Merge pull request #65 from guilhemmarchand/version_116

Version 1.1.6

docs/releasenotes.rst

@@ -1,6 +1,20 @@
 Release notes
 #############
 
+Version 1.1.6
+=============
+
+- feature: Introducing the SLA compliance reporting dashboard and features, providing analytic over the level of compliance based on the time objects have spent in red state (flipping mode detection)
+- feature: Allows entering an update note for logging and notification purposes when a modification a KVstore entry is made via the UI
+- feature: Regular expression support for data sources and host blacklisting entries
+- feature: Pretty parse and print json objects in audit changes
+- feature: Provides index and host blacklisting features for metric hosts monitoring
+- feature: New tracker "TrackMe - Audit change notification tracker" which is due to be used for dedicated team work for updates notification (Slack...)
+- change: Increase default retention for flipping states KVstore collection from 3 months to 6 months
+- fix: Provides KVstore entry modification window for entity deletion to allow note update
+- fix: Blue state icon will not show up in flipping status tab
+- fix: Improvements in initial discovery detection for flipping status and SLA calculation purposes
+
 Version 1.1.5
 =============
 

docs/userguide.rst

@@ -334,6 +334,16 @@ Whitelisting & Blacklisting features
    :alt: blacklist_btns.png
    :align: center
 
+*The following type of blacklisting entries are supported:**
+
+- explicit names, example: ``dev001``
+- wildcards, example: ``dev-*``
+- regular expressions, example: ``(?i)dev-.*``
+
+*regular expressions are supported starting version 1.1.6.*
+
+*metric_category blacklisting for metric hosts supports explicit blacklist only.*
+
 **Adding or removing a blacklist item if performed entirely and easily within the UI:**
 
 .. image:: img/blacklist_example.png
@@ -666,3 +676,32 @@ Connected experience dashboard for Splunk Mobile & Apple TV
    :align: center
 
 This dashboard is exported to the system, to be made available to Splunk Cloud Gateway.
+
+Team working with trackMe alerts and audit changes flow tracker
+===============================================================
+
+**Nowadays it is very convenient to have team workspaces (Slack, Webex Teams, MS-Teams...) where people and applications can interact.**
+
+Fortunately, Splunk with alert actions and addon extensions allows interacting with any kind of platform, TrackMe makes it very handy with the following alerts:
+
+*Out of the box alerts can be communicating when potential issues data sources, hosts or metric hosts are detected:*
+
+- TrackMe - Alert on data source availability
+- TrackMe - Alert on data host availability
+- TrackMe - Alert on metric host availability
+
+*In addition, the notification change tracker allows sharing automatically updates performed by administrators, which could be sent to a dedicated channel:*
+
+- TrackMe - Audit change notification tracker
+
+**Example in a Slack channel:**
+
+.. image:: img/slack_audit_change_flow.png
+   :alt: slack_audit_change_flow.png
+   :align: center
+
+*For Slack integration, see*
+
+- https://splunkbase.splunk.com/app/2878
+
+Many more integration are available on Splunk Base.

trackme/default/app.conf

@@ -16,4 +16,4 @@ label = TrackMe
 [launcher]
 author = Guilhem Marchand
 description = Easy data tracking system for Splunk admins
-version = 1.1.5
+version = 1.1.6

trackme/default/collections.conf

@@ -85,6 +85,16 @@ replicate = false
 # blacklisting for metric host monitoring
 #
 
+# metric host
+[kv_trackme_metric_host_monitoring_blacklist_host]
+replicate = false
+
+# metric index
+[kv_trackme_metric_host_monitoring_blacklist_index]
+replicate = false
+
+# metric category
+
 [kv_trackme_metric_host_monitoring_blacklist_metric_category]
 replicate = false
 

trackme/default/data/ui/nav/default.xml

@@ -1,6 +1,7 @@
 <nav search_view="search" color="#404040">
   <view name="TrackMe" default="true" />
   <view name="trackMe_summary" />
+  <a href="trackMe_qos">TrackMe QOS</a>
   <a href="TrackMe_manage">TrackMe manage and configure</a>
   <collection label="Search">
     <view name="search" />
@@ -33,6 +34,8 @@
       <a href="search?q=%7C%20inputlookup%20trackme_metric_lagging_definition%20%7C%20eval%20keyid%3D_key">Metric lagging definition</a>
       <collection label="Whitelist &amp; Blacklists">
         <a href="search?q=%7C%20inputlookup%20trackme_data_host_monitoring_whitelist_index%20%7C%20eval%20keyid%3D_key">Whitelist indexes</a>
+        <a href="search?q=%7C%20inputlookup%20trackme_metric_host_monitoring_blacklist_index%20%7C%20eval%20keyid%3D_key">Blacklist indexes</a>
+        <a href="search?q=%7C%20inputlookup%20trackme_metric_host_monitoring_blacklist_host%20%7C%20eval%20keyid%3D_key">Blacklist hosts</a>
         <a href="search?q=%7C%20inputlookup%20trackme_metric_host_monitoring_blacklist_metric_category%20%7C%20eval%20keyid%3D_key">Blacklist Metric categories</a>
       </collection>
     </collection>

