_host_state!=data_previous_host_state) OR (metric_host_state!=metric_previous_host_state)\
| eval time=case(isnotnull(data_tracker_runtime), data_tracker_runtime, isnotnull(metric_tracker_runtime), metric_tracker_runtime)\
| eval tracker_runtime=case(isnotnull(data_tracker_runtime), strftime(data_tracker_runtime, "%d/%m/%Y %H:%M:%S"), isnotnull(metric_tracker_runtime), strftime(metric_tracker_runtime, "%d/%m/%Y %H:%M:%S"))\
Expand Down
Binary file renamed trackme_1030.tgz → trackme_1031.tgz
View file
Binary file not shown.

0 comments on commit 1add670

Please sign in to comment.