trackme/default/data/ui/views/trackMe_qos.xml

@@ -0,0 +1,154 @@
+<form>
+  <label>TrackMe - Quality Of Service Auditing - SLA compliance reporting</label>
+  <description>The SLA percentage represents the percentage of time an object has spent in green state, which complies with monitoring rules and quality of service</description>
+
+  <search id="baseSearch">
+    <query>| `trackme_get_sla($object_category$,$object$,$object_freetext$,$priority$)`</query>
+    <earliest>-24h@h</earliest>
+    <latest>now</latest>
+  </search>
+
+  <search id="percent_main" base="baseSearch">
+    <query>| where percent_sla&gt;0
+| stats avg(percent_sla) as average_percent_sla by object_category</query>
+    <earliest>-24h@h</earliest>
+    <latest>now</latest>
+  </search>
+
+  <fieldset submitButton="false"></fieldset>
+
+  <row>
+    <panel depends="$show_single_data_source$">
+      <single>
+        <search base="percent_main">
+          <query>where object_category="data_source" | fields average_percent_sla</query>
+        </search>
+        <option name="colorMode">none</option>
+        <option name="drilldown">none</option>
+        <option name="numberPrecision">0.00</option>
+        <option name="rangeColors">["0xdc4e41","0xf1813f","0x53a051"]</option>
+        <option name="rangeValues">[50,90]</option>
+        <option name="refresh.display">progressbar</option>
+        <option name="underLabel">data_source SLA percentage (average percentage spent in green state)</option>
+        <option name="unit">%</option>
+        <option name="useColors">1</option>
+      </single>
+    </panel>
+    <panel depends="$show_single_data_host$">
+      <single>
+        <search base="percent_main">
+          <query>where object_category="data_host" | fields average_percent_sla</query>
+        </search>
+        <option name="colorMode">none</option>
+        <option name="drilldown">none</option>
+        <option name="numberPrecision">0.00</option>
+        <option name="rangeColors">["0xdc4e41","0xf1813f","0x53a051"]</option>
+        <option name="rangeValues">[50,90]</option>
+        <option name="refresh.display">progressbar</option>
+        <option name="underLabel">data_host SLA percentage (average percentage spent in green state)</option>
+        <option name="unit">%</option>
+        <option name="useColors">1</option>
+      </single>
+    </panel>
+    <panel depends="$show_single_metric_host$">
+      <single>
+        <search base="percent_main">
+          <query>where object_category="metric_host" | fields average_percent_sla</query>
+        </search>
+        <option name="colorMode">none</option>
+        <option name="drilldown">none</option>
+        <option name="numberPrecision">0.00</option>
+        <option name="rangeColors">["0xdc4e41","0xf1813f","0x53a051"]</option>
+        <option name="rangeValues">[50,90]</option>
+        <option name="refresh.display">progressbar</option>
+        <option name="underLabel">metric_host SLA percentage (average percentage spent in green state)</option>
+        <option name="unit">%</option>
+        <option name="useColors">1</option>
+      </single>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <title>Drilldown info: click on a row to open detailed history of this object</title>
+      <input type="dropdown" token="object_category" searchWhenChanged="true">
+        <label>object_category</label>
+        <choice value="*">ANY</choice>
+        <choice value="data_source">data_source</choice>
+        <choice value="data_host">data_host</choice>
+        <choice value="metric_host">metric_host</choice>
+        <default>*</default>
+        <initialValue>*</initialValue>
+        <change>
+          <condition value="data_source">
+            <set token="show_single_data_source">true</set>
+            <unset token="show_single_data_host"></unset>
+            <unset token="show_single_metric_host"></unset>
+          </condition>
+          <condition value="data_host">
+            <unset token="show_single_data_source"></unset>
+            <set token="show_single_data_host">true</set>
+            <unset token="show_single_metric_host"></unset>
+          </condition>
+          <condition value="metric_host">
+            <unset token="show_single_data_source"></unset>
+            <unset token="show_single_data_host"></unset>
+            <set token="show_single_metric_host">true</set>
+          </condition>
+          <condition value="*">
+            <set token="show_single_data_source">true</set>
+            <set token="show_single_data_host">true</set>
+            <set token="show_single_metric_host">true</set>
+          </condition>
+        </change>
+      </input>
+      <input type="text" token="object_freetext" searchWhenChanged="true">
+        <label>object: (free text filter)</label>
+        <default>*</default>
+        <initialValue>*</initialValue>
+      </input>
+      <input type="dropdown" token="object" searchWhenChanged="true">
+        <label>object</label>
+        <fieldForLabel>object</fieldForLabel>
+        <fieldForValue>object</fieldForValue>
+        <search>
+          <query>| `trackme_get_sla_root`
+| where isnotnull(monitored_state) AND monitored_state="enabled" AND last_time_seen&gt;=relative_time(now(), "-15d@d")
+| search object_category=$object_category$ object=$object_freetext$
+| stats count by object
+| dedup object
+| sort limit=0 object</query>
+        </search>
+        <choice value="*">ANY</choice>
+        <default>*</default>
+        <initialValue>*</initialValue>
+      </input>
+      <input type="dropdown" token="priority" searchWhenChanged="true">
+        <label>priority</label>
+        <choice value="*">ANY</choice>
+        <choice value="low">low</choice>
+        <choice value="medium">medium</choice>
+        <choice value="high">high</choice>
+        <default>*</default>
+        <initialValue>*</initialValue>
+      </input>
+      <table>
+        <search base="baseSearch">
+          <query></query>
+        </search>
+        <option name="count">20</option>
+        <option name="drilldown">row</option>
+        <format type="color" field="percent_sla">
+          <colorPalette type="list">[#ff6961,#ff6961,#ffb347,#77dd77]</colorPalette>
+          <scale type="threshold">0,75,90</scale>
+        </format>
+        <drilldown>
+          <link target="_blank">
+  <![CDATA[
+/app/trackme/search?q=| `trackme_get_sla($row.object$,$row.object_category$)`
+  ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>